This morning, I tweeted the message below without much context:
With the 280 character limit of Twitter (hard to believe it used to be 140), sometimes it’s difficult to fully express an idea or the context behind it and instead of trying to create a messy, multi-threaded tweet, I just left it there as food for thought. But here on my blog, I can elaborate further on why this situation stood out to me and how it applies to you, the reader, who’s most likely in an IT related role.
Client fingerprinting, in my opinion, is one of those features that many people don’t think about until they either need it, want it, or it’s broken. It’s not as sexy as other Wi-Fi security related topics such as 802.1X or micro segmentation and it’s certainly not going to prevent a client from operating correctly on the network if it’s not available (or can it?). However, it does help provide insight into your Wi-Fi client base which can be valuable in terms of knowing what device or devices are popular and making sure your Wi-Fi supports them well. Additionally, it is possible to tie access controls to clients by their device type which can affect what they are able to do on the network. With that said, it’s probably worth knowing how client devices are identified from their manufacturer down to the OS version and more importantly, the methods your Wi-Fi vendor uses to identify them. In this post, I’m going to discuss how client fingerprinting is done in general, how RUCKUS does it, and how one method of fingerprinting that we use today is changing due to security concerns.
It all started with an e-mail from a co-worker on a recent Saturday afternoon, shortly after we finished performing Windows updates on all of our servers. It read something like this:
“Syslog server’s C: drive ran out of space so I created an additional drive with 20GB of space and moved all of the logs to it.”
Now I’ve only been with this new company for 4 months now, but one of the first things I did when I began learning the network was to take a look at our syslog server to see how it was configured and for baselining how many logs in an hour and day were normal for our network. So when I saw that the drive ran out of space with the amount of syslogs normally generated per day, it immediately raised an alarm.
I recently made some changes to the setup of my home network. Instead of a Linksys E3200 wireless router providing both wired and wireless access to the LAN and Internet, I added a Cisco ASA 5505 and a Netgear GS108T switch to the mix. The network now looks like this: Continue reading
Ever watched the TV show Kitchen Nightmares featuring the chef, Gordon Ramsey? One of the best chefs in the world visited struggling restaurants for a week in an attempt to get them back on the right track. Overwhelmed by the sheer negligence of the restaurant owners, Gordon struggles to stay a couple of days let alone an entire week. Eventually, a breakthrough occurs and he’s able to just grin and bare it enough to get through the week just like many of us do regularly. Sound like a good show? I think I’ve got a better idea! Continue reading