Wireless (In)Security Trends in the Enterprise



Similar documents
Windows 7 Virtual Wi-Fi: The Easiest Way to Install a Rogue AP on Your Corporate Network

Don t Let Wireless Detour Your PCI Compliance

Understanding WiFi Security Vulnerabilities and Solutions. Dr. Hemant Chaskar Director of Technology AirTight Networks

WLAN Security Why Your Firewall, VPN, and IEEE i Aren t Enough to Protect Your Network

PCI Wireless Compliance with AirTight WIPS

All You Wanted to Know About WiFi Rogue Access Points

Wireless Vulnerability Assessment: Airport Scanning Report

PCI DSS 3.1 and the Impact on Wi-Fi Security

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

Wireless Vulnerability Assessment Airport Scanning Report Part - II

Closing Wireless Loopholes for PCI Compliance and Security

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

WHITEPAPER. Wireless LAN Security for Healthcare and HIPAA Compliance

Wireless Security Strategies for ac and the Internet of Things

Wireless Vulnerability Assessment For: ABC

Wireless Network Best Practices for General User

Industrial Communication. Securing Industrial Wireless

PCI Solution for Retail: Addressing Compliance and Security Best Practices

9 Simple steps to secure your Wi-Fi Network.

Wireless Local Area Network Deployment and Security Practices

WHITE PAPER. WEP Cloaking for Legacy Encryption Protection

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Wireless Security and Healthcare Going Beyond IEEE i to Truly Ensure HIPAA Compliance

Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been

Wireless Threats To Corporate Security A Presentation for ISACA UK Northern Chapter

Hole196 Vulnerability in WPA2

WIRELESS NETWORKING SECURITY

Security Awareness. Wireless Network Security

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Wireless Security with Cyberoam

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Wireless Security for Mobile Computers

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

Protecting Your Roaming Workforce With Cloud-Based Security

The Hidden Dangers of Public WiFi

WHITE PAPER. Best Practices for Wireless Network Security and Sarbanes-Oxley Compliance


Clean VPN Approach to Secure Remote Access

Potential Security Vulnerabilities of a Wireless Network. Implementation in a Military Healthcare Environment. Jason Meyer. East Carolina University

Attacking Automatic Wireless Network Selection. Dino A. Dai Zovi and Shane A. Macaulay

Ensuring HIPAA Compliance in Healthcare

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business.

Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It

Endpoint Security Management

INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ ITMC TECH TIP ROB COONCE, MARCH 2008

MUNICIPAL WIRELESS NETWORK

SecurityMetrics Vision whitepaper

Top five strategies for combating modern threats Is anti-virus dead?

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Air Marshal. White Paper

A HELPING HAND TO PROTECT YOUR REPUTATION

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Observer Analyzer Provides In-Depth Management

Wi-Fi Client Device Security and Compliance with PCI DSS

Clean VPN Approach to Secure Remote Access for the SMB

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Network Security Best Practices

Zone Labs Integrity Smarter Enterprise Security

BYOD: BRING YOUR OWN DEVICE.

Protecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems

Managing SSL Certificates with Ease

BSc (Hons.) Computer Science with Network Security. Examinations for 2011/ Semester 2

SANS Top 20 Critical Controls for Effective Cyber Defense

10 best practice suggestions for common smartphone threats

How To Secure Your Store Data With Fortinet

WHITE PAPER. Ensuring Compliance with DoD Wireless Policies

Technical Brief. Wireless Intrusion Protection

CSG & Cyberoam Endpoint Data Protection. Ubiquitous USBs - Leaving Millions on the Table

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

Enterprise Computing Solutions

Wi-Fi, Health Care, and HIPAA

2012 Endpoint Security Best Practices Survey

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science

SCADA SYSTEMS AND SECURITY WHITEPAPER

Chapter 3 Safeguarding Your Network

Transcription:

A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2012 AirTight Networks, Inc. All rights reserved.

WiFi is proliferating fast. The convenience of wireless access, low cost, and plug-and-play nature of the technology have been the major drivers for WiFi s popularity among home Internet users. Lately we are also seeing an increasing adoption of WiFi in the enterprise. More and more businesses are rolling out wireless LANs to cut costs and increase productivity. Today all laptops, PDAs, and smartphones have WiFi built in. WiFi hotspots, spanning coffee shops, hotels, airports, or even cities, are mushrooming to meet the growing demand of WiFi Internet access. Ironically, the unlicensed frequency spectrum, low cost, and ease of use the major contributors to WiFi s success are also promoting its reckless use. Like any new technology, WiFi brings with it a unique set of security challenges. The prevailing harden-my-network-perimeter model of enterprise network security is rooted in the common belief that being inside (on an enterprise LAN) is safe and outside (the Internet) is unsafe. This model completely breaks down in presence of wireless. The data and the network are now in the air; the invisible radio waves cannot be confined to a building or behind a firewall, blurring the enterprise network perimeter. A hacker does not need to physically enter a building to bypass the firewall and access an enterprise network. Sitting in the vicinity (e.g., in the parking lot or a coffee shop across the street), the hacker can simply scan the air to discover WiFi vulnerabilities in the network. No special hardware or expertise is needed just a laptop and a WiFi packet sniffing tool available for free on the Internet. A series of high-profile security breaches that exploited WiFi vulnerabilities in recent times reflect a serious lack of awareness among WiFi users as well as network administrators. The TJX debacle largest security breach and identity theft conspiracy in U.S. history is one example of what such ignorance can cost an enterprise. Other recent instances (e.g., terror email incidents in India, cyber extortion in UK) point to unsecured WiFi becoming a safe haven among cyber criminals for its convenience and the ability to remain anonymous. To gain a hacker s eye view of enterprise WiFi networks and understand the common security gaps, AirTight Networks conducted WiFi security scans across business districts and airports worldwide. What we found was alarming! 2012 AirTight Networks, Inc. All rights reserved. 2

Total APs discovered: 3632 Official enterprise WiFi deployments are not properly configured -- The awareness about using WiFi securely is lagging far behind the rate at which it is being deployed. This is reflected in the high percentage of APs being Open (without encryption) or using the flawed Wired Equivalent Privacy (WEP) encryption. Stronger encryption standards such as the WiFi Protected Access (WPA/WPA2) exist. Yet majority of the discovered APs continue to be vulnerable. Here is the distribution of WiFi security settings on APs discovered in six US financial districts (New York, Chicago, Boston, Wilmington, DE, Philadelphia, San Francisco) and London, UK during a WiFi scan study in early 2009. Open and WEP APs serve as wireless backdoors for hackers to enter the enterprise network, access local resources on the LAN, sniff sensitive data traversing the LAN and misuse Internet access without getting detected by firewalls, wired IDS/IPS, and LAN monitoring solutions. Often administrators configure their APs with MAC filtering and disable broadcasting SSID (name of their WiFi network). These measures only give a false sense of security. It is very easy to spoof authorized MAC addresses and to discover SSID of a network by passively sniffing over the air data in the vicinity of the WiFi network. This information is sent in clear text and nothing can stop a hacker from finding it. Presence of home/soho grade WiFi APs in enterprise -- Not only are majority of the APs vulnerable, but we are seeing a growing trend of low cost home APs being used in enterprise environments. Out of the Open/WEP APs discovered in the financial districts, 61% were home/soho APs. Distribution of home and enterprise grade Open/WEP APs In some cases, IT administrators settle for inexpensive home/soho APs to save on costs. These APs are often limited in capabilities (e.g., security, logging) and cannot be managed centrally increasing the chances of lapse in security. However, more often these APs are Rogues connected to enterprise LANs. Rogue APs are unmanaged WiFi APs attached to the corporate network without the knowledge of the administrator. They may be innocently deployed by unwitting employees looking for wireless access, or they could be maliciously placed. Most Rogue APs are unsecured. And it is not difficult to bypass physical security (if any is in place) given how small and inconspicuous (e.g., USB WiFi) many of these APs are. So regardless of whether your business uses or bans WiFi, it is risky to discount the presence of unknown or unmanaged WiFi devices on your enterprise network. 2012 AirTight Networks, Inc. All rights reserved. 3

Mobile workforce is a soft target -- The number of businesses employing a mobile workforce is growing. Mobile users empowered with WiFi laptops, smartphones, and PDAs can unknowingly expose enterprise security even when they are thousands of miles away from their workplace waiting for their flight at the airport, sipping a cup of coffee at their favorite cafe, or accessing the Internet from confines of their hotel room. A WiFi security scan study of over 30 airports worldwide (US, Canada, Europe, and Asia-Pacific) exposed many inadvertent WiFi malpractices among mobile WiFi users. Many users continue to access the Internet over Open WiFi hotspots risking leakage of sensitive data over the air, including their identity. The WiFi manager software usually maintains a list of preferred networks or SSIDs all WiFi networks that a handheld or laptop connected in the past. Unless the unused SSIDs are removed from the list, the WiFi device will continuously broadcast messages in the air searching for those WiFi networks. A hacker can easily set up a fake network with the SSID that a victim device is searching for, and automatically establish a connection. Once a connection is established, the hacker can use a variety of tools to scan the computer for known vulnerabilities and exploit them, possibly gaining access to the hard disk. A hacker can similarly exploit a user s computer by tapping into a Viral WiFi network. Users commonly connect to untrusted WiFi networks, especially with enticing names (SSIDs) such as Free Internet WiFi. On connecting to these SSIDs, commonly called Viral SSIDs, the user does not access the Internet, but instead forms an ad-hoc network (direct computer to computer connection) with nearby WiFi computers. The viral SSID gets added to the user s preferred network list and the user s computer starts advertising itself as a WiFi network with that SSID inviting connections from other users. All this happens without the knowledge of the user. Group of seven computers found to be part of a Viral WiFi network during a five minute scan at a US airport. 2012 AirTight Networks, Inc. All rights reserved. 4

ABOUT AIRTIGHT NETWORKS AirTight Networks is the global leader in wireless security and compliance products and services, providing customers best-of-breed technology to automatically detect, classify, locate and block all current and emerging wireless threats. AirTight offers industry s leading wireless intrusion prevention system (WIPS) and the world s only SaaS based wireless security, compliance and Wi-Fi access branded as AirTight Cloud Services. AirTight s awardwinning solutions are used by customers globally in the financial, government, retail and hospitality, manufacturing, transportation, education, health care, telecom, and technology industries. AirTight owns the seminal patents for wireless intrusion prevention technology with 24 U.S. and international (U.K, Australia, Japan) patents granted, and more than 20 additional patents pending. AirTight Networks is a privately held company based in Mountain View, CA. For more information please visit: www.airtightnetworks.com. Wireless Security Recommendations Use strong encryption (WPA2) and authentication (802.1x based) for your enterprise WiFi network. Conduct periodic WiFi scans to gain visibility into your airspace. Watch out for and get rid of Rogue APs on your network. Use WiFi scanning tools that allow you to automatically detect and physically locate Rogue APs. Use a wireless intrusion prevention system (WIPS) if you need automated 24x7 WiFi scanning and complete proactive protection from all types of wireless misuse and hack attacks. Educate your mobile workforce about endpoint security best practices such as the use of VPN over Open WiFi hotspots. Consider use of an endpoint WiFi security agent for enforcing corporate security policies at work, home, and away. Conclusions WiFi has become a mainstream technology offering great benefits and efficiencies but carrying with it unique security challenges. Unsecured WiFi provides an easy target for hit-and-run style attacks allowing hackers to cause severe damage while remaining invisible and undetected. Ignoring the specific requirements for securing their enterprise network and users against WiFi vulnerabilities, businesses risk loss of confidential data, legal fines and penalties, and brand erosion. By following WiFi security best practices and using the right tools, enterprises can reap the benefits of WiFi while protecting their IT infrastructure from WiFi threats. AirTight and SpectraGuard are registered trade marks of AirTight Networks, Inc. AirTight Networks, AirTight Networks logo, AirTight Cloud Services and AirTight Secure Wi-Fi are trademarks. All other trademarks are the property of their respective owners. Interesting links: http://www.airtightnetworks.com/airport-wifi-study http://www.airtightnetworks.com/finance-wifi-study http://www.airtightnetworks.com/secure-wifi-enterprise http://www.airtightnetworks.com/secure-wifi-home The Global Leader in Secure Wi-Fi Solutions AirTight Networks, Inc. 339 N. Bernardo Avenue #200, Mountain View, CA 94043 T +1.877.424.7844 T 650.961.1111 F 650.961.1169 www.airtightnetworks.com info@airtightnetworks.com 2012 AirTight Networks, Inc. All rights reserved. AirTight Networks and the AirTight Networks logo are trademarks, and AirTight and SpectraGuard are registered trademarks of AirTight Networks, Inc. All other trademarks mentioned herein are properties of their respective owners. Specifications are subject to change without notice.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information