7. Rogue Access Points
• Highest risk when
WLANs are NOT
implemented
– Completely unsecured by
default
– Usually Connected by
naïve users
– Can be strategically placed
by intruders
7
8. Decoy Access Points
• Troubleshooting nightmare
• Denial of Service
• Credential interception
• SSL redirection
8
13. Bridge device
• No need for integrated WWAN
• PCMCIA card sufficient
• Modem
– Bluetooth phone
– USB / RS-232 phone
• Virtually impossible to prevent unless
desktops/laptops are locked down!
13
14. Rogue IPv6
Devices / Networks
What you don’t know will hurt you
• Unauthorized IPv6
devices
– Windows XP: ipv6
install
• Unauthorized Hijacked
Networks Computer
Private
– Internal tunnels Public Internet
Network
• Compromised
Perimeter Victim
– External tunnels Intruder
14
15. IPv6 Transition Exposure
• IPv6 is available
• IPv6 is in use
• IPv6 is on many private networks
• IPv6 magnifies the wireless vulnerabilities
• Corporate Security
– does not monitor IPv6
• Corporate IT
– is not familiar with IPv6
• This is irresponsible!
15
17. Refined Network Access
• Binary Access Insufficient
Access Intranet Internet
• Health checks become mandatory (NAP/NAC)
• Complete Access Layer secured (e.g. 802.1x)
17
18. Role-based Access Control
• Bluesocket • Aruba
• Perfigo (Cisco) • HP ProCurve
• Cranite (Vernier)
User Role
Time Access
Schedule IP Address Port
Control
VLAN Location
18
22. Summary
• Security concerns are the greatest inhibitor to
mobility
• Wireless networks and devices introduce new
risks
• Ignoring these technologies does not make
the risks disappear!
• The key to mobile security is a thorough
reevaluation of existing security
22
23. Questions?
Contact me at:
http://www.linkedin.com/in/rhoton
23