Last week we saw Google facing legal tangles for “accidental interception” of WiFi signals and this week it was Apple facing “mysterious disappearance” of WiFi signals during iPhone-4 demo at WWDC keynote. So “what’s going on”, does WiFi not like us any more? Well, because these things struck Eric and Steve, we got to hear about them, but in fact they strike Tom, Dick and Harry everyday.
But there is a way out of this WiFi chaos. Read more…
Hemant Chaskar Wireless scanning, Wireless security iphone 4 wifi, iphone launch wifi, iphone WiFi problem, WiFi performance, WiFi security
We often hear that WiFi network performance degrades due to radio interference. We also hear that interference is a complex beast which cannot be easily tamed. There are two types of interference sources which affect WiFi network performance – non-WiFi sources and WiFi sources. This post provides a guide to some practical steps to combat often cited non-WiFi interference sources such as microwave oven, Bluetooth, baby monitors, cordless phones, wireless cameras and jammers. The WiFi interference sources will be discussed in later post.
Overall, some awareness of environment around WiFi network coupled with some simple network planning steps can help win over non-WiFi interference to great extent. Additionally, ability to detect high interference levels on WiFi channels helps detect “unmanaged” sources of interference such as jammer or any unknown source. Many WLAN and wireless security systems today have ability to monitor interference levels on channels on 24×7 basis to facilitate such detection.
Hemant Chaskar Best practices, WLAN planning baby monitor, bluetooth, cordless phone, interference, jammer, microwave, oven, spectrum analysis
The SSL renegotiation vulnerability disclosure created mood swings in the security community over last month. Immediately after the disclosure, security community was split in opinion about its severity and relevance.
All that changed a fortnight later, when real life exploit targeted to Twitter site was demonstrated using this vulnerability and it all started looking REAL! Afterall, it was a vulnerability of great relevance and severity.
The final question now is how prevalent is this vulnerability. To this effect, SSLLabs has actually created an online tool where you can enter HTTPS URL to know if that URL is vulnerable to SSL renegotiation vulnerability. In fact you will notice that many critical HTTPS sites are vulnerable, though a few have already patched it up.
If any doubt is now left before calling it prevalent, it is about prevalence of man-in-the-middle (MITM) attacks. The flaw requires presence of MITM between the client and the SSL server. How easy is it for an attacker to be MITM? This is where WiFi comes into picture. In fact it is very easy to be MITM in WiFi connection using honeypot (evil twin) access points or ARP poisoning through rogue access points.
Overall, it is appropriate to conclude that the vulnerability is severe and prevalent. Fortunately, the fix is available through a patch, though it will take some time before all websites apply it. Until then, we keep our fingers crossed!
Hemant Chaskar Wireless security flaw, renegotiation, ssl, tls, vulnerability
Ever cared to take objection to someone putting flower vase on the table in your office, as it violates your wireless security policy? That is preposterous, isn’t it? Not any more. Look at the artistic WiFi router design from STC.
So next time you see a flower vase on someone’s table, you have to “check it out” to ensure that it is not a rogue AP in the enterprise network.
Just a thought, can the flower stems also serve as antennas?
Hemant Chaskar Wireless security
In several of my recent wireless scanning exercises, I have encountered soft APs much more often than before. In one case, it was an employee who returned from business trip who had used USB WiFi AP in hotel to share his Internet connection with fellow workers (well, they did not all want to pay $5 per hour, if they can get around by paying only once!) and did not care to remove it from laptop before connecting into enterprise network. In another case, it was an employee in no-WiFi organization who used to impress others by creating soft AP on his Window’s laptop for others to access. The moral of these stories is that the occurrence of rogue AP on the enterprise network in the form of soft AP has become more pronounced of late. I think the reasons behind this are the ease with which operating systems (notably Microsoft Windows) allow soft AP configuration on embedded WiFi interfaces as well as off-the-shelf availability of PCMCIA cards and USB sticks designed for soft AP operation. It is also worth noting that soft AP is also a perfect “solution” to put rogue AP on network evading wireside controls such as 802.1x, NACs and wireside-only rogue AP scanner.
So what is a soft AP? Soft access point (AP) is a laptop or other such wireless enabled device which performs traffic forwarding between its wired and wireless interfaces. If the wired interface of such device is connected into enterprise network, soft AP acts as rogue AP on the network. It can be accessed on the wireless side by unauthorized users who can then get bridged to wired enterprise network through the soft AP. Easiest way to create soft AP on Windows laptop is to enable bridging or ICS between its wired and wireless interfaces. Another easy way to create soft AP is to plug USB devices such as Windy31 in the laptop which then auto-configure rest of the things required for soft AP operation.
So it becomes imperative that protection from soft APs be an important consideration while evaluating WiFi security posture of enterprise networks.
Hemant Chaskar Wireless gadgets, Wireless security access point, ap, ICS, Rogue, soft, WiFi
At every turning point big or small, mankind has faced the challenge of making choices between available technologies. May it be “DC vs AC” debate which laid foundation for our electrical distribution systems, or “mainframe vs workstation” debate which created platform for the modern Internet. At this turning point today when WiFi is poised to become mainstream enterprise networking technology, the network security administrator faces challenge of making right technology choice for WiFi security.
Among other things, one important technological choice the administrator will have to make is between wireless intrusion prevention systems (WIPS) which use “active” vs “passive” network connectivity detection methods.
Robust detection of wireless access points’ connectivity (or non-connectivity) to the enterprise network being protected lies at the heart of security and manageability aspects of the WIPS. A false negative, i.e., network connected AP called as not connected, results in security hole as it can cause rogue access point (AP) to go unnoticed. A false positive, i.e., network unconnected AP called as connected, results in nuisance and also creates hindrance to initiating to automated blocking. Read more…
Hemant Chaskar Wireless security
An interesting survey on PCI DSS compliance was recently published by the Ponemon Institute. There are many interesting findings in the survey some of which I summarize here.
One thing that strongly comes out is that though PCI DSS compliance is perceived as contributing to an organization’s security posture, cost factors are pestering. 60% of the respondents have said that they do not have sufficient resources to manage PCI DSS compliance even though it seems they are spending one third of their security budget on PCI DSS compliance. Another interesting and equally troubling data point that comes out of the survey is that 71% respondents say that their organizations do not have data security as enterprise level strategic initiative. No wonder TJX type breaches happen!
The data security problem is going to only get harder in the future as new networking technologies evolve; most notably wireless and Web2.0. In fact, already 38% percent respondents in the survey have said that that they think the most serious security threats are located in wireless devices. Rightly, PCI DSS has also added wireless scanning control into the compliance pack.
So it is clear that we need low-overhead enablers for organizations to achieve and maintain PCI DSS compliance. At least for wireless PCI DSS compliance, we at AirTight have developed a hosted wireless scanning solution to make PCI DSS compliance cost effective and effortless. Would like to hear from others what they think are the ways to help organizations achieve compliance without much cost and complexity.
Hemant Chaskar Compliance, PCI dss, hosted, PCI, SaaS, scanning, spectraguard online, wireless
One critical requirement from wireless intrusion prevention system (WIPS) is that it should offer robust protection against rogue wireless access points. The protection should entail instant detection followed by automatic blocking (prevention). Rogue AP detection should be free from false alarms – both on positive and negative sides.
Rogue AP means unauthorized AP wired to (connected to) monitored enterprise network. In other words, rogue AP satisfies two conditions: i) It is not on the authorized AP list, AND ii) it is wired to the monitored enterprise network.
The first of the above two conditions is easy to test, just compare BSSID of detected AP with your managed AP BSSID list. The second condition is where things start to become interesting. Accurately and reliably detecting if every AP seen in air is wired or not wired to the monitored enterprise network requires technological sophistication. Based on the level of sophistication, three types of rogue AP detection workflows are prevalent in wireless intrusion prevention system (WIPS) solutions available in the market. Read more…
Hemant Chaskar Wireless scanning, Wireless security access point, ap, classification, connectivity detection, detection, Rogue, unwired, wired
