Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/18/2010
03:17 PM
50%
50%

Ferreting Out Rogue Access Points And Wireless Vulnerabilities

To comply with regulations, companies increasingly must scan their wireless networks -- a third of which have rogue APs or other insecurities

For almost 18 months starting in 2005, attackers used wireless networks at TJX and other retail chains to steal credit card data. The vulnerabilities were not an isolated instance: Subsequent research found that about half of all retail outlets in one shopping center had insecure wireless networks.

Today, WiFi security has improved somewhat, but insecurities in installations still remain far too common. Vulnerability assessments of more than two dozen companies found a quarter have rogue wireless access points that were installed by employees, and a third of their wireless networks had misconfigurations that undermined their security, according to wireless security firm AirTight Networks, which conducted the tests.

"A rogue AP is a very serious problem if you have it -- an unmanaged, unknown device that is circumventing your defenses," says David King, CEO of AirTight. "All the layers of defense that you worked so hard to put in can be circumvented by a single device that is communicating in the clear."

Following the breaches at TJX and other retailers, the Payment Card Industry started requiring quarterly scans of wireless networks. It's likely it will increase the requirement to monthly scans, King says.

Companies that use wired-only scans are missing half of the picture, he says. Vulnerability scanning on the wired network could pick the wireless routers, but it won't find insecurities in the wired network.

"If you think about [wired-only scanning], that's goofy -- it doesn't make any sense," King says. "In the case of the TJX hacker, you wouldn't have found any of that."

The need for better wireless security analysis has led companies, such as AirTight, to build their businesses on wireless versions of intrusion detection systems and intrusion prevention systems -- so-called WIDS and WIPS.

"If you do scanning to get compliance, there is a requirement in the spec that you have to scan. You have to have alerts and have a corrective action plan," he says.

While vulnerabilities in wireless networks are common, wireless attacks are a far less common occurrence. Between 2004 and 2006, 13 percent of cases investigated by the incident response teams at Verizon Business involved improperly secured wireless networks. Yet the teams only found a single incident involving wireless networks as a vector in each of the following three years. In 2009, the breach occurred because of a rogue access point.

Companies should go beyond just relying on the wireless network's encryption, such as WPA2 or the weaker WPA, and instead use a strong virtual private network technology, such as IP security (IPSec), says Marc Maiffret, chief technology officer for eEye Digital Security.

"Your wireless network could be using WPA2, but the attackers could eventually figure out a way to break that," he says. "Encrypting your connections is another layer of defense."

Another common vulnerability in wireless networks is caused by misconfiguring guest access, Maiffret says. The corporate wireless network uses wireless encryption, such as WPA2, and per-user authentication, but the guest network is either configured so that a visitor could access corporate IT assets, or it sits behind the same router as the rest of the network.

Both situations could help an attacker, he says.

"They throw it between the Internet access point and their main router, but now if that access point is compromised, you can sit there and sniff everything going out of the company," Maiffret says.

Companies should keep the quest network completely quarantined from their corporate LANs, even going so far as to have a separate Internet connection for it, Maiffret says. "Make sure that it is truly separated," he says. "We suggest that people not even put the guest network on their main Internet link, but on a backup link."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...