AirDefense Describes Lack of Client Security at Show

www.wi-fiplanet.com/news/article.php/2231021

Back to Article

AirDefense Describes Lack of Client Security at Show
July 2, 2003

Alpharetta, Georgia-based AirDefense previously reported on what it saw as a severe lack of wireless LAN security at the May Networld+Interop show in Las Vegas. And that was from just a two-hour monitoring sweep.
Last week at our own 802.11 Planet Conference & Expo in Boston's World Trade Center, AirDefense set up two different locations on the exhibit floor to keep an eye on all the WLAN traffic for three full days -- the company was billed as the official 802.11 Planet security provider.
In all, the two monitoring centers detected as many as 523 client stations connecting to the 141 available access points. And sadly, the results since the last big networking show haven't changed much. In fact, end users taking advantage of the free wireless Internet access on the show floor left themselves especially open to hackers, whether malicious or curious.
The direct threats the company detected included scans by tools like Netstumbler (149), spoofed MAC addresses used for identity thefts (84), Man-in-the-Middle attacks (32 attempted, three successful), and Denial-of-Service (DoS) attacks (105) .
The company even says it collected the signatures for as many as five attacks that have not yet been documented.
All of the above has to be expected at a show that focuses on wireless-- imagine what it's like at a show just for hackers. But perhaps more interesting is the numbers indicating how individual end users left themselves vulnerable. In the process of surfing the Web, checking e-mail, and instant messaging (the three most popular past-times of attendees... hopefully so they could share information about the quality of the panels and workshops...), few if any did so with any security. In fact, at most, AirDefense saw only 12 percent of users utilizing a secure tunneled Virtual Private Network (VPN) connection when checking corporate e-mail.
Even worse, a total of 84 end users had set up their 802.11 client stations to allow an ad hoc connection -- and 17 ad hoc networks were formed. This means users could have accidentally connected directly with other users, sharing files they won't want to share and the possibility of being subject to direct attacks
AirDefense says the "most alarming vulnerabilities" included 74 users with open Service Set Identifiers (SSID) . This allowed the computer in question to automatically connect to the strongest signal it could find, no matter whose access point was putting out the signal. Again, like in the ad hoc connections above, users could have been subject to direct attack or snooping -- in fact, they could easily be connecting to access points not even within the walls of the conference.
AirDefense sells a self-titled WLAN security platform which captures all wireless information, and includes tools such as RogueWatch for detecting rogue access points, and AirDefense Guard for intrusion protection. The platform features a Linux-based central server appliance accessed via SSL Web browser interface for management; the server connects to remote sensors that monitor all packets in the air, something AirDefense has compared to video security cameras that just monitor WLAN traffic.

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Whitepapers and eBooks
IBM Whitepaper: Innovative Collaboration to Advance Your Business Internet.com eBook: Real Life Rails Avaya Article: Call Control XML - Powerful, Standards-Based Call Control Tripwire Whitepaper: Seven Practical Steps to Mitigate Virtualization Security Risks Internet.com eBook: The Pros and Cons of Outsourcing Go Parallel Article: Scalable Parallelism with Intel(R) Threading Building Blocks Internet.com eBook: Best Practices for Developing a Web Site IBM CXO Whitepaper: The 2008 Global CEO Study "The Enterprise of the Future"		Avaya Article: Call Control XML in Action - A CCXML Auto Attendant Go Parallel Article: James Reinders on the Intel Parallel Studio Beta Program IBM CXO Whitepaper: Unlocking the DNA of the Adaptable Workforce--The Global Human Capital Study 2008 Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers Go Parallel Article: Getting Started with TBB on Windows HP eBook: Storage Networking , Part 1 MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts
Go Parallel Video: Intel(R) Threading Building Blocks: A New Method for Threading in C++ HP Video: Is Your Data Center Ready for a Real World Disaster? Microsoft Partner Portal Video: Microsoft Gold Certified Partners Build Successful Practices HP On Demand Webcast: Virtualization in Action Go Parallel Video: Performance and Threading Tools for Game Developers		Rackspace Hosting Center: Customer Videos Intel vPro Developer Virtual Bootcamp HP Disaster-Proof Solutions eSeminar HP On Demand Webcast: Discover the Benefits of Virtualization MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits
Microsoft Download: Silverlight 2 Software Development Kit Beta 2 30-Day Trial: SPAMfighter Exchange Module Red Gate Download: SQL Toolbelt		Iron Speed Designer Application Generator Microsoft Download: Silverlight 2 Beta 2 Runtime MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos
IBM IT Innovation Article: Green Servers Provide a Competitive Advantage Microsoft Article: Expression Web 2 for PHP Developers--Simplify Your PHP Applications		Featured Algorithm: Intel Threading Building Blocks - parallel_reduce MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES