BYOD (Bring Your Own Device) seems to be the dominant theme for 2012 in the Wi-Fi infrastructure and security space. As people increasingly bring in personal smartphone devices on the enterprise premises, the network/security administrators are grappling with the security implications. Given how engaging the new smartphone and tablet apps are, conflict arises between the users’ desire and the network/security administrators’ intentions. You need to ensure that this conflict does not turn BYOD into BYOR (Bring Your Own Rogue AP)! Read more…
This month, AirTight Networks’ flagship product, SpectraGuard® Enterprise, achieved FIPS 140-2 validation from the National Institute of Standards and Technology (NIST) of the United States and the Communications Security Establishment of Canada (CSEC).
These standards and guidelines are issued by NIST as Federal Information Processing Standards (FIPS) for use government-wide. NIST develops FIPS when there are compelling Federal government requirements such as for security and interoperability and there are no acceptable industry standards or solutions. See background information for more details.
Simultaneously, AirTight’s SpectraGuard Server passed TIC tests for inclusion on the DISA UC APL. The DISA UC APL is the single consolidate list of products that have completed interoperability (IO) and information assurance (IA) certification. Use of the DoD UC APL allows DoD Components to purchase and operate UC systems over all DoD network infrastructures.
AirTight’s products are deployed worldwide in many of the most security sensitive United States government and defense organizations to assure security and compliance with requirements such as DoD 8420.01, FISMA and guidelines from the National Institute of Standards and Technology (NIST). Because AirTight products are always kept up-to-date with certifications such as FIPS 140-2, Common Criteria and DISA; government and defense agencies can take advantage of the powerful wireless security technology provided by AirTight.
A special Aberdeen Group report titled, “Wireless LAN 2011: Readying the Invisible Network for the Smart Revolution is the first industry study to track the impact of the rapid rise of smart devices on the WLAN.
The proliferation of embedded WiFi devices – smartphones, tablets, and Machine-to-Machine sensors (M2M) – and the explosion of wireless activity in and around the enterprise make maintaining a good security posture and meeting regulatory compliance requirements more challenging than ever.
According to Andrew Borg, senior research analyst, Wireless & Mobility for Aberdeen, and the report’s author, “A network is suboptimal unless network performance and security are both addressed. It isn’t enterprise class if it isn’t secure. As a consequence top-performing organizations are consistent in considering network security a high priority.”
This report is available immediately at no cost, courtesy of AirTight Networks.
There’s been a lot of news in recent weeks surrounding the Sony PlayStation Network breaches. One of the questions that I have received multiple times since this started is whether or not this was a wireless breach or if wireless was in any way part of the Sony vulnerability.
From what we understand, no. It sounds like web servers were compromised. But could these types of attacks happen over Wi-Fi? You bet.
“Hacktivists” essentially volunteer to participate in these coordinated attacks. The tools used are often easy to use and freely available. They just need people willing to join the cause to create the distributed denial of service. Firewalls are supposed to keep the “bad guys” out, but there is nothing stopping anyone from putting these same tools on a smartphone and carrying out these same attacks from INSIDE an organization, not just remotely from the Internet.
These same techniques used against Sony, MasterCard, and Visa as well as the type of attack that breached TJX can now be launched from personal smart devices (Iphones, Ipads, Androids, etc.) inside your network. In fact, Gopinath K.N., Director of Engineering at AirTight Networks has demonstrated just this type of scenario at various security conferences and on-line presentations. See his demo here.
Additionally, smartphone malware can be distributed in the form of an application easily downloaded from the Internet (think of all the gaming and social media apps available for iPhones and Androids). Its really no different than how PCs become infected with worms, viruses and malware by visiting untrusted sites and downloading insecure applications.
Once the malware is installed, if that compromised smart device attaches to the corporate network, the malware can be used to launch a stealthy attack from inside the corporate network – with or without the knowledge or consent of the smart device owner . Sensitive data could even be sent off-site via the device’s own Wi-Fi or 3G radio.
Considering that smart devices and tablets now outnumber PCs in new sales, this may not be so far fetched. A major difference between PC security and smart devices is that the tools to detect and defend PCs from these vulnerabilities is significantly more mature and widely deployed then smartphone security in practice today. Organizations need to determine whether or not unauthorized smartphones are allowed to attach to their Wi-Fi networks (guest and corporate), and how they will enforce wireless security policies to keep themselves secure.
After the TJX breach, the PCI security council strengthened their wireless security standard in an attempt to prevent such catastrophic incidents from reoccurring. While some of the largest retailers strengthened their wireless security, small and medium businesses need to take a look at their own security practices because they are just as susceptible, maybe more. In its annual Data Breach Investigations Report earlier this week, Verizon said “criminals are increasingly hitting smaller businesses as it becomes harder to steal financial data from big companies.”
War-driving is still more common than most people probably think, but the number of incidents reported by small and medium businesses is very low. In most cases, WEP encryption is still the target. In a recent Network World article reported that Seattle police are investigating a group of criminals attacking local businesses via Wi-Fi access points encrypted with the flawed WEP protocol. Does this appear to be an isolated incident? No. According to the Seattle police, this group of criminals has been suspected of these types wireless attacks for as many as *5 years*.
What is troubling is the number of retailers that continue to opt for a “compensating control” to address their wireless security requirements. Even PCI’s “approved” methods including quarterly wireless scans and visual inspections are insufficient to protect your business. Wi-Fi is everywhere, its easy to find an unencrypted (or poorly encrypted) signal.
Until companies understand the risk of properly secured Wi-Fi, they will remain susceptible. Just ask the guys in Seattle.
If you are concerned about the proliferation of smart devices (Iphones, Droids, tablets) and the impact on your network security, then this is a “can’t miss” webinar. The inability to detect and block unauthorized personal devices from attaching to your network puts your business at risk. AirTight CTO and Founder Pravin Bhawat discusses the challenges with mobile device management and the limitations of existing wireless network security measures.
Great webinar yesterday hosted by QSR Magazine featuring Yum Brands, Restaurants Unlimited and AirTight Networks. Very insightful discussion with a couple forward thinking enterprises when it comes to deploying Wi-Fi in their restaurants, but the conversation is applicable to any retail environment really. Clearly security and PCI compliance are still top of mind where wireless is concerned as expressed by the panelists as well as the research presented by AirTight Networks. Over a period of 6 months, AirTight conducted a study of 725 retail networks and amazingly 24% of the still had at least one incidence of a rogue AP on the network, while 33% presented unsecure APs on the network. 68% of the networks studied has at least one wireless client vulnerability.
The recorded webinar is available here.
Controller based WiFi architectures have been the standard for some time, but the advantages of the cloud appear to be a perfect fit for deploying a scalable, and more importantly, manageable WiFi infrastructure. Cloud based solutions are intended to drastically reduce the cost and complexity of delivering an enterprise solution. And WiFi should be no exception.
By now, you have discovered CFO’s like cloud computing. IT solutions that can be purchase as a cloud solution eliminate up front capital expenditures, depreciation, and product obsolescence.
Cloud solutions improve cash management because there is no need to write a big check all up front. Paying only for the capabilities you need, lowers your organizations financial risk. And the recurring (often monthly) operational costs of cloud based solutions provide easy to forecast and budget IT expenditures. Lastly, because deployment time and on-going operational overhead can be recognzed in weeks not months, results are easier to measure.
If you are considering a new WiFi deployment or are ready for a refresh, take a look at this video to see how AirTight’s Cloud Services can help.
With more enterprises deploying wireless LANs and employee-owned WiFi devices flooding enterprises, wireless LAN forensics is becoming a key component of any network forensic audit — whether to prove compliance with a regulation such as PCI DSS or in response to a security incidence. But wireless presents unique challenges to forensic audits.
Last month, at RSA 2010 conference in San Francisco, I had the oppourtunity to discuss this issue with experienced auditor and certified PCI QSA Jim Cowing. Here you can view the video recording of an abridged version of our RSA 2010 talk “Anatomy of a Forensic Audit: How Wireless Changes the Game.”
Let me summarize the highlights from the talk: Read more…
This new product video from AirTight Networks shows how easy it is to automate your wireless PCI vulnerability scanning. AirTight SpectraGuard Online can be configured and running in as little as 5 minutes and 3 easy steps. AirTight eliminates the need to send staff to remote locations with a mobile analyzer to conduct the routine PCI scan for rogue APs. IT professionals should find this refreshing.