Wifi mac security

Hi all,
and thanks in advance for your help.

I would like to ask some questions about Wifi Network 802.11b/g and 802.11i

Let s think we have a company that is giving access to its employees to an access point through an authentication key.
To connect internet then all the stations must pass through the access point.

I want to know:

- can i forward the packets from the access point to a monitor analyzed? are they decrypted?

- what can really do one station of the Wifi network trying to spy/sniff/steal info to another station?
I ask this because this malicious station have all the credential to be part of the network, so should it pass just the firewall of the second station to get into the other machine?

I would like to clarify this aspects.
7 answers Last reply
More about wifi security
  1. You can't forward the packets, but a monitor on the network will see the data anyway. They wireless data stays encrypted from wireless to wireless, if that data is sent out to the ethernet ports it's not using the WiFi encryption anymore.

    Since the data is wireless, any access point in range will pick up the signal, just like any radio will pick up the tower broadcast. The limiting factor is if that data can be read. The second question is a bit confusing, can't figure out what you mean by "pass the firewall". If it's inside the same network, it's not going to hit any firewalls obviously. A firewall prevents devices outside your network from getting in.
  2. ok i try to explain better the second question..making an example..

    there are 10 people that have all the credentials to be connected to a wifi network...because for instance they are in the same society and they works together.
    let s suppose one of this people have malicious intentions against the other components of the groups.
    what he really can do from its station-position?
    can it has remote access to other stations?
  3. I mean, which are the security preventions one station has against the others?

    How do u think i can solve, if present, some security problems?
    of course i think we should deal with the DLC layer
  4. If the user is a trusted user and just wants to do bad things, it all depends on how much rights his user account has on the other computers. The network does not care who uses it or what you do really. The security needs to be set on the computers.

    You secure the network to prevent unauthorized connections to it, you secure the computers to prevent unothorized use by people who are already on the local network.
  5. Can one STA1 spoof for instance the AP, and make the other STA2 think that STA1 is the AP?
  6. nicksca2002 said:
    Can one STA1 spoof for instance the AP, and make the other STA2 think that STA1 is the AP?

    As far as I know there is no software out there that will enable a computer to pretend it's an Access Point as far as re-directing user's to it.
Ask a new question

Read More

Configuration Security WiFi Macintosh Wireless Networking