With more enterprises deploying wireless LANs and employee-owned WiFi devices flooding enterprises, wireless LAN forensics is becoming a key component of any network forensic audit — whether to prove compliance with a regulation such as PCI DSS or in response to a security incidence. But wireless presents unique challenges to forensic audits.
Last month, at RSA 2010 conference in San Francisco, I had the oppourtunity to discuss this issue with experienced auditor and certified PCI QSA Jim Cowing. Here you can view the video recording of an abridged version of our RSA 2010 talk “Anatomy of a Forensic Audit: How Wireless Changes the Game.”
Let me summarize the highlights from the talk: Read more…
Kaustubh Phanse Best practices, Compliance, PCI, Wireless scanning, Wireless security Forensic audit, PCI DSS, WIPS, Wireless forensics, Wireless Intrusion Prevention
Much has been said about using ‘Best Practices’ alone to secure enterprise WiFi, including no-WiFi policy. However, as security experts will vouch, most breaches happen because of naive insiders.
Here is a hilarious video that demonstrates the lack of understanding out there regarding WiFi – http://www.youtube.com/watch?v=3cgjvcxn1s4.
Imagine such a person as your employee and ask yourself the following questions.
- Can you expect all your employees to follow the prescribed WiFi best practices?
- Can you be confident that such a person will not connect to a neighboring hotspot, just because his or her desk has spotty WiFi coverage?
- Can you be certain that such a person will not bring in a ‘Linksys’ as advised by the radio host; and plug it into the ethernet under the desk and create a Rogue AP?
- Can you be certain that this person will not connect to both the WiFi and Ethernet at the same time while connected to the hotspot?
If these questions are hard to answer, you must consider Wireless Intrusion Prevention System!
Jatin Parekh Best practices, Wireless scanning, Wireless security Best practices, Hotspot, no WiFi, Rogue AP, WIPS, Wireless Intrusion Prevention
When talking about wired security, enterprise IT administrators talk about multiple layers of defense such as internet firewalls, VPNs, admission control, email filtering, content filtering, web application scanning and many others. It is like a hacker has to peel multiple layers of an onion before getting to the core. Each layer of security is independent and is preferably sourced from different vendors. Each layer compounds the amount of work that a hacker has to perform to get in.
When considering the security of a wireless network, the same enterprise IT administrators are content with the basic security mechanisms integrated into the wireless LAN infrastructure by vendors such as Cisco Systems and Aruba Networks. IT departments have a hard time understanding why an inner layer of defense for wireless network security is needed in the form of an advanced wireless intrusion prevention system (WIPS). The wireless network security posture of an organization is the weakest when the security integrated into wireless LAN infrastructure is the only layer protecting the core network. Without an inner WIPS layer, the core network is open to rogue APs, unauthorized client connections, ad-hoc networks, MAC spoofing and many other attacks that the wireless LAN infrastructure security cannot protect against.
Read more…
Samir Palnitkar Wireless security Rogue AP, WIDS, WIPS, Wireless Intrusion Prevention, Wireless Network Security, Wireless security
Any organization handling payment card data should pay immediate attention to the PCI DSS Wireless Guideline published by the PCI Security Standards Council Wireless Special Interest Group last week.
Wireless Threats That Can Compromise PCI DSS Compliance
The key highlights are:
Read more…
Kaustubh Phanse Compliance, PCI, Wireless security PCI, PCI DSS, PCI SSC, Rogue AP, WIPS, Wireless security
Live Alerts helps system administrators to quickly identify the ongoing vulnerabilities and performance related issues in an enterprise Wi-Fi deployment.
Before Live Alerts, it was very difficult for an administrator to identify the ongoing threats from the list of reported threats/anomalies. However, with the introduction of Live Alerts, he can now easily distinguish and prioritize between ongoing and past threats/anomalies.
Introduction:
Realizing mobility advantages in businesses, Wi-Fi is increasingly being deployed in corporate premises. However, due to the nature of Wi-Fi technology, an administrator has to face certain security and performance challenges while managing the corporate Wi-Fi space.
Read more…
Ajay Gupta Wireless security Alerts, WIPS
… and Don’t Sweat Chasing Hacking Tool Signatures!
You feel pretty good and more secure when you receive that daily signature update from your anti-virus software. I feel the same and why not – anti-virus technology is fundamentally rooted in signature analysis. But don’t make the mistake of applying the same metric to wireless intrusion prevention system (WIPS). Wireless security fundamentally works differently from anti-virus software. Read more…
Hemant Chaskar Wireless security autoclassification, signature detection, threshold detection, WIDS, WIPS, Wireless security
