Archive for July, 2009

WiFi Rogue AP: 5 Ways to (Mis)use It

July 28th, 2009


“The notion of a hard, crunchy exterior with a soft, chewy interior [Cheswick, 1990], only provides security if there is no way to get to the interior. Today, that may be unrealistic.”  What Firewalls Cannot Do, Firewalls and Internet security


Rogue APs are Access Points (APs) that are deployed in an enterprise network without the consent of the network administrator. In certain cases, the intent behind a Rogue AP may be benign – for example, an employee who wants to access the network from his favorite corner of the office. While in other cases, a Rogue AP can be deployed with a malicious intent – say, by an attacker or his accomplice.

 RogueAP: Extended Enterprise Cable

Sneaking in Rogue APs into an enterprise may not be difficult. Pocket size WiFi APs for less than $50 are readily available in retail stores. Due to spillage of RF signal, a Rogue AP enables an attacker sitting in the parking lot to directly access your enterprise wired network. After interacting with some of our customers and prospects, I have realized that they are familiar with Rogue APs but, lack a complete picture of what all damages one can inflict via a Rogue AP. Hence, I thought of compiling this list of “uses” for a Rogue AP (yes, “use” from the perspective of an attacker or an unauthorized user).


  1. Data Leakage One of the most basic uses of a Rogue AP is the wealth of information it can expose through leakage of enterprise data. Just by passive sniffing of the leaked data, an attacker can gain information about the users in the network and their communication. Packets may be leaking network related information such as host names & IP addresses (All of us know about tons of broadcast packets that network devices transmit). Or, worse, in some poorly configured networks, sensitive information such as user names, passwords, email and data communication may also leak out.
  2. Read more…

Wireless security ,

PCI Security Council Clarifies Wireless Security Requirements for PCI DSS Compliance

July 23rd, 2009

Any organization handling payment card data should pay immediate attention to the PCI DSS Wireless Guideline published by the PCI Security Standards Council Wireless Special Interest Group last week.

PCI Cardholder Data Environment Wireless Threats

Wireless Threats That Can Compromise PCI DSS Compliance

 The key highlights are:

Read more…

PCI , , , , ,

5 Wireless Intrusion Prevention Questions You Should Ask

July 20th, 2009

In my previous blog post (5 Wireless Intrusion Detection Questions You Need to Worry About), I talked about the key questions that are related to the detection of Wireless (WiFi) based intrusions in your enterprise. Today, let’s turn the focus on to the other important aspect of WiFi security – Intrusion Prevention. Here are the 5 questions you should ask on wireless intrusion prevention in your enterprise. Let me know if your answer to all of these questions is in the affirmative.


  1. Does my wireless security solution provide accurate and automatic prevention? If your solution requires a manual intervention for blocking a detected intrusion, you may be too late. Hence, the key to any intrusion prevention solution is the ability to automatically block the intruder. Although this requirement may seem obvious, it is interesting to note that getting this right is non trivial. For example, a poor implementation can end up blocking your neighbor’s communication - highly undesirable and in certain regions, illegal. Unless your security solution can accurately classify WiFi communication (authorized, unauthorized and don’t care/external), you will not be able to achieve this key functionality.  Read more…

Wireless security , ,

Wireless Challenges in Meeting Critical Infrastructure Protection (CIP) Standards

July 19th, 2009

North American Electric Reliability Corporation (NERC) has promulgated Critical Infrastructure Protection (CIP) standards for cyber security in electric power industry. A recent white paper in Automation World magazine brings out challenges faced in CIP implementation due to proliferation of wireless networking. The paper lays out various scenarios such as approved wireless use, inadvertent wireless use, covert wireless use etc. which break conventional perimeter security model. It recommends state of the art wireless monitoring and control to enforce wireless perimeter security for energy assets. Read more…

Wireless security , ,

5 Wireless Intrusion Detection Questions You Should Worry About

July 13th, 2009

If you own an enterprise grade local area network (LAN), you need to be aware that wireless (WiFi) based intrusions can potentially be exploited to create security backdoors into your network. This is true even if you have not rolled out your wireless LAN (WLAN) or have rolled out a WLAN that adopts the best-in-breed cryptographic security.


Today, Chief Security Officers (CSOs), Chief Information Officers (CIOs) and network security administrators have different perceptions on the extent of WiFi based intrusions. Hence, they have adopted different solutions to secure their enterprise network from WiFi intrusions.


  1. At the one end of the spectrum, there are users that believe that wired IDS/IPS and Networks Access Control (NAC) solutions are adequate to thwart this threat.
  2. Next, there is a class of user who are believe in “moderate security”. They have adopted part time wireless intrusion detection capabilities in their networks.
  3. At the other end of the spectrum, there are users that believe in dedicated & specialized wireless intrusion detection and prevention (WIPS) systems to defend against this threat. 

Independent of which of the above groups you may belong to, here is my list of 5 intrusion detection questions that you need to worry about. If you don’t agree, I would love to hear your views. Read more…

Wireless security , , ,

Not All Cyber Criminals Are that Smart

July 6th, 2009

This story seems to come from the files of “I am ten feet tall and bulletproof.” Many of us have a mixed reaction to those who are able to manipulate computers and code to their advantage for criminal acts. We wonder why they do not use their talents to simply make money the old fashioned way but also are outraged at their actions which disrupt our lives, compromise our security and cost us money. But then you read a story such as the one Robert McMillen of IDG posted over the weekend about the security guard and ersatz hacker who allegedly videotaped his cyber exploits at the clinic he was supposed to be protecting and then posted them to YouTube. He claimed to be adding botnets which would allow him to do a denial of service attack on July 4 just for the fun of it. He did get caught. You really have to read this story which is both funny and sad at the same time.

Wireless security , ,