|
Unauthorized
wireless
devices can expose your organization's confidential data and
critical assets to the outside world. Left connected, these devices
create a dangerous vulnerability at best, and at worst, a company
disaster. Despite the widespread understanding that rogue devices
are a leading security threat facing enterprises today,
organizations continue to look for viable solutions and best
practices for scouring the entire network to ensure that only
approved devices are connected.
There are solutions available to root out unauthorized access points
and other devices acting as access points, known as rogue peers.
However, enterprises and government organizations should look for
solutions that find and eliminate rogue devices while also being
easy to deploy and manage #&151; and cost-effective. A new approach that
should be considered is wired side scanning using a security
appliance, which can be a highly effective, lower cost solution to
protect the entire network.
The Rogue Wireless Device Problem
As enterprise networks expand and more and more devices are
introduced, it is critical to quickly discover and eliminate network
infrastructure that poses a significant risk to the organization.
The emergence of wireless networking has created a host of new
threats that must be addressed under the umbrella of wireless
vulnerability management. In particular, unauthorized devices
connected to the wired network can pose the most acute risk.
Rogue
wireless devices can be broken down into two broad categories:
access point
(AP) based threats and computer based threats. |
Key Terms To
Understanding Rogue Wireless Devices
wireless
The word wireless is dictionary defined as "having no wires". In
networking terminology, wireless is the term used to describe any
computer network where there is no physical wired connection between
sender and receiver, but rather the network is connected by radio
waves and/or microwaves to maintain communications. Wireless
networking utilizes specific equipment such as NICs, APs and routers
in place of wires for connectivity.
access point (AP)
A hardware device or a computer's software that acts as a
communication hub for users of a wireless device to connect to a
wired LAN. APs are important for providing heightened wireless
security and for extending the physical range of service a wireless
user has access to. |
Rogue Access Points
A
rogue access point is an AP which is connected to the
LAN without the blessing of a network administrator. Most commonly,
rogue APs are added to the network by employees or contractors who want
to improve their own productivity by being able to work wirelessly.
Rogue Peers
A rogue peer
is an end-user computer — usually a laptop — that has both bridging and
wireless enabled. Since the basic functions of an access point are
bridging and wireless access, any laptop that has these capabilities
presents a similar vulnerability or worse. In fact, the vulnerability
with a rogue peer can be much more severe than with a rogue AP, because
laptops provide almost no security features to prevent connections from
other unauthorized users.
In addition to the problems of network access
provided by rogue APs or rogue peers, there are also security concerns about
other unauthorized networked devices. For example, a Web camera connected to
the LAN could be used by an attacker to eavesdrop on confidential meetings.
It may have been installed by a well-meaning employee, but it's actually
sharing your trade secrets.
Depending on your organization.s security policy, different devices may be
considered security risks. In some organizations, even the act of connecting
an unauthorized printer to the network is considered a serious
vulnerability.
Discovering Everything on the LAN
The first step to being able to find unauthorized devices on the LAN is to
find everything. The second step is to quickly hone in on the devices which
meet the criteria of being a threat. With the network appliance scanning
approach, a combination of passive and active techniques are used for
discovering devices, because both techniques are needed to discover all of
the devices. Passive techniques place the least load on the network and also
help the system discover the network topology, but some devices may not
communicate very frequently. Active techniques work quickly and are less
dependent on the network topology.
Classification
Accurate classification is critical for any system responsible for
discovering and identifying network infrastructure. Determining what a
networked device is, based upon only what can be observed from the network,
is very much like recognizing your friends from their silhouettes.the one
with the long nose or protruding forehead is easy to recognize, but the
others all look very similar. Solutions using the new wired side scanning
approach collect as much information about each device as possible using the
discovery techniques already mentioned. Once the basic device mapping is
complete, additional probing is used for classification. The system then
combines the information and matches the data against known device
signatures to determine which one matches the best.
With over 300 different manufacturers of access points and tens of thousands
of different models of network equipment, the major challenge for device
classification has been in creating a database of fingerprints for all of
these devices. Typically, the approach has been to acquire one of each
device that needs to be fingerprinted and probe it in a laboratory. This
technique simply can.t scale beyond hundreds of devices. Furthermore, it is
limited to devices which can be easily purchased and acquired, which ignores
devices that are no longer on the market, are only sold in foreign markets,
or are relatively rare.
New collaborative classification techniques are now leveraged for building
the classification database. This process leverages the collaboration of
network administrators and networks.
Remediation
The new wired side solution approach mitigates rogue wireless devices
through the technique of Ethernet port disabling. Enterprises can leverage
configuration capabilities for auto-blocking a particular device type.
Whether automatic or manual, the product will block the switch port for the
rogue wireless device.
Summary
Unauthorized wireless devices connected to the network continue to be
the number one wireless security risk that network administrators need to
address. With new wired side scanning solutions that can find, classify and
remove rogue devices, it is now possible to scan an entire network to
accurately find and remediate these threats. This protects organizations
from wireless threats, whether they have implemented a wireless
infrastructure or need to enforce a "no wireless" policy. And while the bane
of classification systems has been their inability to properly identify
devices and differentiate actual threats from authorized devices, the use of
new classification techniques can finally solve this problem.
|
Did You Know...
There are a couple of ways of detecting Rogue APs. One of the
more popular and cost-effective techniques is to have a
technician perform manual checks with a laptop or PDA running
NetStumbler, a tool designed to detect all wireless networks
within a broadcast area.
[Source:
Wi-Fi Planet] |
Author Dr. Christopher Waters is the CTO at Network Chemistry.
This article originally appeared on Wi-Fi
Planet.
Last updated: March 16, 2007
Wi-Fi Planet:
Track Down Rogue Wireless Access Points
Of all of the threats faced by your network security, few are as potentially
dangerous as the rogue Access Point (AP).
Wi-Fi
Planet
802.11 news, commentary and information.
Wi-FiHotSpotList.com
Search this directory for Wi-Fi hotspots in your region.
Wireless Tips for Road Warriors
If you travel a lot for work, chances are good that your notebook PC is equipped
with a wireless adapter. So it's understandable that you hate the thought of
being tethered to a wired Internet connection . especially a dialup one. Follow
these tips if you find yourself away from home and looking for a wireless
connection. |
