Transcript Wireless Security What’s the threat
Eric Peterson
Vice President STAR COMPUTERS
Wireless Technology Timeline Common Terminology Home and Business Devices Common Types of Wireless Security Real World Concerns and Threats Wireless Security Best Practices Questions
Fall of 1999 wireless 802.11b products start shipping 2000 Microsoft releases Windows 2000 with built in Wireless Support 2001 Starbucks announces Hotspot launch 2002 Lucent Technologies demonstrates a seamless handoff between Wi-Fi and 3G cellular networks, enabling users to roam between the two without interrupting their Internet sessions 142.8 million total smartphone users by end of 2011.
802.11
(802.11b) (802.11g) (802.11n) - this is WiFi
WLAN
- wireless local area network
Bluetooth
– a wireless technology used to connect devices to each other, short range
SSID
- service set identifier, a 32-character unique identifier attached to the header of packets sent over a WLAN. The SSID differentiates one WLAN from another
Hotspot
–a site that offers Internet access over a wireless local area network through the use of a router connected to a link to an Internet service provider
AP
-Wireless access points (APs or WAPs) are specially configured nodes on wireless local area networks (WLANs). Access points act as a central transmitter and receiver of WLAN radio signals.
Mobile/Smart Phones Laptops/Tablets Printers/Scanners Televisions/Appliances Credit Card Machines Video/Surveillance Cameras
Smartphones are mobile phones(personal devices) with: Internet access Easily-programmable OS Rich sensing and communication capabilities Extra capabilities: Sensors: camera, motion, GPS (location) Communications: cellular, Bluetooth, Wi-Fi PC-like functionality
Blackberry IPOD/IPAD Droid O/S Devices Windows Phone Palm Symbian
OPEN – is exactly that open to all without any security WEP – ( Wired Equivalent Privacy) WEP has three settings: Off (no security), 64-bit (weak security), 128-bit (a bit better security). WEP is not difficult to crack, and using it reduces performance slightly WPA/WPA2 – (Wi-Fi Protected Access ) successor to WEP that is more difficult to crack. WPA is comparable to having a single lock on your front door, and giving a key to everyone you want to give access to. Keys can be shared. The challenge with WPA is removing someone requires the entire network to be re-keyed and new keys re-distributed to valid users.
802.1.x network.
enterprise-level security frequently deployed by Fortune 500 companies with a RADIUS Server, eliminates the common key problem by providing a unique key for each valid user every time they enter the
Sensitive information often exists on these devices. Employees want to access enterprise data and applications from personal devices. The use of personal devices increases the risk to any information that is stored on or that can be accessed by those devices. Regulations associated with sensitive information (HIPPA)(SOX) drive the need for certain controls
Users ability to copy information to the devices or send information from the devices Direct attack over a network connection Malicious software Rogue AP’s Conduit for exploits to LAN Iphone (bad apps) jailbreaking Physical loss or theft of the device ……
30% of mobile devices are lost each year (SANS Institute) 31,544 mobile phones were left in NYC taxicabs during a 6 month period in 2008 (Credant Technologies) These devices contain: corporate data, corporate e-mail and contacts lists, enterprise access rights Threat of Bluetooth exploits: bluejacking and bluesnarfing Bluejacking: unsolicited image, text, etc. sent to mobile phone over Bluetooth Bluesnarfing: unauthorized phone access via Bluetooth, can result in theft of contacts, calendar, etc.
Enable Auto-Lock Enable Passcode Lock and power on lock Keep device up to date Provision for Remote device Wipe Known Ap’s with WPA (Wi-Fi Protected Access) Security Deactivate unnecessary wireless interfaces such as Bluetooth (only way to prevent bluesnarfing)
Use Mobile Device Management Systems: Blackberry Enterprise Server, Good Technology Establish policies on what information can and can not ne stored on devices Consider Company supplied devices vs. supporting employee owned devices
Handhelds no more or less vulnerable then any computer Currently few malware or virus exploits in the wild…….. expect an increase Keep device up to date Strong passwords, remote wipe, and use of WPA Though the iPhone has made some significant gains in recent days toward become a suitable business smartphone, its target user is still the consumer use third party security package