Wireless IDS/IPS horror stories from the field

Security Horror Stories

These are some recent stories of the IT organizations who brought in wireless intrusion prevention systems (WIPS) to secure their network environments against Wi-Fi vulnerabilities and attacks, and what they encountered was the incessant flow of security alerts that they could not keep up with. That is because, the systems constantly crunched signatures and thresholds from wireless… Read More

Don’t let BYOD turn into “BYOR” in your network

505airport

BYOD (Bring Your Own Device) seems to be the dominant theme for 2012 in the Wi-Fi infrastructure and security space. As people increasingly bring in personal smartphone devices on the enterprise premises, the network/security administrators are grappling with the security implications. Given how engaging the new smartphone and tablet apps are, conflict arises between the users’… Read More

Wi-Fi Insecurity Wrap-up for 2010

The year 2010 witnessed continued growth in the enterprise WiFi deployments. The growth was fueled by the latest 802.11n revision to WiFi technology in the late 2009 and ready availability of WiFi in most consumer electronic devices launched in 2010, including the smart phones, printers, scanners, cameras, tablets, TVs, etc. The year 2010 also witnessed… Read More

Goodbye, WEP & TKIP

Wireless Threats cannot be solved by conventional security mechanisms

Wi-Fi Alliance has (finally) decided to take some giant steps in improving the state of wireless security. Starting Jan 2011, TKIP will be disallowed on new APs and from 2012, it will be disallowed on all Wi-Fi devices. Come Jan 2013, WEP will not be allowed on new APs and from 2014, WEP will be… Read More

Is a strong inner layer of defense needed for robust wireless security?

Wireless Security Posture is relatively weak when both WLAN and WIPS are sourced from the same vendor

When talking about wired security, enterprise IT administrators talk about multiple layers of defense such as internet firewalls, VPNs, admission control, email filtering, content filtering, web application scanning and many others. However, when considering the security of a wireless network, the same enterprise IT administrators are content with the basic security provided as a part of wireless LAN infrastructure by vendors such as Cisco Systems and Aruba Networks. This is a flawed security practice.

A Wireless Intrusion Prevention System (WIPS) must be installed as a strong inner layer of defense when hackers penetrate the basic security built into the wireless LAN infrastructure. Additionally, the WIPS and the WLAN infrastructure should be sourced from different vendors to ensure non-overlapping weaknesses and hence, strong security. A WIPS combined with WLAN infrastructure from different vendors enables a strong wireless security posture for an organization.
  Read more

WiFi Rogue AP: 5 Ways to (Mis)use It

Extended Ethernet Cable From Your Enterprise

  “The notion of a hard, crunchy exterior with a soft, chewy interior [Cheswick, 1990], only provides security if there is no way to get to the interior. Today, that may be unrealistic.”  – What Firewalls Cannot Do, Firewalls and Internet security   Rogue APs are Access Points (APs) that are deployed in an enterprise network… Read More