Mobile & Wireless - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Mobile & Wireless


Wireless IDSes Defend Your Airspace



 By: Andrew Garcia
2004-08-07
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Mobile & Wireless story.


  Table of Contents:
  1. Wireless IDSes Defend Your Airspace
  2. ' Page Two '
  3. ' Page Three '

Rate This Article:
Poor Best
Wireless IDSes Defend Your Airspace
( Page 1 of 3 )

WLAN intrusion detection systems can help spot and lock out trouble in new ways.

eWEEK Labs advises every enterprise that is considering deployment of a wireless network or maintaining an existing one to seriously consider investing in a wireless intrusion detection system. A wide variety of these products stands ready to help identify and troubleshoot security and performance issues related to wireless technology.

However, based on our tests of a range of these solutions, we believe companies should carefully assess their wireless security needs because their existing infrastructure devices may already fulfill them.

Wireless IDS solutions range from handheld products that are designed for on-the-spot troubleshooting at a point in time, to capabilities integrated into existing access points and managing switches, to distributed fleets of sensors that provide round-the-clock coverage.

In tests, weve found that defensive overlay networks, such as those from AirMagnet Inc., AirDefense Inc. and Network Chemistry Inc., provide best-of-breed capabilities. Defensive overlay products enable a host of security and performance monitoring capabilities and have strong policy options that alert administrators to any signs of trouble.

Resource Library:

Defensive overlay network vendors are rapidly adding features that not only alert but also can be configured to isolate and block wayward connections over the wire or over the air. These vendors also are increasingly tuning their products to use location findings to make policy decisions.

Click here to read about how CBK, a wholesaler of home accents, is using AirMagnets overlay product to detect unauthorized intrusions and shut down rogue access points.

Despite recent reports of vulnerabilities in the RADIUS (Remote Authentication Dial-In User Service) authentication mechanism upon which 802.11i is based, 802.11i goes a long way toward equalizing the security of known, managed devices on wireless networks and on wired ones. 802.11i does so by delivering strong standards-compliant encryption via AES (Advanced Encryption Standard) and port-based 802.1x authentication to WLANs (wireless LANs).

Click here to read more about 802.11i.

However, many threats remain outside the scope of 802.11i, including access points and client nodes that are loosely maintained (or are completely outside ITs control). Poor configuration practices and unauthorized usage can lead to fundamental network headaches or nefarious intrusions.

The threat of rogue access points has been well-publicized. Employees installing their own unsecured access points on a corporate network leave a wide-open vector for LAN attacks that bypass network firewalls and wireless security measures implemented by IT.

But misconfigured and unsecured client devices also represent a significant threat. With the proliferation of WLAN hot spots and wireless devices in the home, users are leveraging their wireless connections in a multitude of locations. To ease migration between these disparate networks, WLAN client configurations are often left in a default—and insecure—state. When first enabled, the clients probe constantly for open WLAN networks, often attaching to nearunknown access points without user knowledge or interaction.

Man-in-the-middle attacks exploit these circumstances. A simple sniff of the air can determine a clients network name and channel information, allowing a hacker to similarly configure a rogue access point. A spoofed deauthentication packet gets the wireless client to drop its association with its known access point, and the client can then associate with the rogue, allowing an intruder to potentially capture data and passwords. If bridging between the WLAN and Ethernet adapters is enabled on this client, the two networks are suddenly connected, bypassing network perimeter security.

In tests, eWEEK Labs has encountered interesting results from a misconfigured client bridging the internal wired network and an unknown wireless network. Weve witnessed other wired clients receiving their DHCP (Dynamic Host Configuration Protocol) address from the remote wireless networks server. Weve also seen the offending client used as a launching pad for attacks on the protected network.

Wireless IDS products must effectively patrol the airwaves for unknown access points and open client connections. Preferably, the solution should be able to determine whether a rogue is connected to the protected network or is simply occupying the same airspace, and it should also provide the granularity of policy definition to be able to define legitimate connections and be alert for those that arent.

Next page: Hardware closes the gap.





  Reader Comments: Wireless IDSes Defend Your Airspace
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Mobile & Wireless Articles          >>> More By Andrew Garcia
 


x}r8s;ӮcV%uȖlkڶ<v?&RI'6q_F^_3'@8:)|E[5g0m_k|tvs< s~7 CoZe؄j% =y7`JaCJ&5\_-׉E>7 ؗY͢Aeʆ}{ʾVWR\W}`[BUzEÝ|k4:7?W)E{vU !lݹ܎ඒk%m{|Ns~A5ox9vty/ȯ0FD_jQEVKY/LZH<&n] ydZj/4E;J KHS = (1N,#u;Gbj\:W~ :gG 7b٘X^B ji@U$\]HwAբ}rqӽlnwMڝONI; i fɗV?~'=:$~~54Y01\ \^Kjg$ڽǣ1)H|S:Mq68' | ,-˝)Tt</Rzhf5 x CX&%Ge":u vPy۬)MZ!Rƒ uKsQ8j\K0Fp JpJq䨉k>ش 6,%̟iJyOf4Ջ"}Yt"Fͩ4 (J"bN3 ɋE94>BBp4âx?0 t3ϼC|>55F㤞F!|emxq=Z.3+ԍEXn`Ha^i1[W <ۋJPIxZ3x&z$tD h&rkIO7.[A0? ; O`r]ɝ5E0ݻ#i`y1yj =*~s`=w}   l߃5#~[-[Y6x O͹A }C s\(L7^ "# EEKi@$ $h-4`r.= ŊPݑvZ)JHT*nOq$wV*2ڹ&3,ЂW-Kїtfd(=?j1!UG ,D`v9r,L.Y /6JԍyrY9Դj>Ҵ73[KGuY-$-Xb I[$%\EwTm::ޟ=Fa]Gt0x>h3Vh9N) ./ aH]69X0N-cJb+p5(Bk?f P=6:{mQHNuP:%qK{]:9A7ÚLGVG+oo; =p ؇#UV3_H뼜2N#iۖsM ߄T +9v#\ē ry͚X 4ؐ9|ƓB77SnS^ʚ**#wT4tjz#JCݼ~hé;h{q#%Aw=e河xOuYKnuo?յ݋pz9TKӺJj'/"odm_EڠueLGe K-C IHf(XK+ezlx8$&le2LE6pȞZc7l`(`R5) KB+٫ X3ld xAqFFݔ`ADLl5TW թz4}&.H{{LgH~qP9gs?Q,C, )L>Eװ HZWS{u&<$2.|N\+Ё*8tǙgpp0tׅ=% Υ_8'םu у=&9Je!6c{e?C{ӞW+>(-jE)j4' q/#Y /m0ܱk}>bDuD(-CZ!3O5uH8F_̈́AM &89q8TU&(gpFl`^\|?CU^oVS8;fz^*k 6UUR;,Z {}|8=ehLQ8tc}y _+zSAqf -2/|VL}6݂ /]r?29X>>: '212& z-Cv0 ˌJ?#4ByQYpw\pR 2[Ep dEN\tCy!+pDZQV`.A1pemZ}l)tdx8)ё,Hr]TՑnR UtT# )X]QiRZm9]R˶˧SNK@(A5u4X\Y(``!> ~6F8f&af4X[ ↪%}vWg)|h#RL@ ` Kx{ZCAk3۩^Gw=܁c2PH(TZg7gMś]ac6U{zn&R)Zm Me;4 /+bIۛў'oj"9A36V"=_`KQl x@̬1@j3m94c~y-0>i_LFbT~\3gbסڳn21󓫻_FpA JG}sOn~Uc6~ zi1b`{7=;#4ϷQ5rRd2y6P}m*lZ>ǐlwb_¹^ORO9n6=RJ =cxe>ugc5Z:<*Cz)/DʜYe/Q Umq'.҂^ߵK]T1)V(&v}j;_I|SeȓV)+Y+T\U񋰷8C+`-XRj#D*"Go&ŏ[oȧurN3HG~ W>W O}b*kZQR޼+8rk4rO,ZKqXKkp9 -2j=wR/fKܥ@vGܖ[J,]^ Ba u( =(tם. 26aI3I%` {iO4cJ7eVV*V$"< 7C{d',LGI<~:&.rOfss]`@|7#SGRiemRߑJ\X cĵ)$jAç,D,_t2jUk`Wʠ< j;! ]8`CMM8qG^ar0uq8(-E492=qhZavOT+d4A<8'v/>B05A A D@"D;n?$ ?S-l8F:w~ݕDwɿvg}@:i]t??Nٿn0yY{z6 %<jԽlwq@*V-^>^E&FӸo9)P K NCbw}WszV^tawNQ區^9  u}ڽ_>QCr޽H^'+֓!w"y%9!pUN::f3ڌ6NJ,#zqaxki7f@ ۝kN,8;XKS!}>#mP5õhLٮտvVRဏQFh 鳁Vˮu^c'`|x=Na.cLU9 gEuX.9Uk۾+ttO$Z؍ڑq eީӊN|mu+ɅNo-!WC3kyV̵j dŽ%Ɣ{@95~Dל)|si9S<3m~`'6"%(\s")Xf>UAkv,x\J}[<,'Mw[1C=rsMZg Q+}Fy tD#(Zw{.zʜ,=!G&zE>qB.Z۽w; e's CݿwA]iNw7HUFᆎxZ P?G&c:I"IQU֫UdU)I}Y)GG8LFxL_w.oF觥4/MZ2gP:;G׍[sGg#F0XvƹE۴rUCauk ,giƿ7c#ޚU>=dN;Z=(}I`O'|>A/i!렳D,&fN{i.yMhO4qiq xo׆.HO8*a>V!j1ԏΉvRی%CmܪI'+%qJMmCkd“)K2埇]q"u/*I=OaAy`MOj5uE'yZ^?,W*ղR>4g[cNok.RVWQtď{$xA<-HP$4 e̷o.fXg|5x<9$4ca9u.z$ɉ"qQSbr* S|[qL%,Bh; ez6Ȁ}y&v0lbԟV|Q߯[>} 1w9Y'ՌdD(rDxeiKltZ<ѕzSF> 6SxԲ|v:B/Xv9Dr `H08!2BF6{(=M/xpq67|X;MQʒRjўO-=b2g,|I }2Ⱦ>R4K=#Ee+DTM_ ~ŒK8\"$], 2aQ'̳|[ᾤ)^ ;ꎎ0cұ;~ KIĐmJɈR^-*9THKdZ뫠G-ܼ7%I8FBΌ f{۷NyU!E^dyDECd=cP^3|+rmfcry*_,r邆S ԜXH 9JJ 0ƒN,LB@"_DroiMQWMe?҅{G& {,q "#y"x$ W2=;z2zm+ 1{)ޒEn j"oc2<CWj9ZV%v[2KHR֪yn4A5yQUj᫥\#Ri 3oo84s s s s p J1?ߩԇvFmoAsg L2u8-nt |1+7L[GgiŘb0K6WXFw]'x4GJn, k&~-1$z+-ɑ5\seK2}%cKQtM @{L. -g@,L68 gxw"L0A?Ł[̽$g p65' Qk"*7$[Js~4@,@Dlҥ"p.lSqW*(ZPeᐈ!b+4!۹Ω>S %^jyIY&(ˣtkSW\YC: gpv8On9镰#셈jjO"1RB\15l5_O|IzTapAҚj𻴯ǵ~s~s~s~ss5pڟYHo:_$vK% l'SW'6}`,dAm4k. A,D@HY1z]D8rd$[[ M/훌Ce,8E<" ncz@ Brk(WC {kV{f0Crpя"mycO{ eTZWIY34+sOܤ%<{>fBMw ؒA+u˓HdGOp\dE'yHdY>lٜ>7-eM13ɆX50yfB׵'a^vDe󔾋7SYzڽ9Z<1XsS50ٺs/;q1gF[TxSvXf 1n7S2_ L[K`63OR!g@%UX5\ 0>6-lX/ժڽE=4g|Oz O\YkJMU0}jʘρUC@z9 ̨ktքax/}ZpY$֞=Xm7r2r牑W*ZTfF}LHX*AE_\*X3Z<<Q,mJ)Ag'B|㈏9b1ǖCo0ۏUKzt׳c1vsP7ļ/5o$xޞ+j6$|tŲgatl'&vUZ R z' W[ "yFsg/s̑뛋uNf<{+. &Yqoͳ.R#4}$g;  US=+0XU5bxDvZ*f&3Z5B7[]s_#Ƙ'Qo@@L-A H ,73\#P |h-SwWq+T}V7>2gMr'7LӦ12}=&7f?= .θ9C roEVIv# ,@GDE슍Bc+o" p4;,='yg0\*4Q^^<(tP>T`<CԘ:# !'@vq]Q 0;#x7tT$l.cE~1H}8ܰJ7o8gkH0ג rLhtn~+J O 9'0ឩ V1,2-kDM(qi+8<4>?_IN1% ᑰ 5"  B[xwgII!-`^!Cy 19ӈ)iT!9o!,af,; 7Yef xpx})5lɪ@G3+ f)u n9 :jeOLg>򽉑{:y s)aR;:^Q@<P 4'/+7,Xzoj Bp),f,՚RD&u]Cu]j%@]À} YU^&"vӔ\ BI] / (HZ W{}GCHIPu0՝!Xf39]9tHQ{5.Qw'}&ZGݪ;Ge{9(4O,41F;d6MƋBry:2 'Sr?ԙpi.$ "cɃwg;8ı;~|U6üjWzsL[\[A~ݾZ>ZNAw o|vmQc̑:jS#ZuRBjs@1@C|ww)4#z_m9 _CPj+彜r6)?'BOs?/?gvmC9CL2/B~Ng(m׼ș E/E|E~/?9_">/>/ry2gSN S~909{ s?09׃rˑ?=/rqCWU@?9Ӈs߇s?P>'(W3OO9rߛorڿɡ=>k]T(RhK "S^9,.Or  SG0VX>}n.nm;yx#ֽ2b;w6 S췡\F<%Naf>ţu.T+6:7\q3[ #Èà8 zY8#lu~Le|x:|(O6Tq< 5R u8i$ H-LyóHNQ?ưs3PXj<} =n΄;͡a[; o>eM+5VkZpWrH˪="BS]FTMVYi2ZUٯk% QPeh[v2boVS' yV8n[#DK(x>Xx3c6}*ۼx7lTyN Nx@7ʄ,4wW;ŀЫġ@^΃s;k^5tq6 ?`-YkMD 2ydkc l.$5rh[L,!eށxql416;Dr(9Pó l1Aҙ |1 \V=wp*t ޺Ccjd19k +#͙P<bՍP1>/亂mKz`-g.+y>;jsqKHL#d/W>[l,&1 {;kH64s `-Cc7 oϔ(πdX+.Ġ/>'g4WBO)SVk͙*u.wpI‘0pF膂!^O[Q_lmz+F2jSo:h}rW/ފW??=V@U}Ì# 1* ^"1HXY/Z8:Z5m$^${c3@ gQlVxHDڮ V_$v{%B+*/ 8H2G$!|c9"3>("nty9= |>^[zQؗ@1aҧQ5R^vȥIzH,݈SAQ6yJ>? T@|- %).X";>m<'6}Fu;J"@"xrtPŗ-;wa3)fGVFp)hFNcx nj=/1|ee|n4~Uf2{{:o9kn>7q$LE=3̾HJ B /ɮxxlo`SCl .7'*O]F xWa! e;6K)(Xp^gAlmw;>BAr$cX^Eҵ<oc3 ?;<v; # +_2sE>v/-G9JRX}P?(:OOgsZ _Hʶ› *~X^c 0,*09'5E6<:=܈xj{ݾX 瘻k3HUxX=lۉQ#nȅ-`jkDmYtẉAgr09_֎VMM.2a-dc{͵N_ lE&}+