Author Archive

Wireless Threats: Fact or Fiction?

February 15th, 2011

1. Have you wondered if Wi-Fi threats can be present in your network?

2. What do you think is the most common Wi-Fi threat that is out there today?

3. Do you know how to plan your mitigation strategy?

If you want to know more, please tune in to AirTight’s RSA 2011 presentation. We discuss our research results on enterprise wireless threat scenario. The study is based on real-life observations over the last two years.

What: Wireless Vulnerabilities in the Wild: A View From the Trenches (Hackers and Threats Track)

When: Feb 17 2011, Thu

Where: Mascone Center, SFO

Looking forward to see you.

Wireless security

One fine day in New Delhi

July 7th, 2010

Wireless Security TrainingI am just back from a trip to New Delhi (along with my colleague, Prabhash Dhyani). The weather was quite hot and humid. Amidst flight delays and apparently unstoppable Delhi traffic, we managed to meet up with some interesting folks and exchanged several ideas. You may be wondering what this has got to do with a security blog, hold on, you will soon find out!

Read more…

Wireless security

Goodbye, WEP & TKIP

June 18th, 2010
Ban of WEP & TKIP

Ban of WEP & TKIP

Wi-Fi Alliance has (finally) decided to take some giant steps in improving the state of wireless security. Starting Jan 2011, TKIP will be disallowed on new APs and from 2012, it will be disallowed on all Wi-Fi devices. Come Jan 2013, WEP will not be allowed on new APs and from 2014, WEP will be disallowed on all Wi-Fi devices. This is the good news. But, let us also get to the “bad” news.


Read more…

Wireless scanning , , , , ,

Wi-Fi Packet Capture Made Easy

May 8th, 2010

Recently, there have been multiple instances of Wi-Fi issues related to iPads. Apple has also acknowledged some of the issues - e.g.,an iPad may not automatically rejoin a known Wi-Fi network on a dual band router . Also, Princeton university has faced serious network problems due to iPad. This has been attributed to a problem in the DHCP client on iPad. Here is an interesting theory on how the IEEE 802.11 Power Save mode may be playing a role in this. The Wall Street Journal reports that such issues have lead to the ban of iPads at several universities. This is a cause for concern.  Read more…

Wireless security , ,

SIMFI: Convert your cell phone into a WiFi honeypot!

February 16th, 2010

My previous post “WiFi Hots(Honey)pots Go Mobile” ( talked about Palm Pre/Pixi Plus going the hot(honey)pot way.

SIMFI is equally cool – it can convert your cell phone into a hotspot. SIMFI is of the size of a SIM card and has WLAN modem built into it. It can be pretty much used with any phone. Check out .

I am looking forward to get my hands onto one of these.

So, looks people don’t need to carry APs anymore to mess around with enterprise security :)

Wireless gadgets

WiFi Hots(Honey)pots Go Mobile

January 22nd, 2010

Are you already having trouble preventing your enterprise Wi-Fi clients from connecting to some of the existing public Wi-Fi networks (e.g., T-Mobile, Google WiFi)?


Mobile Hotspot with an option to create an Open Network

Mobile Hotspot with an option to create an Open Network


Guess what – the latest Palm Pre Plus or Pixi Plus can be converted into a cool mobile hotspot. One can easily roam around with this pocket hotspot. (

It is amazing as to how some of these cool technological advances can create new avenues for attacks. Suppose an employee or a visitor wishes to sneak-in a hotspot or a honeypot AP into your enterprise. If you are paraniod, you can possibly think of frisking him for an AP (before allowing him into your premises). But, can you go to the extent of preventing him from carrying a Palm into your enterprise?

Wireless gadgets, Wireless security

802.11w Tutorial

November 2nd, 2009

The new 802.11 security protocol called 802.11w was recently ratified.  Check this  802.11w-Tutorial to know how it works and what it means for your WLAN.

Wireless security , , ,

Wireside-only Rogue Detection: Inadequate For Both Security and Compliance

September 2nd, 2009

Rouge AP is an unauthorized AP connected to enterprise wired network. It can allow access to the enterprise wired network from its RF spillage outside of the premises. While it is well established in the mainstream that wired-wireless correlation is the only robust technique to detect such rogue APs, there also have been some wireside-only scanning techniques around to detect rogue APs connected to the enterprise wired network. At first sight, wireside-only scanning appears attractive from cost and deployment perspective as it does not require RF scanners. However the reality is that wireside-only scanning fails to detect many common types of rogues on the wired network.

Recently, the PCI Security Standards Council Wireless Special Interest Group published guidelines to clarify wireless security requirements in PCI DSS 1.2. While these guidelines clearly require using wireless analyzer or wireless IDS/IPS, wireside-only scanning is still sometimes touted, albeit incorrectly, as low cost alternative to meet PCI compliance. Not only does wireside-only scanning violate PCI DSS 1.2 in letter as it does not use wireless scanners, but it also violates it in spirit as it fails to detect many common types of rogues on wired network.

To find out more about how wireside-only scanning works and its limitations please view our technical white paper - Drawbacks of Wireside-only Rogue Detection.

Compliance, Wireless security , ,

WiFi Rogue AP: 5 Ways to (Mis)use It

July 28th, 2009


“The notion of a hard, crunchy exterior with a soft, chewy interior [Cheswick, 1990], only provides security if there is no way to get to the interior. Today, that may be unrealistic.”  What Firewalls Cannot Do, Firewalls and Internet security


Rogue APs are Access Points (APs) that are deployed in an enterprise network without the consent of the network administrator. In certain cases, the intent behind a Rogue AP may be benign – for example, an employee who wants to access the network from his favorite corner of the office. While in other cases, a Rogue AP can be deployed with a malicious intent – say, by an attacker or his accomplice.

 RogueAP: Extended Enterprise Cable

Sneaking in Rogue APs into an enterprise may not be difficult. Pocket size WiFi APs for less than $50 are readily available in retail stores. Due to spillage of RF signal, a Rogue AP enables an attacker sitting in the parking lot to directly access your enterprise wired network. After interacting with some of our customers and prospects, I have realized that they are familiar with Rogue APs but, lack a complete picture of what all damages one can inflict via a Rogue AP. Hence, I thought of compiling this list of “uses” for a Rogue AP (yes, “use” from the perspective of an attacker or an unauthorized user).


  1. Data Leakage One of the most basic uses of a Rogue AP is the wealth of information it can expose through leakage of enterprise data. Just by passive sniffing of the leaked data, an attacker can gain information about the users in the network and their communication. Packets may be leaking network related information such as host names & IP addresses (All of us know about tons of broadcast packets that network devices transmit). Or, worse, in some poorly configured networks, sensitive information such as user names, passwords, email and data communication may also leak out.
  2. Read more…

Wireless security ,

5 Wireless Intrusion Prevention Questions You Should Ask

July 20th, 2009

In my previous blog post (5 Wireless Intrusion Detection Questions You Need to Worry About), I talked about the key questions that are related to the detection of Wireless (WiFi) based intrusions in your enterprise. Today, let’s turn the focus on to the other important aspect of WiFi security – Intrusion Prevention. Here are the 5 questions you should ask on wireless intrusion prevention in your enterprise. Let me know if your answer to all of these questions is in the affirmative.


  1. Does my wireless security solution provide accurate and automatic prevention? If your solution requires a manual intervention for blocking a detected intrusion, you may be too late. Hence, the key to any intrusion prevention solution is the ability to automatically block the intruder. Although this requirement may seem obvious, it is interesting to note that getting this right is non trivial. For example, a poor implementation can end up blocking your neighbor’s communication - highly undesirable and in certain regions, illegal. Unless your security solution can accurately classify WiFi communication (authorized, unauthorized and don’t care/external), you will not be able to achieve this key functionality.  Read more…

Wireless security , ,