So, there is this large bank. They are handling a lot of sensitive financial transactions. So, security is paramount to them. They decide not to allow any Wi-Fi device in the premises of the bank. Are they isolated from the threats of Wi-Fi networks? Not exactly.
Rogue Access Points: Imagine that some employees are upset about not having a wireless connectivity at work. So, they just shop for the cheapest access point available and bring it to the bank and put it up on a network port and start accessing the Wi-Fi network. This also happens with the senior management. This is definitely a threat. The access point is inviting a hacker by creating a deep hole in the network. What if that access point does not require authentication, what if that access point has default SSID, user name and passwords (these information are available on the internet), what if the access points don’t have any encryption or has a weak encryption like WEP?
Neighbouring Access Points: Well, any bank in the centre of a city is always surrounded by a lot of buildings, hotels etc. All of them have some or the other wireless connectivity for browsing internet. So, what if the employee connects to their network and starts using the internet? Is he not violating the security policy by exposing his own internal network to a third party?
Ad hoc network: A laptop loaded with Vista, for example, can connect to another laptop loaded with Vista over Wi-Fi. This is called peer to peer networking or Ad-hoc network. Of course the Wi-Fi adaptors on both the laptops need to be on for this to happen. But if it happens, normally there is no authentication for such type of connection and there is no encryption either. So, if a visitor is able to connect to the internal laptop this way, he could get access to the network, especially if the Wired to Wireless bridge mode is enabled in the laptop.
Mobiles and PDA’s: A lot of electronic gadgets like mobiles, PDA’s etc come with Wi-Fi adaptors today to connect to the wireless network. So, what if the employees, visitors and everyone have their Wi-Fi adaptors switched on always? The mobiles of the visitors can make a wireless connection with a laptop, inside.
Honeypot attacks: There are a lot of wireless attacks which may not involve an access point inside. The hacker may have an access point with a powerful antenna in his car, outside the bank and set up an SSID like “T mobile Internet”, for example. So, the employees maybe lured in to that AP for free internet from which he could gain access to the internal network.
So, having a “No wireless” policy does not necessarily mean that there may not be any wireless threats. How can the Wi-Fi infrastructure (Wireless Intrusion Prevention) help monitor and prevent such threats?
Wireless Intrusion Prevention infrastructure is similar to Wi-Fi infrastructure. Here, specialised Access Points are put up across the campus for coverage (Similar to Wi-Fi coverage) and they keep monitoring the air continuously in all the channels where Wi-Fi connectivity could take place. If there are any active Wi-Fi clients/ access points in the premises, the network administrator is notified and they could opt to do a reverse DOS (Denial of Service) attack on the client / AP to stop it from functioning or they could go and physically remove/stop the Wi-Fi transmitting device. This is helped by having a visual map of the whole network and all wireless activity could be monitored through this map. So, there is obviously a controller or software to give a centralized control of all the sensor access points deployed across the network. Some vendors have the same access points to do wireless intrusion prevention and wireless access. Some vendors can do both wireless intrusion and give wireless access simultaneously. They can also prevent the above threats from happening.
They can, for example, identify and classify the rouge access points from the neighbouring access points, they can ensure that the clients in the no-wireless zone do not connect to an external access point, can identify and prevent ad-hoc networks, can help monitor if the mobile wi-fi adaptors are on or off and the range they cover, the location of all active Wi-Fi clients can be ascertained over the floor plans that are pre-loaded in the system for locating from where the wireless signals are originating, prevent honey pot type of attacks from happening, etc.
You could stay up to date on the various computer networking technologies by subscribing to this blog with your email address in the sidebar box mentioned as “Get email updates when new articles are published”