Really interesting article in Forbes by Verne Kopytoff on the reasons retailers have recognized the value of Wi-Fi for their customers and business processes. He notes that after years of resistance, stores have conceded that the shoppers have won the war. They want Wi-Fi and they will use their smartphones to check out deals.
There is no doubt that Wi-Fi has many positive effects on the shopping experience and, I would suggest, those effects outweigh the negatives of comparison shopping online in a store. There is also the obvious benefit of making sales associates more efficient and able to serve more customers faster. Anyone who has ever gone into an Apple store near Christmas – and really who has not – has experienced just how fast one can get in and out even in a crowd.
However since retail stores have been late to this party, they need to think about the security implications of adding Wi-Fi and continuing to comply with the PCI DSS wireless scanning requirements. Kopytoff points out that several large retailers added Wi-Fi capabilities just before the holiday season, which is unusual in and of itself since retailers rarely want to disrupt their systems too close to the holidays. In haste, they may have overlooked adding true Wi-Fi security processes to protect credit card data. It will be interesting to see if any problems arise during this season of manic shopping.
smartphones, WiFi Access, Wireless scanning, Wireless security
The year 2010 witnessed continued growth in the enterprise WiFi deployments. The growth was fueled by the latest 802.11n revision to WiFi technology in the late 2009 and ready availability of WiFi in most consumer electronic devices launched in 2010, including the smart phones, printers, scanners, cameras, tablets, TVs, etc. The year 2010 also witnessed popularity of the specialized WiFi centric devices, such as MiFi.
However, the year 2010 also has some major WiFi security revelations/incidents in its kitty, which re-emphasize the continued need for adoption of the best practices for secure Wi-Fi deployment/usage. Here is the run-down on significant WiFi insecurity events which we witnessed in 2010:
- Windows 7 virtual WiFi can turn a machine into a soft Rogue, which took Rogue AP thinking to a new level beyond the commercially available AP hardware.
- Insecurity exposed due to MiFi like devices after the WiFi malfunction was experienced at two major trade shows in 2010 due to these devices – the first one was Google’s first public demo of Google TV and second was iPhone 4 launch at Apple Worldwide Developers Conference. Though this manifested as performance problem, it did show how easy it had become to set up personal HoneyPot AP or Hotspot AP on enterprise premises. Read more…
The WiFi snooping row Google has gotten itself into seems to be far from over. In April, Google revealed that its Street View cars had been collecting basic data such as the MAC addresses and SSIDs of WiFi networks in the vicinity. But after German authorities asked Google to audit the data, it admitted to have been “mistakenly” snooping payload data from Open WiFi networks. Apparently, a piece of WiFi data analysis code, written by Google engineers back in 2006, was part of the software used by the Street View cars, in turn leading to the WiFi snooping (of about 600 GB of data across 30 countries!). Read more…
Best practices, Wireless scanning, Wireless security
A cloud-based service called WPA Cracker launched last week promises to crack WPA-PSK (WiFi Protected Access with Pre-Shared Keying) for you starting $17 .
Like any other password-based authentication system, WPA-PSK (and WPA2-PSK) is vulnerable to a “dictionary attack.” This is a brute force technique in which a hacker uses a dictionary or database of commonly used passwords to guess the WPA encryption key. The problem with this approach is that it might take days or weeks to crack even a moderately strong password with a typical PC.
What makes the WPA Cracker service interesting is that it provides you access to huge amount of computing power using a 400-node cluster. The service promises to parse a dictionary of 135 million passwords and email you the results in 20 minutes for $34. If that price tag sounds steep or if you are ready to wait longer, then you can pay $17 to use half the cluster and receive the results by email in 40 minutes.
The service is targeted to ethical hackers that do wireless vulnerability assessment and wireless network penetration testing for a living. But I wonder…what would keep the “unethical” hackers from misusing a cloud-based service like this.
Not every cloud has a silver lining. What do you think?
In several of my recent wireless scanning exercises, I have encountered soft APs much more often than before. In one case, it was an employee who returned from business trip who had used USB WiFi AP in hotel to share his Internet connection with fellow workers (well, they did not all want to pay $5 per hour, if they can get around by paying only once!) and did not care to remove it from laptop before connecting into enterprise network. In another case, it was an employee in no-WiFi organization who used to impress others by creating soft AP on his Window’s laptop for others to access. The moral of these stories is that the occurrence of rogue AP on the enterprise network in the form of soft AP has become more pronounced of late. I think the reasons behind this are the ease with which operating systems (notably Microsoft Windows) allow soft AP configuration on embedded WiFi interfaces as well as off-the-shelf availability of PCMCIA cards and USB sticks designed for soft AP operation. It is also worth noting that soft AP is also a perfect “solution” to put rogue AP on network evading wireside controls such as 802.1x, NACs and wireside-only rogue AP scanner.
So what is a soft AP? Soft access point (AP) is a laptop or other such wireless enabled device which performs traffic forwarding between its wired and wireless interfaces. If the wired interface of such device is connected into enterprise network, soft AP acts as rogue AP on the network. It can be accessed on the wireless side by unauthorized users who can then get bridged to wired enterprise network through the soft AP. Easiest way to create soft AP on Windows laptop is to enable bridging or ICS between its wired and wireless interfaces. Another easy way to create soft AP is to plug USB devices such as Windy31 in the laptop which then auto-configure rest of the things required for soft AP operation.
So it becomes imperative that protection from soft APs be an important consideration while evaluating WiFi security posture of enterprise networks.
Wireless gadgets, Wireless security
Finally the news that everybody in the WiFi world has been waiting for! Exactly six years after the 802.11n task group was formed, 802.11n got the final ratification as IEEE standard last Friday.
It has also been reported that 802.11w (protection for 802.11 management frames) was also approved as a standard in the IEEE Standards Board meeting.
If you are now looking forward to rolling out a fresh 802.11n deployment or migrating parts of your WLAN to 802.11n, you may want to look at this informative white paper 802.11n The Good The Bad The Ugly: Will You Be Ready? and watch the archived webinar 802.11n deployment checklist — what you need to know before you start by Sri Sundaralingam and Lisa Phifer.
My 12 yr old son was fiddling with his iTouch in the back seat of the car last week when it finally dawned on him that he could see several available wi-fi networks in our neighborhood from the front of the house . “Hey, I can connect to Marci’s wi-fi ! Can we sit in the driveway for a couple minutes so I can download some songs?”
Hmm.. Maybe I can use this to my advantage to get the kids in the car so we can actually be someplace on time. “Hey kids, better hurry, you only have 3 minutes to download songs before we go to the dentist.”
AirTight’s director of technology joins HP ProCurve executives for two informative sessions at the HP Technology Forum in Las Vegas
June 15-18, 2009, Mandalay Bay, Las Vegas, Nevada, USA
Session: Wired/Wireless Management
Speakers: Dr. Hemant Chaskar, Director of Technology, AirTight Networks, Carl Blume, HP
This session offers timely advice for managing wireless and integrated wired/wireless networks from the perspectives of security, policy enforcement, performance optimization, and scalability.
Session: Wired and wireless Security
Speakers: Dr. Hemant Chaskar, Director of Technology, AirTight Networks, Mauricio Sanchez, HP
This session will present some differences and commonalities between protecting your network in a wireless versus a wired environment. It will outline the fundamentals of a comprehensive, multi-layered network security strategy and will drill down into some specific IDS/IPS (intruder detection system/intruder protection system) solutions that are particularly useful for combating wireless threats.
Wireless security, WLAN planning
Interesting gadget from Novatel/Verizon that lets you carry your WiFi hotspot with you. You can even share it with your friends. Check this out!