Traditionally, talking of wireless security in the enterprises we talked about embedded Centrio Wi-Fi, Linksys rogue APs, open source DoS tools, and compliance requirements (PCI, DoD, HIPAA). While these topics continue to be important today, the upcoming proliferation of the smart mobile devices is the new frontier for the enterprise wireless security to address. The inundation of smart mobile devices will result into new monitoring requirements, not hitherto discussed. These requirements would amount to ”stress test” for the WIPS and only the best of the breed can hold up. While the new monitoring requirements will be many and varied ranging from unauthorized BYOD to heightened rogue AP risk, in this post I wish to discuss some interesting and unique scenarios (numerous soft mobile hotspots, Nintendo chat blocking, wireless geo-fencing) I already encountered this year working with the customers.
BYOD (Bring Your Own Device) seems to be the dominant theme for 2012 in the Wi-Fi infrastructure and security space. As people increasingly bring in personal smartphone devices on the enterprise premises, the network/security administrators are grappling with the security implications. Given how engaging the new smartphone and tablet apps are, conflict arises between the users’ desire and the network/security administrators’ intentions. You need to ensure that this conflict does not turn BYOD into BYOR (Bring Your Own Rogue AP)! Read more…
My previous post “WiFi Hots(Honey)pots Go Mobile” (http://blog.airtightnetworks.com/wireless-security-mobile-hotspot/) talked about Palm Pre/Pixi Plus going the hot(honey)pot way.
SIMFI is equally cool – it can convert your cell phone into a hotspot. SIMFI is of the size of a SIM card and has WLAN modem built into it. It can be pretty much used with any phone. Check out http://www.techchee.com/2010/02/13/simfi-wifi-integrated-sim-card-turns-your-cellphone-into-a-wifi-hspa-router/ .
I am looking forward to get my hands onto one of these.
So, looks people don’t need to carry APs anymore to mess around with enterprise security
Are you already having trouble preventing your enterprise Wi-Fi clients from connecting to some of the existing public Wi-Fi networks (e.g., T-Mobile, Google WiFi)?
Guess what – the latest Palm Pre Plus or Pixi Plus can be converted into a cool mobile hotspot. One can easily roam around with this pocket hotspot. (http://www.nytimes.com/2010/01/21/technology/personaltech/21pogue.html)
It is amazing as to how some of these cool technological advances can create new avenues for attacks. Suppose an employee or a visitor wishes to sneak-in a hotspot or a honeypot AP into your enterprise. If you are paraniod, you can possibly think of frisking him for an AP (before allowing him into your premises). But, can you go to the extent of preventing him from carrying a Palm into your enterprise?
In several of my recent wireless scanning exercises, I have encountered soft APs much more often than before. In one case, it was an employee who returned from business trip who had used USB WiFi AP in hotel to share his Internet connection with fellow workers (well, they did not all want to pay $5 per hour, if they can get around by paying only once!) and did not care to remove it from laptop before connecting into enterprise network. In another case, it was an employee in no-WiFi organization who used to impress others by creating soft AP on his Window’s laptop for others to access. The moral of these stories is that the occurrence of rogue AP on the enterprise network in the form of soft AP has become more pronounced of late. I think the reasons behind this are the ease with which operating systems (notably Microsoft Windows) allow soft AP configuration on embedded WiFi interfaces as well as off-the-shelf availability of PCMCIA cards and USB sticks designed for soft AP operation. It is also worth noting that soft AP is also a perfect “solution” to put rogue AP on network evading wireside controls such as 802.1x, NACs and wireside-only rogue AP scanner.
So what is a soft AP? Soft access point (AP) is a laptop or other such wireless enabled device which performs traffic forwarding between its wired and wireless interfaces. If the wired interface of such device is connected into enterprise network, soft AP acts as rogue AP on the network. It can be accessed on the wireless side by unauthorized users who can then get bridged to wired enterprise network through the soft AP. Easiest way to create soft AP on Windows laptop is to enable bridging or ICS between its wired and wireless interfaces. Another easy way to create soft AP is to plug USB devices such as Windy31 in the laptop which then auto-configure rest of the things required for soft AP operation.
So it becomes imperative that protection from soft APs be an important consideration while evaluating WiFi security posture of enterprise networks.
My 12 yr old son was fiddling with his iTouch in the back seat of the car last week when it finally dawned on him that he could see several available wi-fi networks in our neighborhood from the front of the house . “Hey, I can connect to Marci’s wi-fi ! Can we sit in the driveway for a couple minutes so I can download some songs?”
Hmm.. Maybe I can use this to my advantage to get the kids in the car so we can actually be someplace on time. “Hey kids, better hurry, you only have 3 minutes to download songs before we go to the dentist.”
Wi-Fi telephony is the upcoming technology that can be set up on existing enterprise Wi-Fi network and empowers enterprises with voice mobility benefits in an easy, scalable and cost-effective way.
Increased deployment of superior Wi-Fi networks to achieve wireless data access and increased adoption of VoIP technologies to make cost-effective calls has led the concept of Wi-Fi telephony to emerge in the recent years.
With Wi-Fi telephony in place, voice mobility can be achieved in an easy to use and inexpensive way. Voice mobility in general refers to flexibility for users to make telephone calls from any place within a premise. Enterprise premises empowered with voice mobility have more productive employees, increased employee convenience and improved business process resulting in faster decision making, increased responsiveness and greater overall productivity and efficiency. Read more…