Tuesday, November 25, 2008

A Security Hole So Big Most People Miss It... Wi-Fi

A tip from Roger A. Grimes, Security Adviser, InfoWorld...
"Secure your wireless networks. In today's world, there are few valid excuses for not using WPA2, 802.11i, or 802.1x to secure them. Even "guest" networks. Secure them... Use security management tools and scripts to enforce security policy across as many computers as you can. (more)

Wi-Fi Espionage Trick – WiPhishing
Hackers use an authorized SSID to trap mobile professionals into accessing the illegal access point and thus gaining access to information and data... This type of attack can occur when a mobile professional's laptop or PDA has been configured to automatically connect to an access point using an SSID such as Linksys or tmobile. [result] ...they have connected to an unauthorized access point... the connection was made without their knowledge. (more)

Wi-Fi Espionage Trick – Evil Twin
A hacker prevents access to an authorized Wi-Fi access point and re-directs a mobile professional to a false access point where information or access to networks can be obtained by the unauthorized person. The unauthorized user can also gain access to VPN client software. (more)

Solutions:
• Force laptop wireless cards off when plugged into the corporate LAN.
• Force laptops to connect to company authorized wireless LANs only.
• Force laptops to ignore adhoc connections.
All are easy to implement, and will operate automatically.

Solution Resources:
Full Solution
Partial Solution

Additional Recommendation:
• Conduct periodic independent Wi-Fi Security Audits which take into account legal compliance. (more)