Archive for the ‘Wireless Security’ Category

Super Tuesday – Wireless IDS/IPS Question#2

Related Posts:

Advertisements

Importance of WIDS/WIPS (Wi-Fi Masterminds)

This is the first in a series of posts that I am dubbing “Wi-Fi Masterminds” (TM). I will ask questions to a series of panelists and they will answer in round-robin fashion, where they can answer the question as well as respond to others.

If you have ever seen the show “Around the Horn” on ESPN, that is the type of interaction I am looking for.

I am planning on a pool of 6-8 masterminds, bit will limit each question to a panel of three members. I will try to minimize my own involvement in the questions to only provide structure where needed or correct any factual errors.

Without further delay, let’s meet today’s panelists, shall we?  They are… 

jennifer Jennifer Huber CCNP, RFID+, CWNE #51  @jenniferlucille  — Jennifer has over 8 years of  experience in the networking and wireless engineering industry. She has a solid background in  supporting, designing, deploying, and troubleshooting 802.11a/b/g/n Enterprise wireless    installations, as well as the ability to take complex information and explain problems and solutions in  terms that are easily understood. 

keith Keith R. Parsons, CWNE #3:  – @keithparsons   http://WLANiconoclast.blogspot.com — A gifted  presenter, Keith is known for his wit and broad technical expertise. He holds over 50 technical  certifications and has earned an MBA from the Marriott School of Management. He is author (or editor) of a  dozen technical publications and has developed seven technical certification programs. He travels  throughout North America, Europe, Africa, Asia and Australia in behalf of a wide variety of IT vendors,  explaining networking technology to industry professionals.

joel Joel Barrett, CWNP#6: @joelbarrett  —  Joel Barrett is a senior-level wireless networking architect  with Cisco Systems. Joel consults primarily with large enterprise customers concerning complex  wireless deployments. He is an author of wireless industry books and lexicographer for “The Official  CWNP Dictionary of Wireless Terms and Acronyms”.

 

I asked the panelist the following questions:

How important do you think wireless IDS/IPS functionality is in an enterprise WLAN?  What do you think are important features of wireless IDS/IPS systems? 

Here is what they had to say… 

Jennifer:  The need for robust IDS/IPS alerting is essential in enterprise WLANs used in environments where the security of WLAN data is of import, or may be required by law.  Generating a baseline of WLAN usage, and implementing periodic auditing could mitigate the impact of a data breach, or prevent a repeat of the 2007 T. J. Maxx data theft incident.  Implementing a WIPS/WIDS system is usually one of many steps toward HIPAA or PCI compliance.  The ability of the WIPS/WIDS system to determine if a rogue AP is connected to the enterprise network is especially beneficial when determining the real threat of the rogue device.

Keith:  I agree with Jennifer’s initial description of the value of a wireless IDS/IPS system. I too have noticed the initial value of a WIDS is in the area of security. Being able to configure the correct security alarms for the intrusions your company cares about is paramount. A WIDS straight out of the box will give hundreds, if not thousands of alarms. The first step should be to correctly choose and configure the alarms your firm cares about tracking. Then build the proper response to those alarm triggers, i.e. document the remediation process for each alarm. As you clear each alarm category, then slowly add more alarms to the WIDS system until you get to where your firm wants to be. 

In my clients, they purchase a WIDS for security – but then received the best ROI based on the performance alarms and learning to better adapt the performance characteristics of their Wireless LAN – thus getting double, triple or higher throughput increases. Yes, the security is important, but a great WIDS/WIPS should also help you to troubleshoot and ‘tweak’ your Wireless LAN as well.

Joel: Wireless IDS/IPS is important because, for any establishment that accepts credit cards, PCI DSS compliance requires it. Customers who don’t accept credit cards should still implement WIDS/WIPS so they are aware of security threats and can take steps to reduce or eliminate rogue devices. In my opinion, it is more important to do continual monitoring rather than just periodic monitoring, as required by PCI DSS.

The most important feature, after detecting rogues, is the ability to produce meaningful reports so that management can understand what needs to be done to properly, quickly, and legally deal with those rogue devices.

What do YOU think?  Let our panel know by submitting a comment! 

Related Posts: 

Wi-Fi Masterminds

I am starting a new series here called “Wi-Fi Masterminds” (TM).

I will ask questions to a series of panelists and they will answer in round-robin fashion, where they can answer the question as well as respond to others.

If you have ever seen the show “Around the Horn” on ESPN, that is the type of interaction I am looking for.

I am planning on a pool of 6-8 masterminds, bit will limit each question to a panel of three members. I will try to minimize my own involvement in the questions to only provide structure where needed or correct any factual errors.

I am drawing the masterminds from several different wireless vendors & VARs as all as individual consultancies. I would like to keep the discussion as vendor neutral as possible. I understand that it may be necessary to refer to vendor specifics from time to time, but have asked all panelists to be respectful of other vendor viewpoints.

My first question is about wireless IDS/IPS systems and is meant to piggyback off of recent content I published here as well as on my Computerworld blog.

Feel free to suggest future topics and/or volunteer as a panelist. When the first post is published (hopefully in the next day or two), let our panel know what you think by submitting a comment of your own.

Super Tuesday Poll – Wireless IDS/IPS

Related Posts:

Back|Track 4 Beta Public Release

While I don’t do it nearly as much as I used to, Wireless Security Assessments and Penetration Testing are favorite activities of mine.  When I first started learning, I took a course by The Shmoo Group’s Beetle (Don Baily) at DallasCON as well as one of the first versions of the SANS “Wireless Ethical Hacking, Pen Tests, and Defenses” (which was then called “Assessing and Securing Wireless Networks”).  The SANS course was taught by Joshua Wright.  In both of these courses, we used a Linux distro called “Auditor”.  The Auditor security collection was the pre-cursor to Back|Track, and it contained many of the more popular tools for wireless assessments to include Kismet, Aircrack, and others.

At any rate, Back|Track has now grown to over 300 tools, to include CoWPAtty (to crack WPA-PSKs), Karma & Hotspotter (to attack client side vulnernabilities), and CarWhisperer & Red Fang (which address Bluetooth).  The newest beta version, Back|Track 4, has just been released to the public today.  I suggest you view the Back|Track 4 blog posting, which contains links to download the .iso file.

A quick word to the wise – the difference between an Ethical Hacker and a criminal is permission.  Be sure you have written permission before you assess any organization with these tools.  That being said, happy hacking!

Caution! Zombies Ahead!

This is a great short article posted by the Dallas Morning News earlier this week.

http://www.dallasnews.com/sharedcontent/dws/news/localnews/stories/013009dnmetzombies.1595f453.html

It talks about hackers breaking into a road sign (also referred to as a DMS – dynamic message sign) and changing the content to warn motorists about the end of the world, zombies, etc.

I have worked on several projects for different transportation organizations.  What you might not know is that many of these signs have wireless transceivers so the message can be changed remotely (such as from a traffic management center).   It is common for intersections to be networked together and tied back to the department of transportation network through wireless devices.  Beyond DMS, other applications include traffic signal control, video detection systems (which superseded ground loops and change the signal when there are waiting vehicles), and pan-tilt-zoom cameras.

The hackers in this case physically broke the lock on the road sign before gaining access and changing the message.  With the introduction of wireless technology, this could have been done without physical access.  Also, while this particular event did not cause any real damage, attacks on similar systems such as those that control the traffic signal timing could have more serious impact.

My basic recommendations for wireless systems attached to transportation systems:

  • Conduct a business impact analysis of the specific systems utilizing wireless technology to determine the threats specific to your system and the controls that you are going to institute
  • Develop a set of wireless security policies and procedures to address both the business and technical requirements of the organization
  • Change default parameters such as admin username/password, SSIDs, and SNMP community strings
  • Employ strong encryption and authentication mechanisms
  • Review the security posture of your wired infrastructure as it relates to the additional risk imposed by wireless – i.e. do firewall rule sets, ACLs, or IDS signatures need to be modified?
  • Conduct regular security assessments / pen tests (and make them part of your annual audit program)
Advertisements