Archive

Archive for May, 2009

Karmetasploit: Integrated Tools Lower Bar On Hacking Wireless Clients

May 25th, 2009

Metasploit Framework integrated with KARMA! Metasploit is most potent security penetration and exploit development platform, while KARMA is a potent Evil Twin (Honeypot) tool with attracts unassuming wireless clients. With this integrated tool, it is all the more easier to establish wireless connectivity with probing wireless clients and “Metasploit” them.

http://trac.metasploit.com/wiki/Karmetasploit

http://blog.trailofbits.com/karma/ Read more…

Wireless security , , , , , ,

For Secure WiFi, Focus on Addressing Building Block Vulnerabilities …

May 21st, 2009

… and Don’t Sweat Chasing Hacking Tool Signatures!

 

You feel pretty good and more secure when you receive that daily signature update from your anti-virus software. I feel the same and why not – anti-virus technology is fundamentally rooted in signature analysis. But don’t make the mistake of applying the same metric to wireless intrusion prevention system (WIPS). Wireless security fundamentally works differently from anti-virus software. Read more…

Wireless security , , , , ,

Web attack that poisons Google results gets worse

May 20th, 2009

If you did not know about this or if you did not get the latest, you really ought to read Bob McMillan’s article in Network World. This is a very sneaky and vicious attack and apparently growing like wildfire. They almost got me but being fleet of foot, I got away. :-)

Wireless security

DoT Regulation on Secure Use of WiFi

May 18th, 2009

The Department of Telecommunications (DoT), Govt. of India, has set a June 2009 deadline for complying with its regulation on WiFi security. Here’s a position paper that evaluates the DoT regulation and suggests best practices for secure use of WiFi.

Wireless security , , , ,

MiFi = WiFi on the move!

May 15th, 2009

Interesting gadget from Novatel/Verizon that lets you carry your WiFi hotspot with you. You can even share it with your friends. Check this out!

Wireless gadgets ,

Data Leakage in the Enterprise

May 13th, 2009

Today Network World released an interesting real-life case study of data leakage in the enterprise – refer to http://www.networkworld.com/news/2009/051109-data-leak-audit.html?page=1

The auditor found unencrypted confidential data being sent by internal employees through email & web communication (via the company’s firewall). While customers need to deploy Email & Web DLP systems to protect themselves against these risks they also need to worry about data leakage via wireless connectivity.

A recent study by AirTight found unencrypted Access Points connected to financial networks were leaking out confidential information regarding internal users & corporate IT network resources. Refer to http://www.airtightnetworks.com/home/resources/knowledge-center/financial-districts-scanning-report.html . Internal users can also connect to neighboring Wi-Fi networks and send confidential data (i.e. bypass the corporate security gateways).

This is an area where customers need to pay attention to make sure their corporate network is protected against data leakage via unsecured & unauthorized wirleess connectivity.

Sri Sundaralingam (VP, Product Management @ AirTight Networks)

Wireless security

Wireless Vulnerability Study of 7 Financial Districts’ Airspace Reveals Wi-Fi Security Risks

May 13th, 2009

You may want to take a look at AirTight’s scans of financial districts in 7 U.S. cities and London. Not a lot of  wireless security best practices being used in them. Find the landing page here: Financial Districts Scanning Report

Wireless security

Clarifying the WIDS/WIPS Jargon – Overlay, Integrated etc.

May 12th, 2009

These days, certain terms are often used to characterize Wireless Intrusion Detection/Prevention System (WIDS/WIPS) architectures – overlay and integrated being most commonly used and that too with variable meanings. This post explains what these terms mean or should mean to be consistent with fundamental underpinnings of WIDS/WIPS architectures and functions. Read more…

Wireless security , , ,

Intrusion prevention strategies for 11n

May 8th, 2009

Another article in the series by Joanie Wexler.

“There are several ways to scan your 802.11n air environment for nasty goings-on. At a glance, the options seem pretty straightforward. However, you need to look carefully under the hood to draw a true apples-to-apples comparison of the accuracy and cost of the various offerings.”

http://www.networkworld.com/newsletters/wireless/2009/033009wireless1.html?page=1

WLAN planning

WIPS Cost Comparisons

May 8th, 2009

Interesting article from Joanie Wexler on the real costs of adding wireless intrusion to your WLAN. She compares a similar configuraion from several vendors.

http://www.networkworld.com/newsletters/wireless/2009/042709wireless1.html

Wireless security, WLAN planning