Security is hard to get right and shortcuts — be it coding shortcuts or design shortcuts – come back and haunt the product designers when the rubber hits the road.
The recently discovered “skyjacking” vulnerability of the Cisco LAPs seems to be a classic example. The “Over The Air Provisioning” (OTAP) feature allows an out-of-the-box Cisco LAP to automatically discover available WLC controllers to connect to by listening to wireless OTAP packets broadcast by neighboring Cisco LAPs. This feature obviously has attractive plug-and-play benefits for the end user but has also resulted in some critical security holes in the Cisco wireless infrastructure as reported recently. Malicious OTAP packets transmitted by an intruder can make a LAP connect to a “rogue” WLC controller on the Internet. This controller can modify the wireless settings of the AP in devious ways resulting in an AP that is in your airspace, connected to your wired network but completely controlled by an attacker.
Many security vulnerabilities are due to coding bugs (for example, inadequate input checking or the infamous buffer overflows). In contrast, the skyjacking vulnerability has its root, in my opinion, in two questionable design decisions that were probably made as early as the requirements definition stage.
Interesting post on CWNP back in March.
Douglas Haider compares the pros and cons of quarterly wireless vulnerability scanning vs. a full time wireless IPS to satisfy PCI DSS compliance requirement 11.1. Douglas writes:
“This requirement begs me to ask which is “better” option? Quarterly manual scans or a wireless IDS/IPS?
Maybe it’s the former IT auditor in me, but I think the best way to meet this requirement is by deploying a wireless IDS/IPS.
I agree, the goal of PCI is securing cardholder data than quarterly scanning can’t be taken seriously. Cost is obviously the biggest issue for merchants with multiple locations. But surely a hosted wireless scanning services with a low monthly fee would be cheaper AND provide round the clock security, wouldn’t it?
Hmmm… see my post AirTight on “Cloud Nine”.
Best practices, Compliance, PCI, Wireless scanning, Wireless security
AirTight’s director of technology joins HP ProCurve executives for two informative sessions at the HP Technology Forum in Las Vegas
June 15-18, 2009, Mandalay Bay, Las Vegas, Nevada, USA
Session: Wired/Wireless Management
Speakers: Dr. Hemant Chaskar, Director of Technology, AirTight Networks, Carl Blume, HP
This session offers timely advice for managing wireless and integrated wired/wireless networks from the perspectives of security, policy enforcement, performance optimization, and scalability.
Session: Wired and wireless Security
Speakers: Dr. Hemant Chaskar, Director of Technology, AirTight Networks, Mauricio Sanchez, HP
This session will present some differences and commonalities between protecting your network in a wireless versus a wired environment. It will outline the fundamentals of a comprehensive, multi-layered network security strategy and will drill down into some specific IDS/IPS (intruder detection system/intruder protection system) solutions that are particularly useful for combating wireless threats.
Wireless security, WLAN planning
These days, certain terms are often used to characterize Wireless Intrusion Detection/Prevention System (WIDS/WIPS) architectures – overlay and integrated being most commonly used and that too with variable meanings. This post explains what these terms mean or should mean to be consistent with fundamental underpinnings of WIDS/WIPS architectures and functions. Read more…