Rogue Access Point Leads to Embarrassment
An unauthorized and undetected wireless access point lets a visitor into the corporate LAN.
Computerworld - My company is now down one employee. The person I wrote about last time , who authorities suspected was using his workstation to trade child pornography, was escorted from the premises last week.
Since receiving the search warrant that led to his dismissal, I haven't heard anything from the investigators, but I'm sure the guy is in big trouble. We had a chance to analyze the image of his hard drive, and there were extensive directories with different categories of porn. Not that you'd notice unless you opened the files: He had saved almost all of the images with innocuous-sounding file names. I'm sure this was done to bypass our filters, which detect files that have words related to pornography. I don't think my company will suffer any loss as a result of this guy's departure, as he seems to have spent most of his time at work on his illicit collection.
This week I received a message from a friend of mine who works for a vendor my company uses. He suggested that my security team and I review our wireless policy, because he was able to connect to our corporate intranet via an open wireless access point while visiting another department recently. This was both surprising and embarrassing, since we have established a policy on wireless LAN use and thought we had rooted out problem devices months ago.
I called my friend, and he said he had been visiting one of our software development centers to give a demonstration of his company's debugging software when he noticed a problem. During the presentation, his personal firewall started popping up messages, asking for permission to allow connections to the Internet.
But he wasn't physically attached to the network and was in the middle of giving a PowerPoint presentation. After the meeting, he did some checking and noticed that his laptop's integrated WLAN adapter had automatically connected to an access point in our facility. The Service Set Identifier code on that access point was set to the default name "default" with no encryption enabled, so he had unfettered access to our corporate intranet.
My team and I try to be proactive in monitoring for these problems. We use the AirWave Management Platform from AirWave Wireless Inc. in San Mateo, Calif., in combination with access points from 3e Technologies International Inc. in Rockville, Md., to scan for rogue devices. But we use it only at our corporate headquarters. We don't have the budget to purchase this infrastructure for remote offices such as the software development center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts