Upload
john-rhoton
View
1.897
Download
2
Embed Size (px)
DESCRIPTION
Unauthorised Wireless Network Access ISSE 2006
Citation preview
1
Unauthorized Wireless Connectivity
John Rhoton
Mobile Technology Lead
HP Services
2
Risk Benefit Analysis• Weak Protocols• Poor Configuration• Careful Monitoring
• Uncertified Devices• Insecure Infrastructure• No User Guidance• No Administrative
Control
3
Agenda
• Unmanaged Bluetooth• Rogue WLANs• WWAN backdoors• Underground IPv6
• Best Practices
4
Bluetooth Threats• Poorly configured devices
– Compromise device• Sensitive data• Credentials
– Compromise network• Unauthorized access• Denial of Service
• Default configurations insufficient
5
• PIN Attack– Often hard-coded– Usually short (4-digit)– Passive key interception
• Bluejacking– Virus Propagation
• Bluesnarfing– Bluesniping
Bluetooth vulnerability
6
Bluetooth Configuration
7
Rogue Access Points
• Highest risk when WLANs are NOT implemented– Completely unsecured by
default– Usually Connected by
naïve users– Can be strategically placed
by intruders
8
Decoy Access Points• Troubleshooting nightmare• Denial of Service• Credential interception• SSL redirection
9
Unauthorized Wireless Bridge
Private LAN
Public Network
10
Trojans, Crawlers and Bots
11
Port Forwarding
12
Reverse Network Address Translation
13
Bridge device
• No need for integrated WWAN• PCMCIA card sufficient• Modem
– Bluetooth phone– USB / RS-232 phone
• Virtually impossible to prevent unless desktops/laptops are locked down!
14
Rogue IPv6Devices / Networks
• Unauthorized IPv6 devices– Windows XP: ipv6
install• Unauthorized
Networks– Internal tunnels
• Compromised Perimeter– External tunnels
• Monitoring• Traffic Inspection
What you don’t know will hurt you
Public Internet
PrivateNetwork
Victim
HijackedComputer
Intruder
15
IPv6 Transition Exposure• IPv6 is available• IPv6 is in use• IPv6 is on many private networks• IPv6 magnifies the wireless vulnerabilities
• Corporate Security– does not monitor IPv6
• Corporate IT– is not familiar with IPv6
• This is irresponsible!
16
Threat Identification and Intrusion Prevention
• Intrusion Detection Products – Manual– Sensors– Infrastructure
• Network Monitoring• Revised Security Model
17
• Binary Access Insufficient
• Health checks become mandatory (NAP/NAC)• Complete Access Layer secured (e.g. 802.1x)
Refined Network Access
InternetIntranetAccess
18
Role-based Access Control
• Bluesocket• Perfigo (Cisco)• Cranite
• Aruba• HP ProCurve
(Vernier)
Role
Schedule
Location
UserAccessControl
IP Address PortTime
VLAN
19
Network Compartmentalization
Virus Throttling
Adaptive Network Architecture
20
User Education
• Danger awareness• Caution on interfaces• Configuration guidance • Corporate policy
21
Mobile Device Security Management
• Platform selection– Software/Firmware Upgrades– Patch Management
• Configuration Management• Policy enforcement
– Passwords– Device lock– Policy updates
• User support– Device lockout– Backup/restore
Security
Usability
22
Summary• Security concerns are the greatest inhibitor to
mobility• Wireless networks and devices introduce new
risks• Ignoring these technologies does not make
the risks disappear!• The key to mobile security is a thorough
reevaluation of existing security
23
Questions?
Contact me at: http://www.linkedin.com/in/rhoton