javacool
July 30th, 2002, 01:30 PM
A good document to review as a starting point in wireless security (in particular, the bulleted points):
-{ Quote: "
Press Release
SOURCE: iDEFENSE
iDEFENSE Pinpoints Top Wireless Vulnerabilities
Identifies 10 Steps to Foil Hackers and Bolster Security
CHANTILLY, Va.--(BUSINESS WIRE)--July 30, 2002--
iDEFENSE, the security intelligence provider, today released its first wireless 'insecurity' report, detailing the top threats facing users of wireless networks and simple, but effective ways, to better protect them - immediately.
"Hacking the Invisible Network: 802.11x Insecurities" (http://www.idefense.com/papers.html) highlights how anyone with access to inexpensive hardware and freely available software tools can locate and penetrate wireless networks within minutes. Even networks using encryption remain vulnerable to intruders, who can capture data as though they were sitting at a computer inside the building. Hackers can use wireless vulnerabilities to retrieve passwords, read e-mail messages or launch further attacks on other computers, all while bypassing traditional security systems such as firewalls.
"In one short stretch of mid-town Manhattan, we found that 77 of 106 wireless networks we uncovered were wide open to intruders," said Brian Kelly, president of iDEFENSE and a veteran of the government information intelligence community. "As with any technology, the human factor is the greatest risk for wireless networks. Many organizations just install them out-of-the-box - overlooking important built-in security options and advertising how their systems are configured."
iDEFENSE provides strategic information security intelligence to companies and government agencies. Its electronic alerts include geopolitical threats, as well as reports and analysis of technical vulnerabilities including worms and other viruses still 'in the wild,' and equip clients to proactively defend their networks.
As more companies embrace wireless technology, 802.11x is emerging as the standard protocol used by most networks. iDEFENSE's report details some surprisingly simple steps that users can implement to minimize risk when using this increasingly popular technology.
Know the Risks and Plan Carefully
Wireless networks carry unique risks that must be assessed and mitigated before they are added to the infrastructure.
Don't rely solely on the standard Wired Equivalent Privacy (WEP) encryption; it's a reasonable first step, but not private enough, because it wasn't designed to be a security solution.
Segregate wireless networks. Traffic should not be allowed to pass openly between wireless and wired local area networks. Internal firewalls should separate the networks and require strong authentication before traffic is permitted to pass between them.
Be careful where you place wireless access points. Avoid transmitting the signal to public places, like parking lots or adjacent buildings from access points on outside walls.
Use the Tools at Hand to Protect The Rest of Your Network
Upgrade software and firmware when vendors release the latest countermeasures.
Change the manufacturers' default settings, including IP addresses, network names and passwords; information about these settings is widely distributed online and in vendor documentation. Hackers can use them to access and reconfigure the network.
Avoid descriptive names for access points and networks such as company name, address, etc. These types of labels give hackers clues for tracking down the source of the signal.
Require that users know the service set ID for your network, in order to join it. Don't rely on 'beacon packets,' which broadcast locations and can be used by hackers to identify wireless networks and determine the level of encryption. Rotate encryption keys. It takes time to crack these and revolving the keys reduces hackers' window of opportunity.
Hard code the MAC addresses for network cards permitted to join the network to prevent unauthorized access to the network.
"With wireless networks proliferating at an increasing pace, security measures will eventually catch up with demand," said Kelly. "Today, though, the best offense is a zoned defense."
About iDEFENSE:
Founded in 1998, iDEFENSE is headquartered in Chantilly, Virginia, and has a satellite office in Tokyo, Japan. iDEFENSE is a global security intelligence company that offers information assurance solutions to clients who desire the highest level of confidence in their security posture. iDEFENSE's suite of security intelligence products include iAlert and Desktop Warning and Awareness. For more information visit the iDEFENSE Web site at www.iDEFENSE.com or call Michael Cheek at (703) 344-2641.
" }-
Enjoy! ;D
-javacool
-{ Quote: "
Press Release
SOURCE: iDEFENSE
iDEFENSE Pinpoints Top Wireless Vulnerabilities
Identifies 10 Steps to Foil Hackers and Bolster Security
CHANTILLY, Va.--(BUSINESS WIRE)--July 30, 2002--
iDEFENSE, the security intelligence provider, today released its first wireless 'insecurity' report, detailing the top threats facing users of wireless networks and simple, but effective ways, to better protect them - immediately.
"Hacking the Invisible Network: 802.11x Insecurities" (http://www.idefense.com/papers.html) highlights how anyone with access to inexpensive hardware and freely available software tools can locate and penetrate wireless networks within minutes. Even networks using encryption remain vulnerable to intruders, who can capture data as though they were sitting at a computer inside the building. Hackers can use wireless vulnerabilities to retrieve passwords, read e-mail messages or launch further attacks on other computers, all while bypassing traditional security systems such as firewalls.
"In one short stretch of mid-town Manhattan, we found that 77 of 106 wireless networks we uncovered were wide open to intruders," said Brian Kelly, president of iDEFENSE and a veteran of the government information intelligence community. "As with any technology, the human factor is the greatest risk for wireless networks. Many organizations just install them out-of-the-box - overlooking important built-in security options and advertising how their systems are configured."
iDEFENSE provides strategic information security intelligence to companies and government agencies. Its electronic alerts include geopolitical threats, as well as reports and analysis of technical vulnerabilities including worms and other viruses still 'in the wild,' and equip clients to proactively defend their networks.
As more companies embrace wireless technology, 802.11x is emerging as the standard protocol used by most networks. iDEFENSE's report details some surprisingly simple steps that users can implement to minimize risk when using this increasingly popular technology.
Know the Risks and Plan Carefully
Wireless networks carry unique risks that must be assessed and mitigated before they are added to the infrastructure.
Don't rely solely on the standard Wired Equivalent Privacy (WEP) encryption; it's a reasonable first step, but not private enough, because it wasn't designed to be a security solution.
Segregate wireless networks. Traffic should not be allowed to pass openly between wireless and wired local area networks. Internal firewalls should separate the networks and require strong authentication before traffic is permitted to pass between them.
Be careful where you place wireless access points. Avoid transmitting the signal to public places, like parking lots or adjacent buildings from access points on outside walls.
Use the Tools at Hand to Protect The Rest of Your Network
Upgrade software and firmware when vendors release the latest countermeasures.
Change the manufacturers' default settings, including IP addresses, network names and passwords; information about these settings is widely distributed online and in vendor documentation. Hackers can use them to access and reconfigure the network.
Avoid descriptive names for access points and networks such as company name, address, etc. These types of labels give hackers clues for tracking down the source of the signal.
Require that users know the service set ID for your network, in order to join it. Don't rely on 'beacon packets,' which broadcast locations and can be used by hackers to identify wireless networks and determine the level of encryption. Rotate encryption keys. It takes time to crack these and revolving the keys reduces hackers' window of opportunity.
Hard code the MAC addresses for network cards permitted to join the network to prevent unauthorized access to the network.
"With wireless networks proliferating at an increasing pace, security measures will eventually catch up with demand," said Kelly. "Today, though, the best offense is a zoned defense."
About iDEFENSE:
Founded in 1998, iDEFENSE is headquartered in Chantilly, Virginia, and has a satellite office in Tokyo, Japan. iDEFENSE is a global security intelligence company that offers information assurance solutions to clients who desire the highest level of confidence in their security posture. iDEFENSE's suite of security intelligence products include iAlert and Desktop Warning and Awareness. For more information visit the iDEFENSE Web site at www.iDEFENSE.com or call Michael Cheek at (703) 344-2641.
" }-
Enjoy! ;D
-javacool