tag:blogger.com,1999:blog-61923859496893248412024-03-04T22:39:25.417-08:00WiFi SecurityWiFi Security News- Let the quest be resolved...Andyhttp://www.blogger.com/profile/10752295782220217406noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-6192385949689324841.post-32456772802988088862008-09-13T03:54:00.000-07:002008-08-13T04:11:21.799-07:00News on Wi-FiThis is a collection of WiFi related news categorized in different groups.<br /><br />In order to begin your exploration, select a category of your interest from the right.Andyhttp://www.blogger.com/profile/10752295782220217406noreply@blogger.comtag:blogger.com,1999:blog-6192385949689324841.post-53591625601077725062008-08-13T01:46:00.000-07:002008-08-13T02:41:17.059-07:00Open APs - Forgot to lock the door?The current installed base of wireless networks includes a very large percentage of Open APs, almost 50% according to one study [??]. Open APs are those which do not use security controls such as authentication and encryption on their wireless side. The reasons for this are many – there are people who believe, albeit in error, that hiding SSID of AP suffices as a security best practice, then there are those who don’t know about wireless encryption and thus use the AP in its default configuration which by the way is always Open, and finally there are those who don’t care about or want encryption on the AP. <br /><br />Open AP in the vicinity of enterprise network – whether on the network or around the network – always creates security vulnerability. In the former case, outsiders can access the enterprise network through the Open AP from its radio spillage areas – called “outside in” vulnerability. In the latter, the enterprise wireless clients can be lured into connecting to the neighboring Open AP. Such connections can happen accidentally as they do not require any security handshake. They can also occur with deliberate purpose of bypassing the security checkpoints in the wired enterprise networks. This is called “inside out” vulnerability.Andyhttp://www.blogger.com/profile/10752295782220217406noreply@blogger.com3tag:blogger.com,1999:blog-6192385949689324841.post-19721206327072333092008-07-23T03:56:00.000-07:002008-08-07T04:53:03.504-07:00WLAN Security chapter of CCNA Offical Exam GuideThe InformIT article on this chapter that I refered to in my <a href="http://wifi-security.blogspot.com/2008/07/when-i-configured-my-bolgspot-to.html">previous blog</a> mentions - <blockquote>The Cisco-authorized CCNA-related courses suggest several categories of threats:<br /><ul><li><strong>War drivers</strong>: The attacker often just wants to gain Internet access for free. This person drives around, trying to find APs that have no security or weak security. The attacker can use easily downloaded tools and high-gain directional antennas (easily purchased and installed). </li><li><strong>Hackers</strong>: The motivation for hackers is to either find information or deny services. Interestingly, the end goal may be to compromise the hosts inside the wired network, using the wireless network as a way to access the Enterprise network without having to go through Internet connections that have firewalls.</li><li><strong>Employees</strong>: Employees can unwittingly help hackers gain access to the Enterprise network in several ways. An employee could go to an office supply store and buy an AP for less than $100, install the AP in his office, using default settings of no security, and create a small wireless LAN. This would allow a hacker to gain access to the rest of the Enterprise from the coffee shop across the street. Additionally, if the client does not use encryption, company data going between the legitimate employee client PC and the Enterprise network can be easily copied and understood by attackers outside the building. </li><li><strong>Rogue AP</strong>: The attacker captures packets in the existing wireless LAN, finding the SSID and cracking security keys (if they are used). Then the attacker can set up her own AP, with the same settings, and get the Enterprise's clients to use it. In turn, this can cause the individuals to enter their usernames and passwords, aiding in the next phase of the attacker's plan. </li></ul>To reduce the risk of such attacks, three main types of tools can be used on a WLAN:<br /><ul><li>Mutual authentication </li><li>Encryption </li><li>Intrusion Prevention tools </li></ul></blockquote>Thinking about it, although the above category of threats pertain to Enterprise setting, the first two are applicable even to a SOHO or home user.<br /><br />Interestingly, among the 3 approaches mentioned to reduce the risk of such attacks, Cisco focused most on the Authentication and Encryption tools to address the threat. Only recently they announced <a href="http://newsroom.cisco.com/dlls/2008/prod_052808.html">Adaptive Wireless Intrusion Prevention System</a> as part of their Mobility solution. Looks like so far they thought good Authentication and Encryption would be enough to protect the WLAN from attacks. However, Cisco is accepting the need of Wireless IPS now, something it was seen as denying so far.Andyhttp://www.blogger.com/profile/10752295782220217406noreply@blogger.com0tag:blogger.com,1999:blog-6192385949689324841.post-22163660910100521562008-07-23T00:41:00.000-07:002008-08-13T02:42:39.574-07:00Get your Neighbours InternetI came across this tool which can hack into a WiFi access point in the neighbourhood and get the WEP key. I have not tried the tool myself but consider this an inidcator of the fact that each one of us who use wi-fi connections, whether at home or at work, do need to bother about its security. The tools for hacking are becoming ubiquitous and easier to use by the day.<br /><br />WEP has been a standard for wi-fi security for long. Although it has been replaced by much secure WPA, a large number of WLAN gears still support WEP and is widely used by those who have made investments in them. The inherent weakness in WEP has also been exploited to devise new attacks like <a href="http://www.wi-fiplanet.com/tutorials/article.php/10724_3716241_1">Caffe-Latte attack</a>.<br /><br />I think with such hacking tools being easily available, all wi-fi users must bother about the risks of data security breach even if they use security features provided with the Access Points.Andyhttp://www.blogger.com/profile/10752295782220217406noreply@blogger.com1tag:blogger.com,1999:blog-6192385949689324841.post-48378547001644784062008-07-19T09:48:00.000-07:002008-08-13T02:40:45.001-07:00Configured Newsreel for WLAN Security - part 2This is in continuation of my <a href="http://wifi-security.blogspot.com/2008/07/when-i-configured-my-bolgspot-to.html">previous blog</a> on the 4 Newsreel items I noticed when configuring the blogspot settings. In that blog I talked about the first 2 items.<br /><br />The third item of Newsreel was about a <a href="http://www.businesswire.com/portal/site/google/?ndmViewId=news_view&newsId=20080714005295&newsLang=en">press release</a> from AirMagnet mention that they also received "Positive" rating in Gartner's Marketscope for Wireless LAN Intrusion Prevention Systems. The press release suggests that there are two flavors of security needs - one requiring vulnerability assessments and monitoring of WLANs, and other providing detection and active blocking of potential attacks.<br /><br />As per the press release - <blockquote>According to Gartner’s recent MarketScope, analysts estimate that global revenues in the WLAN intrusion prevention system market grew from $40 million in 2006 to $119 million in 2007 and that it will reach $168 million by year-end 2008. Moreover, “Most enterprises have moved rapidly from trying to keep WLANs out of their organizations to fully embracing them widely across all corporate facilities… So, although the wireless intrusion prevention system (WIPS) market has reached the early mainstream phase, it continues to be a dynamic market where new features are needed with each product release.”</blockquote><br />So Gartner's study confirms that there is indeed a market for WLAN security and is growing with multiple providers - some of them mentioned in the report.<br /><br />The last item of Newsreel was about a <a href="http://www.marketwatch.com/news/story/airdefense-evaluated-leading-analyst-firm/story.aspx?guid=%7BD11D2AF7-A671-4765-8EAA-089CDBCF4915%7D&dist=hppr">press release</a> from AirDefense, they have also received "Positive" rating in the report.<br /><br />As per this press release - <blockquote>According to Gartner's findings, wireless remains a potentially significant vulnerability for enterprises, as a continuing stream of WLAN-based security incidents demonstrate. Gartner expects the WLAN intrusion prevention market to grow to nearly $170 million by year's end.</blockquote><br />From these newsreel items, there is a clear message from Gartner that WLAN security is a growing concern and enterprises are increasingly spending more every year to protect themselves. Earlier enterprises tried to keep wireless away form their premises but now widely using them and also spending on security gear.Andyhttp://www.blogger.com/profile/10752295782220217406noreply@blogger.com0tag:blogger.com,1999:blog-6192385949689324841.post-78830854197674484602008-07-17T10:42:00.000-07:002008-08-13T02:41:47.905-07:00Configured Newsreel for WLAN Security<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgL3_kzNukyG4RWKVj_vC_r5H_auJNYZ-A9TqlEBEih4enjfq0vL3aMh4IKQilh63SNAFxSzDj9D5xy-Qt7-wXti9yVysfpiWPgQfBgmmqZZbvbjFwZB5O0ZofWa2pOEpR8FPUvSwK1MJu0/s1600-h/NewsReel-1.JPG"><img style="float:right; margin:0 0 10px 10px;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgL3_kzNukyG4RWKVj_vC_r5H_auJNYZ-A9TqlEBEih4enjfq0vL3aMh4IKQilh63SNAFxSzDj9D5xy-Qt7-wXti9yVysfpiWPgQfBgmmqZZbvbjFwZB5O0ZofWa2pOEpR8FPUvSwK1MJu0/s200/NewsReel-1.JPG" border="0" alt="" id="BLOGGER_PHOTO_ID_5224045340822111730" /></a><br />When I configured my bolgspot to display Newsreel on 'WLAN Security', here is what I see today. Out of the 4 news items, one is regarding an Exam Guide on CCENT/CCNA and rest are press releases from different companies. Surprisingly, all three companies have their names starting with Air... and all three have their press release mention the same MarketScope on WLAN Intrusion Prevention System from a Leading Analyst Firm. It turns out that this leading analyst firm is Gartner and MarketScope is a report offering "snapshot of a market's direction, maturity and participants".<br /><br />The first item of Newsreel mentions that <a href="http://www.marketwatch.com/news/story/airtight-rated-positive-leading-industry/story.aspx?guid=%7BE9F43A7E-0290-4648-93DB-E557E2E885DF%7D&dist=hppr">AirTight is Rated "Positive"</a> in this report. It seems from this press release that the vendors were evaluated for this report on five criteria -- customer experience, offering strategy, overall viability, marketing execution, product/service. According to the <a href="http://www.airtightnetworks.com/home/news/press-releases/pr/article/123/airtight-rated-positive-in-leading-industry-analyst-firm-marketscope-on-wireless-lan-intrusion-pre.html">press release AirTight</a> has received 'Positive' rating from Gartner for the second time. <br /><br />The press release says- <blockquote>According to the MarketScope report, "Wireless networks remain a potentially significant vulnerability for enterprises, as a continuing stream of WLAN-based security incidents demonstrates. Since the majority of enterprises are now supporting wireless LANs, enterprises need to assure that vulnerability management and intrusion prevention processes are extended to cover wireless networks as well as wired networks. WLAN security monitoring is required to assure that supported WLANs are kept secure and that users do not install their own technology where WLANs (or faster technology, such as 802.11n) are not supported." </blockquote><br />This strengthens my belief that wireless LAN security is required. The above statement mentions the need of security even in the installations where WLANs are not supported. This is more than what I asked for. AirTight has links to the <a href="http://www.airtightnetworks.com/fileadmin/pdf/AirTight_Network_2802.pdf">MarketScope report</a> all over its website. More on the report later.<br /><br />The next item on the Newsreel is a <a href="http://wifi-security.blogspot.com/2008/07/wlan-security-chapter-of-ccna-offical.html">sample chapter</a> from the book CCENT/CCNA ICND1 Exam Guide: Introduction to Wireless LANs from Cisco Press. This chapter has a <a href="http://www.informit.com/articles/article.aspx?p=791594&seqNum=5">section on Wireless LAN Security</a> and table 11-8 on this chapter lists the WLAN vulnerabilities and their solution. Another confirmation for the need of security in WLAN installations.<br /><br />I shall go through the other two items of Newsreel in my <a href="http://wifi-security.blogspot.com/2008/07/configured-newsreel-for-wlan-security.html">next blog</a>.Andyhttp://www.blogger.com/profile/10752295782220217406noreply@blogger.com0tag:blogger.com,1999:blog-6192385949689324841.post-37448421416844720362008-07-16T20:24:00.000-07:002008-07-18T04:05:55.394-07:00Is Wi-Fi security required?It took more time than I would have imagined but my new blog is up and running.<br /><br />A friend of mine, who has recently spent on WLAN Access Points, asked whether he should also spend on Wi-Fi security. Naturally he was less than interested in throwing money on something that is not required. I can call my friend to be tech savvy but I reckon WLAN is a new concept and security is anyways subject matter for experts only.<br /><br />My general sense tells me that one should definitely care for security, no matter what kind of connectivity one has - wired or wireless. Once I begin relying on a connection, I would like to be sure that it is up whenever I need and that nobody hacks into my computer through that connection. Not that I work on NASA projects but I do access my client records and go to sites that have my personal information. What if that information is leaked?<br /><br />I guess the security considerations are different when using wireless as compared to when using wired connection. My friend does not completely agree with me and I am not an expert either. So thought why not start a new blog to learn and share about Wi-Fi Security.Andyhttp://www.blogger.com/profile/10752295782220217406noreply@blogger.com1