In a poor economy condition, layoffs, downsizing and low morale brings worst out of a trusted insiders as more and more IT professionals admitting they’re tempted to abuse their access privileges looking to profit off of proprietary intellectual property, trade secrets, human resource databases and any other sensitive information, according to a survey report published on darkreading.com.
It’s not that security administrators are not taking right measures to minimize newly emerged security risks from trusted insiders. Traditional way to stop data theft by improving physical security, disabling access to media drives, CD, USB or applying controls on the network side e.g. email filtering for attachments or access to limited Internet sites are definitely necessary actions to take but these are not sufficient to reduce the data security risk in today’s world.
With the proliferation of different wireless technology (e.g. GSM/GPRS, Bluetooth, WiFi, WiMax), human interactions with electronic gadgets, to share data, music, videos etc. has completely changed. Now all these contents are shared over wireless medium.
In fact WiFi has become the most popular wireless technology for local area data network and hence most of the modern mobile gadgets have inbuilt support for this technology. The technology also offers a very good range. Low deployment cost involved in it has made it an optimal choice especially for enterprises, to roll out corporate LAN in a most favorable time.
But there are some caveats for those who use this technology and those who don’t. WiFi medium can be a weakest security link for your enterprise and may remain invisible to you forever if you have not implemented right controls to manage WiFi enabled devices. Having the strongest authentication or encryption configuration possible in place for the corporate WiFi network is not enough to guarantee security of the network or the data that resides on the network.
The WiFi threats
Here are the top three WiFi threats we must know:
1. Presence of rogue, mis-configured or unmanaged WiFi gears
Presence of any rogue, mis-configured or unmanaged access points on corporate network may open a backdoor entry for an unauthorized or a malicious user and leave the network vulnerable. Such devices come into existence onto corporate network mostly by a trusted employee who sets up his own private WLAN.
2. Backdoor entry through WiFi enabled client machines
WiFi enabled clients can also serve as a point to access corporate network. Such backdoor can easily be created by a trusted insider on any WiFi enabled machine by simply creating a bridge interface on top of wired and wireless interface. An unauthorized user can establish peer to peer or adhoc mode connection with a trusted client machine from outside the building and have all data transferred on his machine.
3. RF spillage from neighbor’s networks
RF spillage from neighboring open WiFi networks e.g. a cyber caffe or WiFi Internet service provider can defeat the purpose of a corporate firewall or built-in access controls which are implemented to protect leakage of corporate data or sensitive information through Internet.
The solution
Presence of above mentioned threats can only be discovered if we monitor the airspace. Hence, there is a need to continuously monitor the airspace in and out of a corporate building, 24/7 and 365 days. Believing that legacy wired network monitoring systems or tools can also monitor wireless devices is a big misapprehension. In a wired network, all devices are physically connected to the network with the help of a copper cable. While in a wireless network, devices connect and communicate in the air with the help of radio frequency (RF) and hence monitoring such devices requires a system which can understand RF communication.
In a technical terminology such systems are known as Wireless Intrusion Detection and Prevention Systems (WIPS). In the absence of such systems, it is impossible to visualize the presence of WiFi enabled devices especially clients or data exchange done by these clients. Hence, threats arising from WiFi may remain invisible forever.
The conclusion
So the conclusion is that in a looming economic condition, corporate data and sensitive information residing on the network demands for more tightened security, which means, ensuring that corporate policies are effectively enforced and corporate networks, authorized client devices, and wireless medium are properly monitored round the clock. This is only possible if enterprises have successfully implemented right controls to manage the risk that is inherent with their employee’s use of wireless technology.
Saturday, June 27, 2009
No Privacy Ensured in WPA/WPA2-PSK Protocol: Choose Your WLAN Security Circumspectly
In a wired network environment, it is not possible to see others communication by passively monitoring the wired interface. Which means you can not really snoop into someone’s IM chat or email or browsing activity. But what’s about wireless network. Is your wired network’s privacy guaranteed over wireless? If you have just learnt about the weaknesses of an Open or WEP enabled WiFi networks and planning to upgrade to WPA/WPA2, hold on for a while. Privacy is also not guaranteed in a WPA/WPA2-PSK protocol.
WiFi is one of the popular wireless technologies widely adopted as local area networking protocol today. But there is some security issues associated with it and hence its implications should be understood well in advance before use. For example unguided medium is used for transmission, which means, any communication of an Open WiFi network can be seen from hundreds of meters away from the network. WEP configuration does no better than Open AP as the encryption technique is known to be broken and does not provide security cover for more than few minutes if attacked.
WPA and WPA2 are two other more robust WiFi security configurations than WEP and support two different authentication mechanisms (i) IEEE 802.1x authentication framework (ii) Pre Shared Key or PSK. IEEE 802.1x based configuration is known as
There are few attacks known to exist against WPA-WPA2-PSK mode configuration. For example dictionary attack is known to be effective against WPA/WPA2-PSK or Personal mode networks; it can be easily circumvented by prudently choosing “Passphrase” of more than 8 characters and a mix of special characters and alphabets. Recent attack on “TKIP” which is one of the WPA/WPA2 supported encryption techniques, can be mitigated by reducing re-keying interval or by changing underlying encryption technique to AES (advanced encrypted system).
The key point here is that the known attacks from a malicious outsider against WPA or WPA2-PSK based networks can be fixed but the protocol is also found to suffer from an insider threat. In an enterprise environment, where WiFi enabled devices are configured with single key, there is a very high likelihood of this secret key getting shared among trusted users and finally becoming public. Once this happens, the privacy of an authorized user is lost. Any malicious user present inside the network can capture wireless traffic and decode it with the help of single shared key. There are tools freely available on Internet which can be used to decode frames e.g. Wireshark Protocol Analyzer. More technical details can be found at:
http://wiki.wireshark.org/HowToDecrypt802.11
This implies that one can easily snoop into one’s internet browsing activity and steal valuable information or data flowing in the air.
So the final word about WPA/WPA2-PSK mode is that it is safe to setup a home or personal WiFi network , it 's use should be avoided in an environment where the network key is shared and distributed among its users. Wired equivalent user’s privacy is not guaranteed in a WPA/WPA2-PSK enabled WiFi network and hence, a judicious decision should be made while choosing security cover for the network.
Subscribe to:
Posts (Atom)