Archive for the ‘Wireless Security’ Tag

Super Tuesday Poll – 802.1X authentication

This was a question that I asked the audience during my presentation at today’s Information Systems Security Association (ISSA) meeting in Phoenix:

Related Posts:


Speaking Engagement *Tomorrow* Feb 17th at ASIS Phoenix

For those of you that are local to Phoenix, I will be speaking about wireless networking and security to the Phoenix Chapter of ASIS (American Society of Industrial Security) tomorrow, February 17th.

The meeting is being held at the University Club:

39 E Monte Vista Rd
Phoenix, AZ

It is a lunch meeting with registration starting at 10:45 am. Lunch and networking are before the presentation, which starts at approximately 12 noon. There will be a Q & A session to follow.

About ASIS:

ASIS International, formerly known as the American Society of Industrial Security, is the preeminent organization for security professionals with more than 36,000 members worldwide. Founded in 1955, ASIS International is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programs that address broad security interests. The ASIS Phoenix, AZ Chapter was chartered in January 1958 and today has over 400 members who are active security professionals and represent over 300 companies throughout Arizona. ASIS International has a long standing relationship with the International Association of Chiefs of Police (IACP), and the National Sheriffs’ Association (NSA).

ASIS International, and its chartered chapters also advocate the role and value of the security management profession to business, the media, government entities and the public. It provides members and the security community with access to a full range of certification programs and services, and publishing the industry’s number one magazine Security Management. ASIS leads the way for advanced and improved security performance and is the first of its kind to be awarded the Safety Act Designation from the U.S. Department of Homeland Security.

The ASIS International website is:

The Phoenix Chapter website is:

Personal Pre-Shared Keys (PPSKs) – Super Tuesday Poll

Related Posts:

Do You Squidoo?

squidoo-logoI recently created a web page (called a “lens”) on Squidoo.  Squidoo allows people to create a lens on what they are passionate about.  Therefore, my Squidoo lens is on Wireless Networking & Security!

Squidoo was a site that was, in-part, created by Seth Godin (the author).  I also have Seth’s Blog in my blogroll on the left-hand side of 

I don’t want to spoil the actual content, but I will give you a few clues as to what’s on my lens – text modules, YouTube videos, ties to Twitter streams, links to some of my favorite books on Amazon, etc.  Go see for yourself!  

You can check out my Squidoo lens at


Don’t forget to find my other cross-linked content: 

My LinkedIn profile –

My Twitter stream –

Caution! Zombies Ahead!

This is a great short article posted by the Dallas Morning News earlier this week.

It talks about hackers breaking into a road sign (also referred to as a DMS – dynamic message sign) and changing the content to warn motorists about the end of the world, zombies, etc.

I have worked on several projects for different transportation organizations.  What you might not know is that many of these signs have wireless transceivers so the message can be changed remotely (such as from a traffic management center).   It is common for intersections to be networked together and tied back to the department of transportation network through wireless devices.  Beyond DMS, other applications include traffic signal control, video detection systems (which superseded ground loops and change the signal when there are waiting vehicles), and pan-tilt-zoom cameras.

The hackers in this case physically broke the lock on the road sign before gaining access and changing the message.  With the introduction of wireless technology, this could have been done without physical access.  Also, while this particular event did not cause any real damage, attacks on similar systems such as those that control the traffic signal timing could have more serious impact.

My basic recommendations for wireless systems attached to transportation systems:

  • Conduct a business impact analysis of the specific systems utilizing wireless technology to determine the threats specific to your system and the controls that you are going to institute
  • Develop a set of wireless security policies and procedures to address both the business and technical requirements of the organization
  • Change default parameters such as admin username/password, SSIDs, and SNMP community strings
  • Employ strong encryption and authentication mechanisms
  • Review the security posture of your wired infrastructure as it relates to the additional risk imposed by wireless – i.e. do firewall rule sets, ACLs, or IDS signatures need to be modified?
  • Conduct regular security assessments / pen tests (and make them part of your annual audit program)