Rogue Access Point Leads to Embarrassment
An unauthorized and undetected wireless access point lets a visitor into the corporate LAN.
Computerworld - My company is now down one employee. The person I wrote about last time , who authorities suspected was using his workstation to trade child pornography, was escorted from the premises last week.
Since receiving the search warrant that led to his dismissal, I haven't heard anything from the investigators, but I'm sure the guy is in big trouble. We had a chance to analyze the image of his hard drive, and there were extensive directories with different categories of porn. Not that you'd notice unless you opened the files: He had saved almost all of the images with innocuous-sounding file names. I'm sure this was done to bypass our filters, which detect files that have words related to pornography. I don't think my company will suffer any loss as a result of this guy's departure, as he seems to have spent most of his time at work on his illicit collection.
This week I received a message from a friend of mine who works for a vendor my company uses. He suggested that my security team and I review our wireless policy, because he was able to connect to our corporate intranet via an open wireless access point while visiting another department recently. This was both surprising and embarrassing, since we have established a policy on wireless LAN use and thought we had rooted out problem devices months ago.
I called my friend, and he said he had been visiting one of our software development centers to give a demonstration of his company's debugging software when he noticed a problem. During the presentation, his personal firewall started popping up messages, asking for permission to allow connections to the Internet.
But he wasn't physically attached to the network and was in the middle of giving a PowerPoint presentation. After the meeting, he did some checking and noticed that his laptop's integrated WLAN adapter had automatically connected to an access point in our facility. The Service Set Identifier code on that access point was set to the default name "default" with no encryption enabled, so he had unfettered access to our corporate intranet.
My team and I try to be proactive in monitoring for these problems. We use the AirWave Management Platform from AirWave Wireless Inc. in San Mateo, Calif., in combination with access points from 3e Technologies International Inc. in Rockville, Md., to scan for rogue devices. But we use it only at our corporate headquarters. We don't have the budget to purchase this infrastructure for remote offices such as the software development center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts