WDS Transparent Mode, DrayTek Inter-LAN Firewalls and some interesting observations!

A client required isolated networks for factory hardware but their infrastructure, many basic NetGear switches, did not support VLAN separation (my original hope was to use the DrayTek default gateway for inter-VLAN routing). This required some 'thinking outside of the box' and resulted in a design that made use of a DrayTek to isolate the … Continue reading WDS Transparent Mode, DrayTek Inter-LAN Firewalls and some interesting observations!

Controller based WiFi made easy (and cheaper) with Cisco Mobility Express

We're seeing a greater shift now more than ever toward wireless networking due to many factors: Laptops sacrificing Ethernet jacks in favour of maintaining a slim form factor Increases in IoT and BYOD where the demand for access to the network for users who traditionally only had their corporate laptop has now stretched to their … Continue reading Controller based WiFi made easy (and cheaper) with Cisco Mobility Express

Oversharing and its Consequences

Recently I spotted a post by satirical website, The Poke, in which a Twitter user shared her families humorous WiFi password in a screenshot. Clearly visible was the SSID. Would you realistically think that based on just the shared SSID someone would be able to find your house with no other information needed? Wigle.net allows … Continue reading Oversharing and its Consequences

Release the Kracken!

Got a WiFi baby monitor? Got a fancy WiFi kettle? Bought a smart TV with WiFi? How's that WiFi connection in the car working out for you? Because they are all very likely to be vulnerable to the KRACK (Key Reinstallation Attack) exploit: https://www.krackattacks.com/ The exploit allows an attacker within proximity of a wireless client or access point … Continue reading Release the Kracken!

Playing with a WiFi De-authenticator

Recently a colleague mentioned a small device he'd bought that can perform de-authentication attacks on wireless devices and cause all sorts of mischief - and given we both had an interest in security he loaned me this and I was amazed at how something so freely available and cheap could affect a wireless network in … Continue reading Playing with a WiFi De-authenticator

Preventing Rogue DHCP Servers and Machine to Machine Connectivity on Wireless Networks

A recent post looked at DHCP Snooping on a wired network, which uses a concept of trusted and untrusted ports whereby the genuine DHCP server or uplinks which a genuine DHCP offer could be sent across are marked as trusted, with all other links marked as untrusted. This is great at keeping a wired network secure, … Continue reading Preventing Rogue DHCP Servers and Machine to Machine Connectivity on Wireless Networks