Sunday, October 31, 2010

Are You Betting on Wireless Clients?

If yes, be watchful as you might be on the verge of inviting serious security risks to your enterprise network or confidential data residing on the network. Unlike APs, WiFi enabled clients are physically unconnected mobile end points. They keep moving in and out of your wireless networks and might carry infected wireless network profile. In this blog post, I am going to share with you how a wireless client device can easily break the security cordon of an enterprise network.

Infected Clients
An infected wireless device present on the corporate network is a serious security threat. Here infection doesn't mean infected from virus or worms. Such problems are already known. A wireless infection can create backdoor. These infection occurs when a roaming wireless client connect to insecure WiFi network. There are two types of infection possible:

a. Probing clients
Wireless devices keep the memory of wireless network they have connected to in the past and keep probing for such networks. This gives opportunity to hacker to launch honeypot attach on a corporate wireless device. Once the infected corporate client connects to attacker planted "Honeypot" several other upper layer attacks can be launched to take root access of the machine. Imagine if the infected client is connected to corporate network through ethernet. Attacker can exploit and access corporate network as well. This puts serious threat to the data residing on corporate client device as well as corporate network.

b. Adhoc mode
A corporate client device can be infected from Ad hoc mode or Viral SSID profile. Such a client invites peer to peer connection from other wireless client devices. Attackers looking for an opportunity to break into corporate network can make first connection with infected client device. Later, she can run higher layer attacks or exploits to gain root access of the machine. Once the access to machine is taken attacker can also connect ti corporate network and scan for vulnerable machine on the network. This puts serious threat to the data residing on corporate client device as well as corporate network.

Virtual AP Threat
Windows 7 has included a new wireless feature called virtual WiFi or virtual AP which allow its user to run a fully functional access point on a laptop with just a few clicks. Similar features are also available in different operating system and different types of mobile devices e.g. Intel’s MyWiFi works on Windows Vista as well as on Windows 7 operating system and allow user to run AP with any type of security configuration. If the client device is connected to corporate network and having a virtual AP running in open configuration, any unauthorized user connect to virtual AP and gain access of the corporate network.
It's equally important to scan for wireless client and deter whether a client is carrying infected wireless profiles or running virtual AP. This can be achieved by using a wireless network monitoring system.

No comments:

Post a Comment