Rogue Access Point Leads to Embarrassment
An unauthorized and undetected wireless access point lets a visitor into the corporate LAN.
Computerworld - My company is now down one employee. The person I wrote about last time , who authorities suspected was using his workstation to trade child pornography, was escorted from the premises last week.
Since receiving the search warrant that led to his dismissal, I haven't heard anything from the investigators, but I'm sure the guy is in big trouble. We had a chance to analyze the image of his hard drive, and there were extensive directories with different categories of porn. Not that you'd notice unless you opened the files: He had saved almost all of the images with innocuous-sounding file names. I'm sure this was done to bypass our filters, which detect files that have words related to pornography. I don't think my company will suffer any loss as a result of this guy's departure, as he seems to have spent most of his time at work on his illicit collection.
This week I received a message from a friend of mine who works for a vendor my company uses. He suggested that my security team and I review our wireless policy, because he was able to connect to our corporate intranet via an open wireless access point while visiting another department recently. This was both surprising and embarrassing, since we have established a policy on wireless LAN use and thought we had rooted out problem devices months ago.
I called my friend, and he said he had been visiting one of our software development centers to give a demonstration of his company's debugging software when he noticed a problem. During the presentation, his personal firewall started popping up messages, asking for permission to allow connections to the Internet.
But he wasn't physically attached to the network and was in the middle of giving a PowerPoint presentation. After the meeting, he did some checking and noticed that his laptop's integrated WLAN adapter had automatically connected to an access point in our facility. The Service Set Identifier code on that access point was set to the default name "default" with no encryption enabled, so he had unfettered access to our corporate intranet.
My team and I try to be proactive in monitoring for these problems. We use the AirWave Management Platform from AirWave Wireless Inc. in San Mateo, Calif., in combination with access points from 3e Technologies International Inc. in Rockville, Md., to scan for rogue devices. But we use it only at our corporate headquarters. We don't have the budget to purchase this infrastructure for remote offices such as the software development center.
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!