Archive for the ‘WIDS / WIPS’ Category

Just a Reminder….

I am giving away a FREE copy of “Wireless Hacking Exposed”.  All you have to do is submit a comment to the post about the book stating your favorite wireless pen testing tip or trick.  Technical or non-technical.

I am going to choose the best comment at the close of business tomorrow (July 1st).  There are only two submissions right now, so if you enter with less than 24 hours left, I’d say that you have a decent chance of winning.  🙂

Here are even a few ideas to get you started:

  • What’s your favorite wireless card for pen testing?  Why?
  • What’s the best application / piece of software for wireless pen testing?  Why?
  • What a common myth about wireless security that you can dispel through pen testing?
  • Tell me about your favorite pen testing experience.  (Mine is below….)

Personally, my favorite part of wireless pen testing is social engineering.  For example, one time I was assigned to do a security assessment for an oil & gas company.  I targeted the IT department of the company, figuring the report would hit home if it contained *their* passwords, sensitive data, etc.

The IT department of this company was on the 5th and 6th floors of a multistory building.  Part of the social engineering I utilized was implemented when I checked into my hotel for the project.  You see, the hotel I checked into was in a building adjacent to my customer / target.  When I checked in, I specifically requested a room on the side of the building closest to “ABC Company”, that had a balcony, and was on either the 5th or 6th floor.  Do you think the hotel clerk hesitated one second before they fulfilled my request?  Of course not.

On top of that, when I checked into my room, I set up 2 different computers, each with multiple wireless cards, spectrum analyzers, and external antenna connected to them.  Even to the point where I had a tripod mounted -13.5 dB Yagi antenna with a laser pointer on the balcony pointed at my customer / target company.  The maids came in and out of my room, and if anyone ever said anything, it certainly wasn’t filtered back to me.

Could I still have done the pen test without this?  Yes.  But did having this location make it more convenient to collect packets, circumvent authentication & encryption, redirect/attack wireless clients, etc.?  Of course it did.

Xirrus Introduces Advanced RF Security Manager (RSM) for 802.11n Networks

Intelligent Security at the Network Edge Minimizes Risk in Wi-Fi Networks

Thousand Oaks, CA – Xirrus, Inc., the only Wi-Fi “Power-Play” in the industry, announced today its advanced RF Security Manager (RSM) for improving security and minimizing the risk in deploying 802.11n wireless networks. Leveraging an integrated 24/7 threat sensor and hardware-based encryption/decryption in each Array, RSM secures the Wi-Fi network from multiple types of threats. The result delivers uncompromised overall network security with greater flexibility and performance compared to traditional centralized Wi-Fi networks.

Today’s Wi-Fi networks face a number of potential security threats in the form of rogue access points, ad-hoc clients, unauthorized clients, wireless-based attacks, eavesdropping, etc. As 802.11n continues its increased adoption in enterprise networks, the importance of defending against these threats is becoming more critical.

The Xirrus Wi-Fi Array enables the efficient deployment of high performance, maximum security 802.11n networks with a multi-radio design that integrates a dedicated 24/7 threat sensor. With this threat sensor radio scanning all channels in the 2.4GHz and 5GHz spectrums, RSM searches for security threats and automatically mitigates them. Traditional Wi-Fi solutions must time-slice a user servicing radio with the security scan function, compromising the performance of the wireless users and the effectiveness of the security scan.

High performance encryption/decryption in the enterprise Wi-Fi network is a MUST. The Wi-Fi network needs to support each client using the highest level of encryption (WPA2 Enterprise/128 bit AES) and without degrading the overall performance of the network. The Xirrus Wi-Fi Array incorporates hardware-based encryption/decryption into each Array, delivering line-rate encryption at the edge of the network instead of at a choke point within the centralized controller of traditional Wi-Fi solutions.

“RSM provides a simple, scalable security solution that enables any organization to proactively mitigate wireless threats, enforce enterprise policies, and prevent performance problems. It offers the visibility and control over the wireless airspace needed to enable an enterprise to reliably deliver the same standards of security performance and compliance for their wireless networks that they expect from their wired networks,” said Dirk Gates, founder and CEO of Xirrus.

The RSM (RF Security Manager) package includes:

• Wireless IDS/IPS

• Wireless stateful firewall

• Line-rate encryption/decryption

• Security alerts and logging

• User group policies

• Authenticated guest access gateway

• NAC integration

• PCI audit compliance enforcement

RSM is part of a family of functionality packages for the Xirrus Wi-Fi Array, which also includes the RF Performance Manager (RPM) and RF Analysis Manager (RAM). RSM is available now in the Xirrus ArrayOS 4.0.6 software release.

Sign up for your free site survey by visiting us at http://www.xirrus.com/sitesurvey or by calling 800-947-7871.

Super Tuesday – Wireless IDS/IPS Question#2

Related Posts:

Importance of WIDS/WIPS (Wi-Fi Masterminds)

This is the first in a series of posts that I am dubbing “Wi-Fi Masterminds” (TM). I will ask questions to a series of panelists and they will answer in round-robin fashion, where they can answer the question as well as respond to others.

If you have ever seen the show “Around the Horn” on ESPN, that is the type of interaction I am looking for.

I am planning on a pool of 6-8 masterminds, bit will limit each question to a panel of three members. I will try to minimize my own involvement in the questions to only provide structure where needed or correct any factual errors.

Without further delay, let’s meet today’s panelists, shall we?  They are… 

jennifer Jennifer Huber CCNP, RFID+, CWNE #51  @jenniferlucille  — Jennifer has over 8 years of  experience in the networking and wireless engineering industry. She has a solid background in  supporting, designing, deploying, and troubleshooting 802.11a/b/g/n Enterprise wireless    installations, as well as the ability to take complex information and explain problems and solutions in  terms that are easily understood. 

keith Keith R. Parsons, CWNE #3:  – @keithparsons   http://WLANiconoclast.blogspot.com — A gifted  presenter, Keith is known for his wit and broad technical expertise. He holds over 50 technical  certifications and has earned an MBA from the Marriott School of Management. He is author (or editor) of a  dozen technical publications and has developed seven technical certification programs. He travels  throughout North America, Europe, Africa, Asia and Australia in behalf of a wide variety of IT vendors,  explaining networking technology to industry professionals.

joel Joel Barrett, CWNP#6: @joelbarrett  —  Joel Barrett is a senior-level wireless networking architect  with Cisco Systems. Joel consults primarily with large enterprise customers concerning complex  wireless deployments. He is an author of wireless industry books and lexicographer for “The Official  CWNP Dictionary of Wireless Terms and Acronyms”.

 

I asked the panelist the following questions:

How important do you think wireless IDS/IPS functionality is in an enterprise WLAN?  What do you think are important features of wireless IDS/IPS systems? 

Here is what they had to say… 

Jennifer:  The need for robust IDS/IPS alerting is essential in enterprise WLANs used in environments where the security of WLAN data is of import, or may be required by law.  Generating a baseline of WLAN usage, and implementing periodic auditing could mitigate the impact of a data breach, or prevent a repeat of the 2007 T. J. Maxx data theft incident.  Implementing a WIPS/WIDS system is usually one of many steps toward HIPAA or PCI compliance.  The ability of the WIPS/WIDS system to determine if a rogue AP is connected to the enterprise network is especially beneficial when determining the real threat of the rogue device.

Keith:  I agree with Jennifer’s initial description of the value of a wireless IDS/IPS system. I too have noticed the initial value of a WIDS is in the area of security. Being able to configure the correct security alarms for the intrusions your company cares about is paramount. A WIDS straight out of the box will give hundreds, if not thousands of alarms. The first step should be to correctly choose and configure the alarms your firm cares about tracking. Then build the proper response to those alarm triggers, i.e. document the remediation process for each alarm. As you clear each alarm category, then slowly add more alarms to the WIDS system until you get to where your firm wants to be. 

In my clients, they purchase a WIDS for security – but then received the best ROI based on the performance alarms and learning to better adapt the performance characteristics of their Wireless LAN – thus getting double, triple or higher throughput increases. Yes, the security is important, but a great WIDS/WIPS should also help you to troubleshoot and ‘tweak’ your Wireless LAN as well.

Joel: Wireless IDS/IPS is important because, for any establishment that accepts credit cards, PCI DSS compliance requires it. Customers who don’t accept credit cards should still implement WIDS/WIPS so they are aware of security threats and can take steps to reduce or eliminate rogue devices. In my opinion, it is more important to do continual monitoring rather than just periodic monitoring, as required by PCI DSS.

The most important feature, after detecting rogues, is the ability to produce meaningful reports so that management can understand what needs to be done to properly, quickly, and legally deal with those rogue devices.

What do YOU think?  Let our panel know by submitting a comment! 

Related Posts: 

Price of Wireless IDS/IPS

I realize that it has been almost a week since I posted new content on WiFiJedi.com  – don’t despair!   Over the last week, I wrote two guest posts for other notable blogs.  

Last Wednesday, I made another post to my Computerworld blog (“Cautiously Cutting the Cord”) entitled “RSA Inspired Thoughts on Wireless Security”.  The post spoke about different Wireless Intrusion Detection System (WIDS) designs.  I just started blogging for Computerworld last month and that is my third post – please visit those posts, Digg them (if you think they are worthy), and comment – I love the conversations generated by comments! 

Last Thursday, I wrote a blog post on CWNP.com addressing pricing concerns of 802.11n networks.  The article had sections outlining the costs and benefits of 802.11n networks.  It even had a section titled “WWWBD? (What Would Warren Buffett Do?).  

I was actually going to summarize these posts on WiFiJedi.com over the weekend, but I ran into a technical difficulty. I originally typed out this post using the WordPress application for my iPhone while on a flight from Phoenix to Seattle. Since I was on a flight, I had to save it in the “local drafts” folder of the iPhone app.  However, when I went back to publish the post, the information wasn’t there! I Googled the issue, and found out that this was a known (and fairly common) issue with the iPhone application for WordPress.  The recommended “fix” was to uninstall and reinstall the application. While this method didn’t allow me to recover the data I had already drafted, it did seem to remedy the issue.  Just to be sure, I wrote a test post, saved it to the local drafts, and came back later and pushed it to the WordPress website.

Lastly, if you can’t get enough discussion of RSA, WIDS/WIPS, and Pricing, you can check out Joanie Wexler’s Network World article on “How intrusion prevention costs compare”.  Happy reading!