The Web    Google
AirDefense Describes Lack of Client Security at Show

AirDefense Describes Lack of Client Security at Show
July 2, 2003

Alpharetta, Georgia-based AirDefense previously reported on what it saw as a severe lack of wireless LAN security at the May Networld+Interop show in Las Vegas. And that was from just a two-hour monitoring sweep.

Last week at our own 802.11 Planet Conference & Expo in Boston's World Trade Center, AirDefense set up two different locations on the exhibit floor to keep an eye on all the WLAN traffic for three full days -- the company was billed as the official 802.11 Planet security provider.

In all, the two monitoring centers detected as many as 523 client stations connecting to the 141 available access points. And sadly, the results since the last big networking show haven't changed much. In fact, end users taking advantage of the free wireless Internet access on the show floor left themselves especially open to hackers, whether malicious or curious.

The direct threats the company detected included scans by tools like Netstumbler (149), spoofed MAC addresses used for identity thefts (84), Man-in-the-Middle attacks (32 attempted, three successful), and Denial-of-Service (DoS) attacks (105) .

The company even says it collected the signatures for as many as five attacks that have not yet been documented.

All of the above has to be expected at a show that focuses on wireless-- imagine what it's like at a show just for hackers. But perhaps more interesting is the numbers indicating how individual end users left themselves vulnerable. In the process of surfing the Web, checking e-mail, and instant messaging (the three most popular past-times of attendees... hopefully so they could share information about the quality of the panels and workshops...), few if any did so with any security. In fact, at most, AirDefense saw only 12 percent of users utilizing a secure tunneled Virtual Private Network (VPN) connection when checking corporate e-mail.

Even worse, a total of 84 end users had set up their 802.11 client stations to allow an ad hoc connection -- and 17 ad hoc networks were formed. This means users could have accidentally connected directly with other users, sharing files they won't want to share and the possibility of being subject to direct attacks

AirDefense says the "most alarming vulnerabilities" included 74 users with open Service Set Identifiers (SSID) . This allowed the computer in question to automatically connect to the strongest signal it could find, no matter whose access point was putting out the signal. Again, like in the ad hoc connections above, users could have been subject to direct attack or snooping -- in fact, they could easily be connecting to access points not even within the walls of the conference.

AirDefense sells a self-titled WLAN security platform which captures all wireless information, and includes tools such as RogueWatch for detecting rogue access points, and AirDefense Guard for intrusion protection. The platform features a Linux-based central server appliance accessed via SSL Web browser interface for management; the server connects to remote sensors that monitor all packets in the air, something AirDefense has compared to video security cameras that just monitor WLAN traffic.

  • 3/9: Forbot-AB Worm Uses Network Shares
  • Macromedia Patches MX 2004 Security Flaws
  • I've Been Framed
  • 11/9: Rbot-PG Worm also a Trojan
  • MARID Floats Sender ID Compromise
  • Data Brokers Step Into Senate Panel's Fire
  • The Worm That Won't Go Away
  • 10/29: Singu-B Allows Remote Access
  • Meta Group Slams Wireless LAN Suppliers on Security
  • 11/8: Trojan.Beagooz Collects Addresses
  • Outlook Express Bug; MSN IM Worm Detected
  • Buy Security Camera