• IT
  • internet.com/IT
  • internet.com/CIO
  • internet.com/Security
  • internet.com/Networking
  • internet.com/Storage
  • bITa Planet
  • CIO Update
  • Database Journal
  • Datamation
  • Enterprise IT Planet
  • Enterprise Networking Planet
  • Enterprise Storage Forum
  • eSecurity Planet
  • Hardware Central
  • Intranet Journal
  • ISP Planet
  • ITSMwatch
  • IT Channel Planet
  • Linux Planet
  • Open Networks Today
  • ServerWatch
  • VoIP Planet
  • WebVideoUniverse
  • Wi-Fi Planet
  • WinDrivers.com
  • Network Map
• Developer
  • internet.com/Developer
  • 15 Seconds
  • 4GuysFromRolla.com
  • ASP101
  • CodeGuru
  • Developer.com
  • DevX
  • FlashKit.com
  • Gamelan
  • JARS
  • JavaScript.com
  • JavaScriptSource
  • PHPBuilder.com
  • ScriptSearch
  • VB Forums
  • VB Wire
  • WebDeveloper.com
  • Webreference
  • Network Map
• News
  • Internetnews.com
  • Linux Today
  • Network Map
• Small Business
  • Ecommerce Guide
  • Refer-It
  • SmallBusinessComputing
  • Webopedia
  • WinPlanet
  • Network Map
• Personal Tech
  • BlackBerryToday
  • iPhoneGuide
  • Jumbo
  • Megapixel.net
  • Palm Boulevard
  • PDAStreet
  • PocketPCWire
  • SharkyExtreme
  • Smart Phone Today
  • The List: ASPs
  • The List: Broadband
  • The List: ISPs
  • The List: WebHosts
  • The List: WebDesigners
  • Wi-FiHotSpotList
  • WindowsMobileToday
  • Network Map

• Events
  • JupiterEvents
  • internet.com/webcasts
• Jobs
• Partners
• Solutions
  • eBooks
  • Video
• Shop

• Login
  • Manage My Profile
• Register
  • Why Join?

Search Search internet.com

Subscribe Now! Wi-Fi Planet.com's Daily Newsletter More Free Newsletters Wi-Fi Glossary Find a Wi-Fi Term Wi-Fi® is a registered certification mark of the Wi-Fi Alliance internet.commerce Be a Commerce Partner KVM over IP Boat Donations Prepaid Phone Card Memory Phone Cards Cell Phones Home Improvement Car Donations Free Business Cards Hurricane Shutters Dental Insurance Logo Design Custom Promote Your Website Computer Deals internet.com IT Developer Internet News Small Business Personal Technology International Search internet.com Advertise Corporate Info Newsletters Tech Jobs E-mail Offers

Storage Networking , Part 1 eBook: A storage network is any network that's designed to transport block-level storage protocols. But understanding the ins and outs of networked storage takes you deep into several of protocols. This guide covers SANs, Fibre Channels, Disk Arrays, Fabric, and IP Storage. » Storage Networking 2, Configuration and Planning eBook: Picking up where Part 1 left off, Part 2 of our look at storage networking examines configurations for SAN-attached servers and disk arrays, and also includes a look at the future of IP storage. » Storage Management Costs in the Enterprise: A Comparison of Mid-Range Array Solutions Whitepaper: Many factors contribute to the ownership cost for enterprise storage. These include (but are not limited to): physical capacity relative to physical space requirements, performance capacity for data transfer and system reaction time, software maintenance and updates, expandability and flexibility, and much more. » Storage Is Changing Fast  Be Ready or Be Left Behind PDF: The storage landscape is headed for dramatic change, thanks to new technologies like Fibre Channel over Ethernet (FCoE), pNFS, object-based storage and SAS that will affect everything from NAS and SANs to disk drives. Get the knowledge you need to make the most of your storage environment, now and in the future. » HP StorageWorks EVA4400 Demo: Dont settle for an expensive and complex array that lacks functionality. The HP StorageWorks EVA4400 delivers virtual storage with enterprise class functionality at an affordable price. » >> Wi-Fi Planet Marketplace RELATED ARTICLES • Networking Notes: Security Begins at Home • Foil Wireless Poachers and Have Fun Doing It • Foil Wireless Poachers and Have Fun Doing It (Part 2) • DD-WRT Tutorial 5: Wireless Repeater • Home Networking Made Simple(r) Trend Micro InterScan Trial: It requires no hardware or software to install. It maintains & helps you reclaim IT staff time, end-user productivity, bandwidth, mail server storage & CPU capacity. Getting Phished: Why SSID Spoofing (Still) Matters By Lisa Phifer January 29, 2007 Phony access points (APs) that use spoofed service set identifiers (SSIDs) to lure wireless users are nothing new. Also called evil twin or honeypot rogue APs, these look-alikes have grown common in venues frequented by business executives, including airports and hotels. The next time you connect to any WLAN, ask yourself: are you really certain the AP is legitimate? If not, you could be setting yourself up for a variety of nasty phishing attacks, with personal, professional and financial consequences. Spoofing Has Never Been Easier It's always been simple to configure an AP with someone else's hotspot, corporate or residential SSID. SSIDs are trivial to sniff from an active WLAN and cannot be completely hidden, even if omitted from beacons. Because most wireless clients connect to SSIDs, not APs, nearby users are just as likely to choose a phony or illegitimate AP as they are a legitimate one. Jacking up transmit power and sending deauthenticates can improve the odds of successful misdirection. Once connected, a phony AP can use its man-in-the-middle vantage point to launch a plethora of attacks. For example, the AP can intercept Web requests and supply bogus responses carrying corrupted images or malware (define). Those seeking financial gain are more likely to phish (define)for values like credit card numbers, e-commerce credentials and corporate logins. Identity theft has become big business, and phony APs are a relatively easy way to phish high-value users without raising suspicion or leaving tracks. Unfortunately, easy-to-use platforms are readily available to create a phony AP that phishes for identities and snarfs returned values:    For Windows, a 4-in-1 USB adapter like the ZyXEL G-220 turns any laptop into a software-based host AP, using ICS and another 802.11 or 3G card to relay traffic to the Internet. DNS and HTTP servers installed on the laptop can redirect users to fake Web pages, designed to trick them into revealing sensitive values.    For Linux, there is KARMA, a toolset that combines a host AP and fully-automated SSID spoofing with built-in DNS, HTTP and POP servers for "Bring Your Own" exploits. KARMA takes advantage of wireless client automatic network selection, spoofing any or all of the SSIDs being probed by nearby clients.    For a turnkey appliance, the Airsnarf: Rogue Squadron firmware converts a Linksys WRT54G router into a phony hotspot, complete with login portal, redirection to phishing pages, and Internet backhaul over WDS. Add a WEP cracker, Web page spoofer and common snarfing tools, and you have Evil Bastard—a proof of concept demonstrated at Shmoocon 2006. False Security There's a big difference between knowing that phony APs exist and actually protecting yourself from them. First, let's dispel some popular myths:  Phony APs only affect hotspot users. Wrong. Any SSID can be spoofed; with tools like Hotspotter and KARMA, it is not even necessary to target a single pre-configured SSID. Wireless users at home or work should also be concerned about verifying AP identity.  Using WEP or WPA-PSK stops phony APs. No. If the AP can observe at least some legitimate traffic, either of these static values can be cracked using tools like Aircrack or coWPAtty applied to the phony AP's security settings.  SSL, SSH or VPN protects anyone connected to a phony AP. Not necessarily. A phony AP can use conventional man-in-the-middle tools (e.g., ike_crack, THC-pptp-bruter, sslsniff, sshsniff) to attack all of these protocols. Clients that fail to verify an SSL server's certificate, SSH server's key or VPN gateway's identity can still end up disclosing usernames, passwords or tunneled data. Steps That Can Help It is hard for an end user to visually differentiate between a legitimate AP and one using a spoofed SSID (and perhaps MAC address). But a wireless intrusion prevention system (WIPS) has a broader, full-time view of activity throughout your office. It can spot an AP that wasn't there an hour ago, APs operating with spoofed SSIDs, unusual deauthenticate messages, excessive client roaming between APs, and other signs of possible attack. Companies can deploy WIPS to spot all kinds of rogue APs (including those with spoofed SSIDs), automatically deauthenticating connections made to them by employees. Outside of the office, SSID spoofing detection is harder. Users are surrounded by an ever-changing world of unknown APs. But depending upon the operating system, you can run a WIPS program on your laptop itself. These host-resident programs watch for forbidden or hotspot SSIDs, APs or client behaviors. Some generate alerts to warn users; others can stop connections that violate configured rules. Examples include the Shmoo Group Hot Spot Defense Kit (HSDK), AirTight Network's SpectraGuard SAFE, AirMagnet StreetWISE, Network Chemistry's RFprotect Endpoint, and AirDefense Personal. Proactive steps can also be used to avoid connecting to phony APs in the first place. First, wireless client policies should be configured to connect only to known SSIDs in Infrastructure Mode. This cannot evade phony APs, but it makes a huge dent in accidental or risky connections to unknown SSIDs. For Windows XP clients, client probing can be reduced using the nonbroadcast network option (see Microsoft Knowledge Base article KB917021). To avoid errors when users configure their own security parameters, and to prevent users from even seeing forbidden SSIDs, configure IT-managed wireless policies. ActiveDirectory wireless policies in Windows Vista. Next, connect only to WLANs that employ 802.1X authentication with an EAP-type that lets the client verify the authentication server's identity (e.g., EAP-TLS, EAP-TTLS, PEAP). When configuring 802.1X connections, it is critical to have the client automatically check both server and issuer certificates before sending username and password (or any other type of client credential). When implemented correctly, this makes it difficult for a phony AP to pose as a legitimate AP, because phony APs do not match the legitimate server's digital certificate, and cannot issue their own valid certificate from your certificate authority. Protected EAP Properties window 802.1X is most often employed by corporate WLANs, but can also be used at some hotspots (e.g., iBAHN, T-Mobile.) It can be helpful to use hotspot connection manager programs that automatically check the server's identity during login. But be careful not to accidentally fall back to the hotspot's open, unauthenticated WLAN. To use 802.1X with a home WLAN, you'll need an AP that supports WPA-Enterprise or WPA2-Enterprise (most new APs do) and a simple RADIUS authentication server like WinRadius, FreeRadius or SecureMyWiFi. Some home routers even have a RADIUS server built in. Finally, it is still an excellent idea to utilize higher-layer security measures like SSL, SSH or VPN to protect traffic sent across the Internet or any other public network. Just don't rely on them as a substitute for preventing connections to phony APs. No matter what type of network you use, strong server authentication should be enforced before the client supplies the user's identity. This concept is the key to avoid being phished. RELATED ARTICLES • Networking Notes: Security Begins at Home • Foil Wireless Poachers and Have Fun Doing It • Foil Wireless Poachers and Have Fun Doing It (Part 2) • DD-WRT Tutorial 5: Wireless Repeater • Home Networking Made Simple(r) Tools: Tutorials Archives | 7 day summary Add wi-fiplanet.com to your favorites Add wi-fiplanet.com to your browser search box IE 7 | Firefox 2.0 | Firefox 1.5.x Receive news via our XML/RSS feed Webcast: Five Virtualization Trends to Watch. Produced for HP, Citrix, and Intel. Whitepaper: Enterprise Information Integration--Deployment Best Practices for Low-Cost Implementation Article: Manage Your Windows Infrastructure with Microsoft System Center Visit ServerWatch for the latest server news and trends. Flash Demo: Learn how IBM Information Server Blade is easy to manage, highly scalable and efficient.

Search: Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia Jupitermedia Corporate Info Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy. Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions

Whitepapers and eBooks Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape? Microsoft Article: 7.0, Microsoft's Lucky Version? Microsoft Article: Hyper-V--The Killer Feature in Windows Server 2008 Avaya Article: How to Feed Data into the Avaya Event Processor Microsoft Article: Install What You Need with Windows Server 2008 HP eBook: Putting the Green into IT Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1 Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency Avaya Article: Setting Up a SIP A/S Development Environment IBM Article: How Cool Is Your Data Center? Microsoft Article: Managing Virtual Machines with Microsoft System Center HP eBook: Storage Networking , Part 1 Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007 MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts Intel Video: Are Multi-core Processors Here to Stay? On-Demand Webcast: Five Virtualization Trends to Watch HP Video: Page Cost Calculator Intel Video: APIs for Parallel Programming HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2 MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits Sun Download: Solaris 8 Migration Assistant Sybase Download: SQL Anywhere Developer Edition Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook Red Gate Download: SQL Compare Pro 6 Iron Speed Designer Application Generator MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors IBM Article: Collaborating in the High-Performance Workplace HP Demo: StorageWorks EVA4400 Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class Microsoft How-to Article: Get Going with Silverlight and Windows Live MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES