WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

Similar documents
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

PCI Wireless Compliance with AirTight WIPS

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

WHITEPAPER. Wireless LAN Security for Healthcare and HIPAA Compliance

How To Secure Your Store Data With Fortinet

Closing Wireless Loopholes for PCI Compliance and Security

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

How To Protect A Wireless Lan From A Rogue Access Point

WHITE PAPER. Wireless Security: Ensuring Compliance with HIPAA, PCI, GLBA, SOX, DoD & Enterprise Policy

The following chart provides the breakdown of exam as to the weight of each section of the exam.

WHITE PAPER. PCI Wireless Compliance Demystified Best Practices for Retail

Wireless Security and Healthcare Going Beyond IEEE i to Truly Ensure HIPAA Compliance

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

WHITE PAPER. WEP Cloaking for Legacy Encryption Protection

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Ensuring HIPAA Compliance in Healthcare

PCI Solution for Retail: Addressing Compliance and Security Best Practices

Wireless Security with Cyberoam

Wi-Fi Client Device Security and Compliance with PCI DSS

Protecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems

Payment Card Industry (PCI) Data Security Standard

Wireless Security for Mobile Computers

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

Best Practices for Outdoor Wireless Security

Security Awareness. Wireless Network Security

Don t Let Wireless Detour Your PCI Compliance

PCI v2.0 Compliance for Wireless LAN

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management

PCI DSS 3.1 and the Impact on Wi-Fi Security

The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:

Understanding WiFi Security Vulnerabilities and Solutions. Dr. Hemant Chaskar Director of Technology AirTight Networks

Industrial Communication. Securing Industrial Wireless

Windows 7 Virtual Wi-Fi: The Easiest Way to Install a Rogue AP on Your Corporate Network

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Ensuring HIPAA Compliance in Healthcare

Deploying Firewalls Throughout Your Organization

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

PCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com

Cisco Unified Wireless Network Solution Positioning for the New PCI DSS Wireless Guideline

Link Layer and Network Layer Security for Wireless Networks

9 Simple steps to secure your Wi-Fi Network.

WLAN Security Why Your Firewall, VPN, and IEEE i Aren t Enough to Protect Your Network

1.1 Demonstrate how to recognize, perform, and prevent the following types of attacks, and discuss their impact on the organization:

Enterprise A Closer Look at Wireless Intrusion Detection:

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Case Study: Fast Food Security Breach (Multiple Locations)

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

The Business Case for Security Information Management

Link Layer and Network Layer Security for Wireless Networks

PCI Security Scan Procedures. Version 1.0 December 2004

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business.

How To Secure Wireless Networks

Motorola SMART Branch. Easy, cost-effective n wireless networking for branch offices

Network Instruments white paper

Wireless (In)Security Trends in the Enterprise

Technical Brief. Wireless Intrusion Protection

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.

Certified Wireless Security Professional (CWSP) Course Overview

Best Practices for Securing Your Enterprise Wireless Network

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011

All You Wanted to Know About WiFi Rogue Access Points

A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model

Observer Analyzer Provides In-Depth Management

Global Partner Management Notice

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

WHITE PAPER. Best Practices for Wireless Network Security and Sarbanes-Oxley Compliance

HughesNet Broadband VPN End-to-End Security Using the Cisco 87x

SecurityMetrics Vision whitepaper

March

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

Wireless Network Security

Teradata and Protegrity High-Value Protection for High-Value Data

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

Using Skybox Solutions to Achieve PCI Compliance

Introduction. Course Description

Transcription:

WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks

The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions. The introduction of wireless technologies has created a new category of entry point circumventing traditional security components. Many recently publicized data breaches in the retail industry have exploited wireless vulnerabilities. Attackers have been able to access sensitive applications and databases regardless of security systems such as firewalls and VPNs. Wireless intrusion prevention is required to thwart wireless attacks and provides the least costly method of adhering to the PCI DSS wireless security requirements.

Retailers have used wireless technology to drive business efficiencies for over twenty years. Recently, sophisticated thieves have recognized that these wireless deployments offer the perfect entry point into the network allowing them to access and steal valuable customer information. Many retailers continue to rely only on traditional security systems such as firewalls, VPNs, and/or network segmentation to secure their networks. This paper provides a brief overview of some of the most important threats that wireless presents to retail network security and illustrates how traditional defenses such as firewalls and VPNs are just not enough. 1. Rogue Access Points A rogue access point (AP) is an unauthorized wireless device physically connected to the wired network. A rogue AP can be installed by a careless employee/contractor or a malicious attacker. It is important to realize that rogues can show up on any network segment. Even if POS devices are on a separate network segment, rogue APs can be connected to these networks. Rogue APs provide attackers with unrestricted access. They allow the attacker to hack internal servers just as if they were connected to an internal Ethernet port. Rogue APs can be installed on any network, including POS networks that have been intentionally segmented from wireless networks Rogue APs can be installed in networks that specifically prohibit wireless device PCI compliance requires quarterly scanning for rogue devices at the very least. Using laptop based sniffers at each location quickly becomes an expensive and untenable solution for large retailers. This can leave networks vulnerable for months before rogues are detected. (See chart on next page.) Figure 1: Wireless Security Issues in Retail 3 WHITE PAPER: The Need for Wireless Intrusion Prevention in Retail Networks

2. Identity Theft A hacker can masquerade as an authorized wireless device and connect to an authorized AP. Once on the network, all the rogue AP scenarios previously discussed are applicable. MAC address based filters are useless since wireless MAC addresses are broadcast and hackers can easily change the MAC address of their device to match that of an authorized device. WEP encryption can be cracked in a few minutes. Once hackers have the WEP key they have unrestricted access to the network allowing them to attack internal servers and applications. WPA Pre-Shared Key is easy to implement and does not have the vulnerabilities of WEP; however, one common key is used between many devices. Hackers have been known to steal portable data terminals or use social engineering to obtain the pre-shared key. Once the key is stolen, the entire network is vulnerable until administrators manually change the key at every AP and every portable data terminal. Some retailers have considered requiring the use of a VPN on every wireless device. This method is not scalable and is difficult to manage. Existing portable data terminals rarely have VPN client software installed; VPN client software is not even available for many of the most popular portable data terminals. Most wireless deployments are moving away from VPN technology due to these limitations. Firewalls cannot prevent an attacker that has gained access to the wireless network from attacking internal servers. Firewalls require that ports be opened to allow applications to operate in the store. An attacker that gains access to the wireless LAN can use any of the hundreds of available methods to break into the applications provided on your internal network. Visa recently identified the top five security threats to retailers; four of them rely on application vulnerabilities that are not thwarted by firewalls. 4 WHITE PAPER: The Need for Wireless Intrusion Prevention in Retail Networks

3. Non-Compliant Access Points Wireless APs are frequently misconfigured. According to Gartner, a majority of all wireless security incidents will happen as a result of misconfigured devices. Misconfigurations happen for a variety of reasons including human error and bugs in AP management software. A misconfigured AP in a store or distribution center can be detected and exploited by a hacker to gain access to the network allowing them to attack internal servers and applications. It is important to constantly audit your wireless network against established policy. Firewalls provide no visibility into the configuration of wireless devices. As an example, if an authorized AP is inadvertently or maliciously reset to default settings, firewalls cannot detect the vulnerability. WLAN APs and infrastructure contain wellknown vulnerabilities that can result in information disclosure, privilege escalation, and unauthorized access through fixed authentication credentials 4. Denial of Service Hackers can easily perform wireless denial of service (DoS) attacks preventing devices from operating properly and stopping critical business operations. Wireless DoS attacks can cripple a distribution center or store despite the best security standards like WPA2. Firewalls and VPNs cannot detect wireless DoS attacks. About Motorola AirDefense Solutions Motorola offers a comprehensive portfolio of wireless LAN (WLAN) infrastructure solutions designed to enable the truly wireless enterprise, regardless of the size of your business from large enterprises with locations all over the world to branch offices and small businesses. Delivering Internet protocol (IP) coverage to virtually all spaces both indoors and outdoors, Motorola s innovative wireless enterprise portfolio includes fixed broadband, mesh, enterprise WLAN and Motorola AirDefense wireless security solutions. With time-proven resiliency, security and performance equal to or greater than that of a wired network, Motorola s solutions substantially reduce network deployment and maintenance costs, and ensure the availability of cost-effective wireless connectivity in every corner of the enterprise. The result is the truly wireless enterprise offering full mobility at a fraction of the cost of a traditional wired network. For more information visit us on the web at www.motorola.com/ airdefense or www.motorola.com/enterprise. Hackers can insert malicious multicast or broadcast frames via wireless APs that can wreak havoc on the internal network. These are Layer 2 attacks which cannot be detected by Layer 3 based firewall and VPNs. Conclusion Wireless introduces vulnerabilities in retail networks that traditional firewalls and VPN based solutions cannot address. Rogue APs allow attackers unfettered access to the internal network. The quarterly scans required by PCI DSS are too costly to implement without a wireless IPS. A wireless IPS can eliminate rogue APs, detect and prevent identity theft, monitor for AP misconfigurations, and mitigate wireless denial of service attacks. Wireless IPS provides protection against sophisticated wireless attackers, costs less to implement than quarterly scanning, and mitigates wireless vulnerabilities where firewalls and VPNs cannot. 5 WHITE PAPER: The Need for Wireless Intrusion Prevention in Retail Networks

motorola.com Part number WP-WIPSRETAIL. Printed in USA 09/09. MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. Motorola, Inc. 2009. All rights reserved. For system, product or services availability and specific information within your country, please contact your local Motorola office or Business Partner. Specifications are subject to change without notice.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information