As the workforce becomes wireless so does the ... - Connect-World

More documents

Recommendations

Info

Wireless enterprise threatsThe latest threat to the wireless enterpriseby Chia-Chee Kuan, CTO and Co-Founder, AirMagnetThe wireless world today presents a unique set of challenges for businesses looking tomaintain a secure network. Attackers are turning their attention to client devices. Wirelessenabledclient devices, such as laptops, tablets and smartphones, rather than enterprise accesspoints, are now the focus of new threats. The only way to approach security issues efficientlyin an enterprise environment is to deploy wireless intrusion prevention technology.Chia-Chee Kuan is Co-Founder, CTO and Senior VP of Engineering at AirMagnet. Prior to co-founding AirMagnet in 2001 (now part ofFluke Networks), Mr Kuan served as advanced technical staff at Packet Design LLC since the company’s inception, where innovationswere incubated and focused on Internet routing and wireless security. Previously, he was the founding engineer at Precept Software,developing IP multicast and IP video streaming technologies. When Cisco acquired Precept, Mr Kuan led Cisco’s Video Internet ServiceUnit development team. His career has been devoted to computer networking, especially in TCP/IP in the infancy of the Internet whenARPANET was formed.Mr Kuan holds a B.S. in Information Engineering from National Taiwan University and a Master in Computer Science from StanfordUniversity, as well as 10 US patents in wireless security and performance management.Research continues to show mass growth andadoption of wireless and wireless local areanetwork (WLAN) technology. In fact, todayit’s more likely your employees connect toa wireless network, instead of plugging anEthernet cable into their computers for access.Because of this growth, most organizationsnow understand the advantages wirelessoffers business (connectivity, productivity,critical apps, and so on), but as the connectedenterprises continue to grow, so do thechallenges associated with managing andsecuring them.The wireless world today is much morecomplicated than the wireless world ofyesterday. There was a time when ITmanagers could be assured their wirelessnetwork consisted primarily of approvedaccess points (APs) and routers tied into theserver infrastructure. However, with theproliferation of personal and mobile devices,these same technicians have gone fromnetwork planner and manager to networkpolice officer, tracking and hunting downunapproved technologies.Today’s wireless networks (and the teamsresponsible for managing them) are engagedin a constant power struggle. Wireless hasexpanded beyond the laptop and has becomeembedded in a growing number of mobile andlifestyle devices or clients. Now everyone thatwalks into your central business location (orremote sites) can attempt to connect to yourwireless network. Will they succeed? That’sthe scary question. And, if they do, will youknow about it? That’s even scarier!This new wireless world presents a uniqueset of challenges for businesses looking tomaintain a secure network. In this article,we’re going to focus primarily on the newthreats associated with wireless-enabled clientdevices, like laptops, tablets and smartphones.If your team is not actively looking to secureagainst these new threats and devices, it’s onlya matter of time before someone else exploitsthem (either intentionally or unintentionally).So what exactly are we talking about when wesay the wireless network is at risk due to theproliferation of mobile and lifestyle devices?Basically, we’re referring to any device thatcan serve as a wireless client. Since these typesof devices are exploding into every aspect ofour lives, the impact on enterprise wirelessnetworks is huge. The ultimate goal is to stop22 • North America 2010
Wireless Mobile enterprise payment Mobile systemsaccess threatsunauthorized connections, but, if they doconnect, you also need to be able to recognizeand mitigate that connection immediately.Many of today’s organizations feel they havea strong grip on wireless security because theydetect and root out rogue APs. This has beena focal point for most organizations over thepast several years - and perhaps, unfortunately,is still the focal point around discussions ofwireless security today.It is true that tremendous effort has beenexpended to watch for, and root out, rogue APsin the enterprise, whether they are maliciousor inadvertently hooked into the wire networkby a well-intentioned employee. And, this isstill an important security activity. However,malicious attackers are always finding newways to circumvent even the strongestdefences associated with rogue AP detection.While companies focus their security effortson locking down and monitoring corporateAPs, attackers are now directly targeting theenterprise’s ubiquitous and most vulnerableassets - new client devices.Using new wireless client attack tools andtechniques, outsiders have the ability togather login and password data, or send trafficdirectly to an end-user, without ever touchingthe approved enterprise wired network.As a matter of fact, new trends in wirelessfunctionality actually open up tunnels into thenetwork, and these tunnels (and the traffic theybear) will appear completely authentic.Unfortunately, wired security systems do littleto protect against this over-the-air malicioustraffic. Airborne traffic requires the same levelof continuous monitoring and analysis aswire-bound traffic, so IT managers can detectcriminal activities that may threaten to exposecorporate data or users.It’s no wonder attackers are turning theirattention to client devices, exploiting themfrom corporate parking lots, and in airports andother hotspots. They’re compromising bothmanaged corporate devices and unmanagedsmartphones, as well as unmanaged businessassociate devices. And yes, they can attackMac OS, as well as Windows devices.The fact is that rogue AP detection is trivialcompared to managing client-side wirelessexposures, and the client threat has becomefar more dangerous. Rogue APs are easy tofind because there are few of them and theyare relatively static. On the other hand, clientvulnerabilities and exploits are much harder todetect, and far more threatening because theyrequire stateful monitoring and analysis ofnetwork traffic in the air.Malicious hackers now have a vast number ofdevices to target (with exploits like KARMA,MDK3 and SkyJack), such as Wi-Fi-enabledlaptops in the office, at home and on theroad; Wi-Fi-enabled smartphones, typicallyprivately owned and unmanaged, increasinglyused as important work tools; partner, vendor,contractor and service provider laptops -also Wi-Fi enabled. All of these devices arecoming onto the corporate network by theminute, but are not underneath the corporatesecurity umbrella.Attackers’ ability to gain access to wirelessclients is largely a product of the way thesewireless connections work. Wireless technologyis designed to facilitate fast, easy connectivity ina variety of settings, to a broad range of trustedand untrusted APs - making it easy to spoof.Even worse, virtualization allows a device tosimultaneously operate as both a legitimateclient and an open access point, creating anunmanaged bridge (or tunnel) to the outsideworld. Moreover, this transparent connectivityand seamless virtualization are active trendswithin the industry; they’re capabilities thatvendors throughout the industry are workingto expand and enhance every day. Thisfunctionality is considered a feature rather thana vulnerability - unfortunately this feature canbe exploited so an attacker can gain access tothe corporate network.There are two important points to take from allof this: 1) the majority of Wi-Fi threats occur,and are only detectable, in the air, and 2) themajority of evolving hacks and vulnerabilitiesrevolve around end-user client devices, notenterprise APs.As wireless usage becomes pervasive andan integral part of the extended corporatenetwork, it’s time to adopt security policies,procedures and technologies that can meet thechallenges of this dynamic environment.Rogue AP detection is simply not enoughanymore, as it assumes that you can ‘see’the unauthorized device. Unfortunately,the vast majority of new Wi-Fi threatsoccur in the air and focus on spoofing orhijacking or tunneling through authorizedclient devices. And these client devices areliterally everywhere in the enterprise; withthe proliferation of new devices, the volumeis growing every day. Add in the trend towardvirtualization, where potential holes are beingbaked right into chips, adapters and operatingsystems, and client-side security quicklybecomes a losing game - it requires you toknow about and control every single device.Miss one device and the game could be over.The only way to effectively avoid this trapis to adopt the same approach that is used inthe wired world: look at the network trafficitself. And just as in the wired world, detectinganomalous and illicit wireless traffic - includingattempts against client devices, devices holdingmultiple states, or compromised or spoofeddevices - requires stateful, continuous trafficmonitoring and analysis.But keep in mind that existing wired trafficmonitoring won’t cut it; by the time the hackerhas access to the network, the connection lookslegitimate. Rogue AP detection alone won’t cutit. These hacks avoid the legitimate APs andtarget client devices instead. The only way todo this wireless traffic monitoring efficiently inan enterprise environment is to deploy wirelessintrusion prevention (WIPS) technology,which is unique among wireless security toolsbecause of its ability to look at all traffic in theair statefully.Wireless client devices are not going away. Itwill always be a challenge to keep them off ofthe network - whether you establish corporatepolicies or not. If you’re looking to keep yourcorporate network secure, make sure youmonitor your air space so you can maintaina healthy, secure and connected enterprisenetwork. •North America 2010 • 23
Page 2: I WANT TO TAKETHE LAST FIVE MINUTES
Page 11 and 12: Optical Mobile wireless payment Mob
Page 13 and 14: Spectrum Mobile and payment capacit
Page 15 and 16: Mobile Strong payment Mobile authen
Page 17 and 18: The three Mobile states payment Mob
Page 19 and 20: Mobile The payment Mobile 4G LTE sy
Page 21 and 22: Mobile payment Mobile Mobile offloa
Page 23: THE WORLD’S LARGEST BROADBAND EVE
Page 27 and 28: Automation Mobile payment and Mobil
Page 29 and 30: LTE-enabled Mobile payment M2M Mobi
Page 31 and 32: Wireless Mobile application payment
Page 33: Mobile payment Mobile backhaul syst
Page 36 and 37: Smoothing mobile broadband peaksAda
Page 38 and 39: Policy-driven optimizationManaging
Page 40 and 41: Mobile workforce managementAs the w
Page 42: YES! Send me the following Connect-

As the workforce becomes wireless so does the ... - Connect-World

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?