1. Have you wondered if Wi-Fi threats can be present in your network?
2. What do you think is the most common Wi-Fi threat that is out there today?
3. Do you know how to plan your mitigation strategy?
If you want to know more, please tune in to AirTight’s RSA 2011 presentation. We discuss our research results on enterprise wireless threat scenario. The study is based on real-life observations over the last two years.
What: Wireless Vulnerabilities in the Wild: A View From the Trenches (Hackers and Threats Track)
When: Feb 17 2011, Thu
Where: Mascone Center, SFO
Looking forward to see you.
I am just back from a trip to New Delhi (along with my colleague, Prabhash Dhyani). The weather was quite hot and humid. Amidst flight delays and apparently unstoppable Delhi traffic, we managed to meet up with some interesting folks and exchanged several ideas. You may be wondering what this has got to do with a security blog, hold on, you will soon find out!
Recently, there have been multiple instances of Wi-Fi issues related to iPads. Apple has also acknowledged some of the issues - e.g.,an iPad may not automatically rejoin a known Wi-Fi network on a dual band router . Also, Princeton university has faced serious network problems due to iPad. This has been attributed to a problem in the DHCP client on iPad. Here is an interesting theory on how the IEEE 802.11 Power Save mode may be playing a role in this. The Wall Street Journal reports that such issues have lead to the ban of iPads at several universities. This is a cause for concern. Read more…
My previous post “WiFi Hots(Honey)pots Go Mobile” (http://blog.airtightnetworks.com/wireless-security-mobile-hotspot/) talked about Palm Pre/Pixi Plus going the hot(honey)pot way.
SIMFI is equally cool – it can convert your cell phone into a hotspot. SIMFI is of the size of a SIM card and has WLAN modem built into it. It can be pretty much used with any phone. Check out http://www.techchee.com/2010/02/13/simfi-wifi-integrated-sim-card-turns-your-cellphone-into-a-wifi-hspa-router/ .
I am looking forward to get my hands onto one of these.
So, looks people don’t need to carry APs anymore to mess around with enterprise security
Are you already having trouble preventing your enterprise Wi-Fi clients from connecting to some of the existing public Wi-Fi networks (e.g., T-Mobile, Google WiFi)?
Mobile Hotspot with an option to create an Open Network
Guess what – the latest Palm Pre Plus or Pixi Plus can be converted into a cool mobile hotspot. One can easily roam around with this pocket hotspot. (http://www.nytimes.com/2010/01/21/technology/personaltech/21pogue.html)
It is amazing as to how some of these cool technological advances can create new avenues for attacks. Suppose an employee or a visitor wishes to sneak-in a hotspot or a honeypot AP into your enterprise. If you are paraniod, you can possibly think of frisking him for an AP (before allowing him into your premises). But, can you go to the extent of preventing him from carrying a Palm into your enterprise?
Wireless gadgets, Wireless security
The new 802.11 security protocol called 802.11w was recently ratified. Check this 802.11w-Tutorial to know how it works and what it means for your WLAN.
Rouge AP is an unauthorized AP connected to enterprise wired network. It can allow access to the enterprise wired network from its RF spillage outside of the premises. While it is well established in the mainstream that wired-wireless correlation is the only robust technique to detect such rogue APs, there also have been some wireside-only scanning techniques around to detect rogue APs connected to the enterprise wired network. At first sight, wireside-only scanning appears attractive from cost and deployment perspective as it does not require RF scanners. However the reality is that wireside-only scanning fails to detect many common types of rogues on the wired network.
Recently, the PCI Security Standards Council Wireless Special Interest Group published guidelines to clarify wireless security requirements in PCI DSS 1.2. While these guidelines clearly require using wireless analyzer or wireless IDS/IPS, wireside-only scanning is still sometimes touted, albeit incorrectly, as low cost alternative to meet PCI compliance. Not only does wireside-only scanning violate PCI DSS 1.2 in letter as it does not use wireless scanners, but it also violates it in spirit as it fails to detect many common types of rogues on wired network.
To find out more about how wireside-only scanning works and its limitations please view our technical white paper - Drawbacks of Wireside-only Rogue Detection.
Compliance, Wireless security
“The notion of a hard, crunchy exterior with a soft, chewy interior [Cheswick, 1990], only provides security if there is no way to get to the interior. Today, that may be unrealistic.” – What Firewalls Cannot Do, Firewalls and Internet security
Rogue APs are Access Points (APs) that are deployed in an enterprise network without the consent of the network administrator. In certain cases, the intent behind a Rogue AP may be benign – for example, an employee who wants to access the network from his favorite corner of the office. While in other cases, a Rogue AP can be deployed with a malicious intent – say, by an attacker or his accomplice.
Sneaking in Rogue APs into an enterprise may not be difficult. Pocket size WiFi APs for less than $50 are readily available in retail stores. Due to spillage of RF signal, a Rogue AP enables an attacker sitting in the parking lot to directly access your enterprise wired network. After interacting with some of our customers and prospects, I have realized that they are familiar with Rogue APs but, lack a complete picture of what all damages one can inflict via a Rogue AP. Hence, I thought of compiling this list of “uses” for a Rogue AP (yes, “use” from the perspective of an attacker or an unauthorized user).
- Data Leakage One of the most basic uses of a Rogue AP is the wealth of information it can expose through leakage of enterprise data. Just by passive sniffing of the leaked data, an attacker can gain information about the users in the network and their communication. Packets may be leaking network related information such as host names & IP addresses (All of us know about tons of broadcast packets that network devices transmit). Or, worse, in some poorly configured networks, sensitive information such as user names, passwords, email and data communication may also leak out.
In my previous blog post (5 Wireless Intrusion Detection Questions You Need to Worry About), I talked about the key questions that are related to the detection of Wireless (WiFi) based intrusions in your enterprise. Today, let’s turn the focus on to the other important aspect of WiFi security – Intrusion Prevention. Here are the 5 questions you should ask on wireless intrusion prevention in your enterprise. Let me know if your answer to all of these questions is in the affirmative.
- Does my wireless security solution provide accurate and automatic prevention? If your solution requires a manual intervention for blocking a detected intrusion, you may be too late. Hence, the key to any intrusion prevention solution is the ability to automatically block the intruder. Although this requirement may seem obvious, it is interesting to note that getting this right is non trivial. For example, a poor implementation can end up blocking your neighbor’s communication - highly undesirable and in certain regions, illegal. Unless your security solution can accurately classify WiFi communication (authorized, unauthorized and don’t care/external), you will not be able to achieve this key functionality. Read more…