It seems that WLAN management and security are finally moving to the cloud. See the recent announcements by Aeohive (October 27) and Aruba Networks(October 29).
Enterprises, namely SMBs, now have multiple options and price points for managing their wireless networks. We saw this trend about 18 months ago when AirTight decided to release a SaaS verion of our wireless IPS, SpectraGuard Online.
With the introduction of these new offerings, it will be interesting to see if the ASV’s begin to offer wireless vulnerability scanning. They already offer cloud based vulnerability scanning services for the wired network, why not wireless??
Best practices, Compliance, PCI, Wireless scanning, Wireless security
Interesting piece on Wi-Fi security on the Today Show this morning. The Today Show aired a piece called “Is your Wi-Fi connection safe?”
The story shows war driving through a residential neighborhood to show that many residential Wi-Fi users still deploy their wi-fi devices without passwords, leaving their connections vulnerable to eavesdropping.
One common Wi-Fi security threat highlighted in this report showed just how easy it is for a hacker to intercept the connection of mobile users connecting to unsecured public Wi-Fi in places like a coffee shop, airport, etc. This is not the first time this subject has been covered. See simlar stories by CNN (August 11, 2009), Fox News (July 12, 2009).
The Today Show should have also included in their report the fact that many Windows based computers cache and probe for previously used wi-fi connections, making users even more vulerable because their computer may be connecting without the users knowledge to a hacker posing as an unsecured hotspot. See the story by Forbes (November 2008).
Best practices, Wireless security
At every turning point big or small, mankind has faced the challenge of making choices between available technologies. May it be “DC vs AC” debate which laid foundation for our electrical distribution systems, or “mainframe vs workstation” debate which created platform for the modern Internet. At this turning point today when WiFi is poised to become mainstream enterprise networking technology, the network security administrator faces challenge of making right technology choice for WiFi security.
Among other things, one important technological choice the administrator will have to make is between wireless intrusion prevention systems (WIPS) which use “active” vs “passive” network connectivity detection methods.
Robust detection of wireless access points’ connectivity (or non-connectivity) to the enterprise network being protected lies at the heart of security and manageability aspects of the WIPS. A false negative, i.e., network connected AP called as not connected, results in security hole as it can cause rogue access point (AP) to go unnoticed. A false positive, i.e., network unconnected AP called as connected, results in nuisance and also creates hindrance to initiating to automated blocking. Read more…