This isn't really related to bridging. If your machine connects to an access point (rogue) and that person behind that access point roots your box, and you also are connected via LAN, that person has access to your LAN without physical building access. No, I don't think it would be very common, but they are subject to many audits, as they are subject to PCI audits, HIPPA and SOX, so lots of odd things come up. :)
They do have NAC in corporate, but have hundreds of field offices, with VPNs back to corporate. Most of those locations are small and do not enjoy the same infrastructure. The simplest explanation I can think of is if you have ssh on, and I somehow get access via that on a wireless connection named link sys that your mac happily joined, and you are plugged into a network via Ethernet, with actively mounted fileshares, might not I be able to access those shares? As an FYI to any interested: Http://hints.macworld.com/article.php?story=20100305114751547 That seems to have more than enough of a starting point for me. Sent from my iPad On Oct 5, 2010, at 3:26 PM, Bart Silverstrim <[email protected]> wrote: > On 10/05/2010 03:06 PM, Scott Lewis wrote: >> I've just been asked by a client about disabling airport automatically >> when a ethernet cable is plugged in. Their concern is they use a >> hardened wifi system (I didn't ask but I'm assuming cisco aeronet, >> since they are a big cisco shop) but wish to permit laptop users to >> access other access points for travel use, etc. They are concerned >> with a mac laptop hooking onto a rogue access point while connected >> via ethernet as well, effectively allowing a would be hacker onto the >> network, should they compromise the laptop while its connected. >> >> They are mostly windows, and had found a third party tool to accomplish this. > > I think I'm misunderstanding something... > > They're afraid that...what, a rogue access point would have access to their > wired network if it connects to both? Wouldn't the OS X system have to have > bridging/sharing set up for that to work? > > And what third party tool are they talking about? > > If they're running Cisco equipment I believe many of them can detect and > report rogue WAPs in range of their own wireless equipment. > > Probably the best thing to do is educate users to shut off the airport when > using wired connections. Set the wireless icon to appear in finder (if it's > not already), click it, and click to turn it off. > > I don't know of a setting that will automatically turn it off but I'm still > wondering how it would automatically share the connection. I'm pretty sure it > has to be configured/initiated by the user, and if they're company laptops, > you might be able to lock that out using the tools in OS X Server's managed > client settings. > _______________________________________________ > MacOSX-admin mailing list > [email protected] > http://www.omnigroup.com/mailman/listinfo/macosx-admin _______________________________________________ MacOSX-admin mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-admin
