paullson Posted April 26, 2019 Posted April 26, 2019 Hey everyone, The school I work for has a cybersecurity camp every summer. The department that throws the camp recently purchased some Pineapple Nanos. Our concern is more advanced students that would rather pentest our campus wireless network instead of using the environment they're supposed to be working on. I haven't really dug into the device itself yet, just been looking for any documentation on limiting what the devices are capable of, it would be great if I could blacklist an SSID on the units so that they won't allow users to spoof our campus network. Other than that my only other idea is to take down the APs in the area's where the students will be using the devices but that would just create more issues. Any insight would be greatly appreciated!
user14414 Posted April 27, 2019 Posted April 27, 2019 A factory reset can be done quickly and easily on Wifi Pineapple, so any determined student can do that in no time. Correct me if I'm wrong, but blacklisting anything on the device itself wouldn't help much because of that. I'd rather focus on securing your wireless network and/or area of cybersec camp.
handletwo0nne Posted April 29, 2019 Posted April 29, 2019 Teaching the ethics behind cybersecurity is important. If students are going to abuse the device, especially against other students then it would make sense to restrict access to anyone caught abusing the device. While also encouraging the general student body to utilize services such as vpn, perhaps the university can provide a free vpn option for students and faculty. With that said, there are a myriad of legal and cool things that a pineapple can do that are not disruptive. That of course should be the academic focus. Some encouragement through things like hack-a-thons could even improve overall network security. Like a competition to establish a low cost vpn solution for the school. Wifi Nano is a great platform to begin development because it is a type of development environment too. Positives seem to outweigh negatives. Although a pineapple is a threat, an advanced user could easily create such attacks with their own hardware. Why would they need a pineapple, if they are that advanced; they probably know that...
PoSHMagiC0de Posted April 29, 2019 Posted April 29, 2019 I would not be afraid of the advanced students. If they were going to do something, it would have already been done or is being done and you have not noticed yet. You do not need a pineapple to do mana/karma attacks. What would worry me would be the non-advanced. The future script kiddies. The ones that are looking for hack-in-the-boxes without understanding how they work. Look out for those. Those are the ones that will cause the disruption not understanding what they are doing just they want to pwn you very fast. 😑
paullson Posted April 29, 2019 Author Posted April 29, 2019 Appreciate all the responses! I kind of figured there was no easy way to lock them down. Might just take down the APs in that area when they're experimenting with the Pineapples. The students are High School students that will be visiting our campus. If they're anything like I was when I was a kid they'll want to explore more than the lab provided to them if given the opportunity. Thanks again!
Recommended Posts
Archived
This topic is now archived and is closed to further replies.