1

Unauthorized Wireless Connectivity

John Rhoton

Mobile Technology Lead

HP Services

2

Risk Benefit Analysis• Weak Protocols• Poor Configuration• Careful Monitoring

• Uncertified Devices• Insecure Infrastructure• No User Guidance• No Administrative

Control

3

Agenda

• Unmanaged Bluetooth• Rogue WLANs• WWAN backdoors• Underground IPv6

• Best Practices

4

Bluetooth Threats• Poorly configured devices

– Compromise device• Sensitive data• Credentials

– Compromise network• Unauthorized access• Denial of Service

• Default configurations insufficient

5

• PIN Attack– Often hard-coded– Usually short (4-digit)– Passive key interception

• Bluejacking– Virus Propagation

• Bluesnarfing– Bluesniping

Bluetooth vulnerability

6

Bluetooth Configuration

7

Rogue Access Points

• Highest risk when WLANs are NOT implemented– Completely unsecured by

default– Usually Connected by

naïve users– Can be strategically placed

by intruders

8

Decoy Access Points• Troubleshooting nightmare• Denial of Service• Credential interception• SSL redirection

9

Unauthorized Wireless Bridge

Private LAN

Public Network

10

Trojans, Crawlers and Bots

11

Port Forwarding

12

Reverse Network Address Translation

13

Bridge device

• No need for integrated WWAN• PCMCIA card sufficient• Modem

– Bluetooth phone– USB / RS-232 phone

• Virtually impossible to prevent unless desktops/laptops are locked down!

14

Rogue IPv6Devices / Networks

• Unauthorized IPv6 devices– Windows XP: ipv6

install• Unauthorized

Networks– Internal tunnels

• Compromised Perimeter– External tunnels

• Monitoring• Traffic Inspection

What you don’t know will hurt you

Public Internet

PrivateNetwork

Victim

HijackedComputer

Intruder

15

IPv6 Transition Exposure• IPv6 is available• IPv6 is in use• IPv6 is on many private networks• IPv6 magnifies the wireless vulnerabilities

• Corporate Security– does not monitor IPv6

• Corporate IT– is not familiar with IPv6

• This is irresponsible!

16

Threat Identification and Intrusion Prevention

• Intrusion Detection Products – Manual– Sensors– Infrastructure

• Network Monitoring• Revised Security Model

17

• Binary Access Insufficient

• Health checks become mandatory (NAP/NAC)• Complete Access Layer secured (e.g. 802.1x)

Refined Network Access

InternetIntranetAccess

18

Role-based Access Control

• Bluesocket• Perfigo (Cisco)• Cranite

• Aruba• HP ProCurve

(Vernier)

Role

Schedule

Location

UserAccessControl

IP Address PortTime

VLAN

19

Network Compartmentalization

Virus Throttling

Adaptive Network Architecture

20

User Education

• Danger awareness• Caution on interfaces• Configuration guidance • Corporate policy

21

Mobile Device Security Management

• Platform selection– Software/Firmware Upgrades– Patch Management

• Configuration Management• Policy enforcement

– Passwords– Device lock– Policy updates

• User support– Device lockout– Backup/restore

Security

Usability

22

Summary• Security concerns are the greatest inhibitor to

mobility• Wireless networks and devices introduce new

risks• Ignoring these technologies does not make

the risks disappear!• The key to mobile security is a thorough

reevaluation of existing security

23

Questions?

Contact me at: http://www.linkedin.com/in/rhoton