Any organization handling payment card data should pay immediate attention to the PCI DSS Wireless Guideline published by the PCI Security Standards Council Wireless Special Interest Group last week.

Wireless Threats That Can Compromise PCI DSS Compliance

 The key highlights are:

Read more…

Kaustubh Phanse Compliance, PCI, Wireless security PCI, PCI DSS, PCI SSC, Rogue AP, WIPS, Wireless security

In my previous blog post (5 Wireless Intrusion Detection Questions You Need to Worry About), I talked about the key questions that are related to the detection of Wireless (WiFi) based intrusions in your enterprise. Today, let’s turn the focus on to the other important aspect of WiFi security – Intrusion Prevention. Here are the 5 questions you should ask on wireless intrusion prevention in your enterprise. Let me know if your answer to all of these questions is in the affirmative.

1. Does my wireless security solution provide accurate and automatic prevention? If your solution requires a manual intervention for blocking a detected intrusion, you may be too late. Hence, the key to any intrusion prevention solution is the ability to automatically block the intruder. Although this requirement may seem obvious, it is interesting to note that getting this right is non trivial. For example, a poor implementation can end up blocking your neighbor’s communication - highly undesirable and in certain regions, illegal. Unless your security solution can accurately classify WiFi communication (authorized, unauthorized and don’t care/external), you will not be able to achieve this key functionality.  Read more…

K N Gopinath Wireless scanning, Wireless security Enterprise LAN Security, Wireless Intrusion Prevention, Wireless security

If you own an enterprise grade local area network (LAN), you need to be aware that wireless (WiFi) based intrusions can potentially be exploited to create security backdoors into your network. This is true even if you have not rolled out your wireless LAN (WLAN) or have rolled out a WLAN that adopts the best-in-breed cryptographic security.

Today, Chief Security Officers (CSOs), Chief Information Officers (CIOs) and network security administrators have different perceptions on the extent of WiFi based intrusions. Hence, they have adopted different solutions to secure their enterprise network from WiFi intrusions.

1. At the one end of the spectrum, there are users that believe that wired IDS/IPS and Networks Access Control (NAC) solutions are adequate to thwart this threat.
2. Next, there is a class of user who are believe in “moderate security”. They have adopted part time wireless intrusion detection capabilities in their networks.
3. At the other end of the spectrum, there are users that believe in dedicated & specialized wireless intrusion detection and prevention (WIPS) systems to defend against this threat. 

Independent of which of the above groups you may belong to, here is my list of 5 intrusion detection questions that you need to worry about. If you don’t agree, I would love to hear your views. Read more…

K N Gopinath Compliance, Wireless security LAN Security, Rogue AP, Wireless Intrusion Detection, Wireless security

Michael is the Message Integrity Code adapter by the TKIP standard. Michael is actually a weak code which uses simple additions and shift operation which are computationally less expensive, but strong enough as a intermediate solution from WEP. Michael was chosen as MIC in TKIP, so that the already deployed low end Access Points can also be software upgraded to TKIP without any hardware change. This video explains the working of MIC in TKIP.

Della Lowe Wireless security cyber security, encryption, Rogue AP, TKIP, WiFi access point, Wireless security

… and Don’t Sweat Chasing Hacking Tool Signatures!

You feel pretty good and more secure when you receive that daily signature update from your anti-virus software. I feel the same and why not – anti-virus technology is fundamentally rooted in signature analysis. But don’t make the mistake of applying the same metric to wireless intrusion prevention system (WIPS). Wireless security fundamentally works differently from anti-virus software. Read more…

Hemant Chaskar Wireless security autoclassification, signature detection, threshold detection, WIDS, WIPS, Wireless security

Interesting article from Joanie Wexler on the real costs of adding wireless intrusion to your WLAN. She compares a similar configuraion from several vendors.

http://www.networkworld.com/newsletters/wireless/2009/042709wireless1.html

Mike Baglietto Wireless security, WLAN planning Wireless security

Financial institutions need to provide the same automated, continuous, and auditable levels of security to wireless networks as they do for wired-whether they’re managing a wireless network or not.

The risks associated with wireless networks are diverse. And whether you’ve prohibited wireless access at your company, or have chosen to enable encrypted wireless access, you still have a significant wireless security problem. How so? Just about every portable device shipped in the past few years comes with wireless access enabled-smart phones, PDAs, notebooks, MP3 players, portable storage devices and even printers – while WiFi access points the size of a USB-thumb drive are coming to market in increasing numbers. Also, financial institutions, and all enterprises for that matter, which believe they can avoid the risks associated with wireless networks through encryption or policy alone are mistaken-and they’re placing their wired LANs at significant risk as a result. Read more…

Pravin Bhagwat Wireless security Wireless security