When it comes to the management and security of wireless networks, I want a lot of things. I want new things, and I want legacy things that aren’t going away to get better. I want slick, I want fast and I want effective. I want powerful, feature-rich, and a say in what features are worth devoting UI resources to. I want it all, baby- and here’s my latest rant on the topic. You’re going to love this.
Before I drop the bomb, lets set the stage.
I had the privilege of hanging out with the fellows from 7signal at the recent Wireless Field Day 5 event, and seeing how they do WLAN RF health characterization, as well as getting a peek at what AirTight is up to. Being a long-time Cisco wireless customer, my mushy brain cant help but bring everything back to my vendor for comparison; but more on this in just a bit.
In my spare time, I’ve been having more fun than a person should be allowed to with the addicting Wi-Fi Pineapple (along with some tricks from the much-revered BackTrack Linux.) And at work, we’re gearing up for thousands of students to flood back into the dorms, which means Rogue Hunting Season is neigh. Put all this together and feed it into the “It’s Easy For Me To Demand Things From Other People That I Can’t Do” engine, and out pops the following wireless support and security gem:
Wouldn’t it be cool if…
- You could take one of your in-service APs and turn it into a virtual client that associates with other APs? (stay with me, I know you’ve heard this part before)
- Synthetic testing with said virtual client was possible: do my DHCP and RADIUS servers work? Can I reach the Internet? Can I reach other locations, from each of my SSIDs?
- The virtual client AP could report on nearby rogue networks, after I set a min threshold value, (getting closer to the money shot) and tell- Is the SSID open or protected?
- My virtual client could associate to the open SSIDs, and report back what the public IP is of the rogue? (I could find it then through MAC or ARP tables if on my own network- doesn’t need to be automated)
- Here’s the LAGNIAPPE, baby- If the rogue SSID was encrypted, I’d like my virtual client to execute Aircrack-NG, Reaver, Fern, or whatever. Somehow, the power of my management system harnessed to this virtual client/pen testing-mode AP would give me a big-assed, infinite dictionary from hell and lots of power to crack. Then I could go back to the “find the public IP” step, which to me is the ultimate and definitive “game over” versus a lot of wireside detection systems that are so-so with their success rates.
I know there are lots of ways to do “wireless support”, but I am enamored with the force-multiplying capabilities of a well-constructed virtual client mode for installed APs (as I imagine them working). I’ve been beating the drum for Cisco to consider basic virtual client functionality for years, to no avail.
But now I want even more- I want a “virtual client AP meets BackTrack Linux, and they have offspring” mode.
I’m not asking for too much, am I?