SlideShare uma empresa Scribd logo

Conquering Soft Rogue APs

AirTight Networks
AirTight Networks

The document discusses the threat of "soft rogue APs" which are wireless access points created unintentionally or maliciously using laptops or other wireless devices connected to an enterprise network. Soft APs are easy to enable and can provide unauthorized wireless access to the enterprise network. The document reviews common methods for creating soft APs and recommends using a wireless intrusion prevention system to continuously monitor for and block soft AP activity to protect the network.

Tecnologia
1 de 6
Baixar para ler offline
Conquering the Minefield of Soft Rogue APs in the Enterprise A Whitepaper by AirTight Networks www.airtightnetworks.com
Conquering the Minefield of Soft Rogue APs in the Enterprise Dr. Hemant Chaskar Director of Technology, AirTight Networks Overview A soft access point (AP) is a laptop or other wireless enabled device which performs traffic forwarding between its wireless interface and some other interface which is connected to the secure network. A soft AP can show up as rogue access point on the enterprise network. This can happen inadvertently, for example, when an employee has used a company owned laptop as an AP to share Internet connection at home and later forgets to disable the sharing. A soft AP can, however, be maliciously installed as it is perfect hacker “solution” to put a rogue AP on a network while evading wire-side controls such as 802.1x, NACs and wireside- only rogue AP scanners. Recently, soft APs increasingly have been found in enterprise networks. One main reason behind this is the ease with which end user devices enable soft AP configuration on embedded WiFi interfaces. In most cases, only couple of clicks is what it takes to enable soft AP on the end user device. Notably, while conventional rogue APs required bringing in unmanaged hardware such as home grade WiFi router into the enterprise, soft APs are embedded already in the end user devices. This paper reviews some of the commonly found ways to convert WiFi enabled devices into soft APs. Here Windows OS is used as example, but similar configurations can also be done on many end user devices including the handheld devices such as PDAs and smart phones. The paper also suggests what steps you can take to protect your network from soft AP threats. © 2010 AirTight Networks, Inc 2/6 www.airtightnetworks.com
Commonly Found Soft AP Configurations The following are some commonly found soft AP configurations. 1. Windows Network Bridge: A network bridge can be created between the wired Ethernet interface and the wireless WiFi interface of a Windows laptop. If the wired Ethernet interface is connected to the enterprise network, the network can be accessed by intruders from outside of premises who connect wirelessly to the WiFi interface. The intruders will have layer 2 access to the enterprise network. 2. Internet Connection Sharing (ICS): © 2010 AirTight Networks, Inc 3/6 www.airtightnetworks.com
When Internet Connection Sharing (ICS) is enabled on a Windows laptop, a routing (NAT) service is created between its wired Ethernet interface and wireless WiFi interface. If the wired Ethernet interface is connected to enterprise network, the network can be accessed by an intruder from outside of the premises by wirelessly connecting to the WiFi interface. The intruder will have layer 3 access to the enterprise network. 3. Add-on Devices on Laptop: External devices can be connected to the laptop to turn it into a soft AP. For example, USB devices such as Windy31 and PCMCIA cards such as WP1200, are available and can act as wireless access points when plugged into the laptop. Devices such as Windy31 also come built in with AP software which auto-installs when the device is plugged into the laptop. The WiFi AP running on such devices can bridge or route traffic to the wired network through the laptop. Windy31 4. Virtual WiFi Interfaces (Windows 7): Windows 7 has introduced the virtual WiFi interfaces feature. This feature enables a single radio interface on the device to act as multiple WiFi devices simultaneously. Software tools such as “connectify” are available to enable both client and AP simultaneously on the radio interface of the Windows 7 laptop. If such radio interface is connected to enterprise network as authorized corporate © 2010 AirTight Networks, Inc 4/6 www.airtightnetworks.com
WiFi client, unauthorized users from outside of the premises can connect to the AP operating on the same radio interface and then access the enterprise network. Soft APs on Handheld Devices The virtual interfaces mark a significant development as they extend soft AP threat from laptops to handheld devices. The handheld devices typically do not have wired Ethernet interface, so the first three methods are generally not applicable to them. However, with the advent of virtual interfaces, it is now possible to use a WiFi radio in the handheld device to simultaneously act as authorized corporate WiFi client and unauthorized soft WiFi AP. © 2010 AirTight Networks, Inc 5/6 www.airtightnetworks.com
Protection from Soft APs Since it is so easy to convert end user laptops and WiFi enabled handheld devices into soft rogue APs, enterprises need to be continuously monitoring to understand if any soft APs are present on their networks. Monitoring for soft APs requires wireless scanning tools such as wireless intrusion prevention system (WIPS) comprising of wireless monitoring sensors. WIPS sensors can continuously track the wireless activity of end user devices and detect soft AP activity. They can also block soft AP activity over the air. Sensor SpectraGuard® Enterprise Firewall Wireless Intrusion Prevention System Internet While there are many WIPS offerings available in the market, it is essential to evaluate if they can provide protection against all scenarios of soft APs, before installing them in your network. AirTight Networks offers SpectraGuard® Enterprise overlay WIPS which is capable of protecting against all types of soft AP activity due to its unique active classification™ technology enabled by patented marker packet techniques. It is also worth noting that WIPS also provides protection from many other WiFi threats such as conventional rogue APs, mis-associations, ad hoc connections, WiPhishing, wireless DoS attacks etc. (which are not discussed in this paper), helps meet compliance requirements (e.g., PCI, HIPAA etc.), and also provides performance monitoring and troubleshooting for the WLAN. For more information on WiFi security, WIPS and AirTight Networks, please visit www.airtightnetworks.com. You can also review recorded webinar on this topic of soft rogue APs at https://admin.acrobat.com/_a1013426351/p54357857/. © 2010 AirTight Networks, Inc 6/6 www.airtightnetworks.com

Recomendados

Top 5 wi fi security threats
Top 5 wi fi security threatsTop 5 wi fi security threats
Top 5 wi fi security threatsgruzabb
 
Wns rogues wp_1011_v3
Wns rogues wp_1011_v3Wns rogues wp_1011_v3
Wns rogues wp_1011_v3Advantec Distribution
 
Windows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the EnterpriseWindows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the EnterpriseAirTight Networks
 
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...ProductNation/iSPIRT
 
Controlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksControlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksIcomm Technologies
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeBlock Armour
 
Implementing Enterprise Wireless Security Policy in the BYOD Era
Implementing Enterprise Wireless Security Policy in the BYOD EraImplementing Enterprise Wireless Security Policy in the BYOD Era
Implementing Enterprise Wireless Security Policy in the BYOD EraKappa Data
 
Attacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network SecurityAttacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network Securityijtsrd
 

Recomendados

Top 5 wi fi security threats
Top 5 wi fi security threatsTop 5 wi fi security threats
Top 5 wi fi security threatsgruzabb
 
Wns rogues wp_1011_v3
Wns rogues wp_1011_v3Wns rogues wp_1011_v3
Wns rogues wp_1011_v3Advantec Distribution
 
Windows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the EnterpriseWindows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the EnterpriseAirTight Networks
 
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...ProductNation/iSPIRT
 
Controlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksControlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksIcomm Technologies
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeBlock Armour
 
Implementing Enterprise Wireless Security Policy in the BYOD Era
Implementing Enterprise Wireless Security Policy in the BYOD EraImplementing Enterprise Wireless Security Policy in the BYOD Era
Implementing Enterprise Wireless Security Policy in the BYOD EraKappa Data
 
Attacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network SecurityAttacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network Securityijtsrd
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalFrank Siepmann
 
How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? Forescout Technologies Inc
 
Wifi Rental services- RAC IT Solution
Wifi Rental services- RAC IT SolutionWifi Rental services- RAC IT Solution
Wifi Rental services- RAC IT SolutionRAC IT Solutions Pvt. Ltd
 
Call for Papers - International Journal of Network Security & Its Application...
Call for Papers - International Journal of Network Security & Its Application...Call for Papers - International Journal of Network Security & Its Application...
Call for Papers - International Journal of Network Security & Its Application...IJNSA Journal
 
Esd Networks India
Esd Networks IndiaEsd Networks India
Esd Networks IndiaESD Networks India
 
Esd Networks india
Esd Networks indiaEsd Networks india
Esd Networks indiaESD Networks India
 
The Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereThe Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereForescout Technologies Inc
 
ForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk ReportForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk ReportForescout Technologies Inc
 
Iot(security)
Iot(security)Iot(security)
Iot(security)Shreya Pohekar
 
Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)Ryan Orsi
 
Sophos Wireless Protection Overview
Sophos Wireless Protection OverviewSophos Wireless Protection Overview
Sophos Wireless Protection OverviewSophos
 
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTTransforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTForescout Technologies Inc
 
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin RodillasTI Safe
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Securitynoornabi16
 
Shining a Light on Shadow Devices
Shining a Light on Shadow DevicesShining a Light on Shadow Devices
Shining a Light on Shadow DevicesForescout Technologies Inc
 
Intelligence Driven Security
Intelligence Driven SecurityIntelligence Driven Security
Intelligence Driven SecurityMarketingArrowECS_CZ
 
Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Block Armour
 
F-Secure Corporation
F-Secure CorporationF-Secure Corporation
F-Secure CorporationPratima Potturu
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
RAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan BansalRAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan BansalOWASP Delhi
 
ART 315 LECTURE 11Richard Hamilton, Just What Is It Th.docx
ART 315 LECTURE 11Richard Hamilton, Just What Is It Th.docxART 315 LECTURE 11Richard Hamilton, Just What Is It Th.docx
ART 315 LECTURE 11Richard Hamilton, Just What Is It Th.docxfestockton
 
About the Lucas County Maumee River Waste Water Treatment Pl.docx
About the Lucas County Maumee River Waste Water Treatment Pl.docxAbout the Lucas County Maumee River Waste Water Treatment Pl.docx
About the Lucas County Maumee River Waste Water Treatment Pl.docxdaniahendric
 

Mais conteúdo relacionado

Mais procurados

IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalFrank Siepmann
 
How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? Forescout Technologies Inc
 
Call for Papers - International Journal of Network Security & Its Application...
Call for Papers - International Journal of Network Security & Its Application...Call for Papers - International Journal of Network Security & Its Application...
Call for Papers - International Journal of Network Security & Its Application...IJNSA Journal
 
The Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereThe Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereForescout Technologies Inc
 
Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)Ryan Orsi
 
Sophos Wireless Protection Overview
Sophos Wireless Protection OverviewSophos Wireless Protection Overview
Sophos Wireless Protection OverviewSophos
 
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTTransforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTForescout Technologies Inc
 
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin RodillasTI Safe
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Securitynoornabi16
 
Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Block Armour
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
RAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan BansalRAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan BansalOWASP Delhi
 

Mais procurados (20)

IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
 
How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System?
 
Wifi Rental services- RAC IT Solution
Wifi Rental services- RAC IT SolutionWifi Rental services- RAC IT Solution
Wifi Rental services- RAC IT Solution
 
Call for Papers - International Journal of Network Security & Its Application...
Call for Papers - International Journal of Network Security & Its Application...Call for Papers - International Journal of Network Security & Its Application...
Call for Papers - International Journal of Network Security & Its Application...
 
Esd Networks India
Esd Networks IndiaEsd Networks India
Esd Networks India
 
Esd Networks india
Esd Networks indiaEsd Networks india
Esd Networks india
 
The Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereThe Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's Here
 
ForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk ReportForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk Report
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)
 
Sophos Wireless Protection Overview
Sophos Wireless Protection OverviewSophos Wireless Protection Overview
Sophos Wireless Protection Overview
 
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTTransforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
 
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Security
 
Shining a Light on Shadow Devices
Shining a Light on Shadow DevicesShining a Light on Shadow Devices
Shining a Light on Shadow Devices
 
Intelligence Driven Security
Intelligence Driven SecurityIntelligence Driven Security
Intelligence Driven Security
 
Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud
 
F-Secure Corporation
F-Secure CorporationF-Secure Corporation
F-Secure Corporation
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoT
 
RAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan BansalRAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan Bansal
 

Semelhante a Conquering Soft Rogue APs

ART 315 LECTURE 11Richard Hamilton, Just What Is It Th.docx
ART 315 LECTURE 11Richard Hamilton, Just What Is It Th.docxART 315 LECTURE 11Richard Hamilton, Just What Is It Th.docx
ART 315 LECTURE 11Richard Hamilton, Just What Is It Th.docxfestockton
 
About the Lucas County Maumee River Waste Water Treatment Pl.docx
About the Lucas County Maumee River Waste Water Treatment Pl.docxAbout the Lucas County Maumee River Waste Water Treatment Pl.docx
About the Lucas County Maumee River Waste Water Treatment Pl.docxdaniahendric
 
IRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET Journal
 
Ichci13 submission 104 (1)
Ichci13 submission 104 (1)Ichci13 submission 104 (1)
Ichci13 submission 104 (1)Saravana Kumar
 
2020 IEI PUZZLE series network appliance brochure
2020 IEI PUZZLE series network appliance brochure2020 IEI PUZZLE series network appliance brochure
2020 IEI PUZZLE series network appliance brochureIEI Integration Corp.
 
The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceIcomm Technologies
 
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdf
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdfWireless Security – From A to Z – Types, Threats, To How to Secure.pdf
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdfSeanHussey8
 
Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and ScienceResearch Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Scienceinventy
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI IJNSA Journal
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIJNSA Journal
 
Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013AirTight Networks
 

Semelhante a Conquering Soft Rogue APs (20)

ART 315 LECTURE 11Richard Hamilton, Just What Is It Th.docx
ART 315 LECTURE 11Richard Hamilton, Just What Is It Th.docxART 315 LECTURE 11Richard Hamilton, Just What Is It Th.docx
ART 315 LECTURE 11Richard Hamilton, Just What Is It Th.docx
 
About the Lucas County Maumee River Waste Water Treatment Pl.docx
About the Lucas County Maumee River Waste Water Treatment Pl.docxAbout the Lucas County Maumee River Waste Water Treatment Pl.docx
About the Lucas County Maumee River Waste Water Treatment Pl.docx
 
IRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate Environment
 
Hotspot!
Hotspot!Hotspot!
Hotspot!
 
AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011
 
Ichci13 submission 104 (1)
Ichci13 submission 104 (1)Ichci13 submission 104 (1)
Ichci13 submission 104 (1)
 
Wi Fi
Wi FiWi Fi
Wi Fi
 
2020 IEI PUZZLE series network appliance brochure
2020 IEI PUZZLE series network appliance brochure2020 IEI PUZZLE series network appliance brochure
2020 IEI PUZZLE series network appliance brochure
 
The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work force
 
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdf
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdfWireless Security – From A to Z – Types, Threats, To How to Secure.pdf
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdf
 
Wireless Lan Security
Wireless Lan SecurityWireless Lan Security
Wireless Lan Security
 
How Popular of a Hotspot.pdf
How Popular of a Hotspot.pdfHow Popular of a Hotspot.pdf
How Popular of a Hotspot.pdf
 
Wi fi technology
Wi fi technologyWi fi technology
Wi fi technology
 
Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and ScienceResearch Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Science
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
 
Nanu
NanuNanu
Nanu
 
Wi Fi
Wi FiWi Fi
Wi Fi
 
Ad enterprise datasheet
Ad enterprise datasheetAd enterprise datasheet
Ad enterprise datasheet
 
Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013
 

Mais de AirTight Networks

Is 11ac Right for Your Network?
Is 11ac Right for Your Network?Is 11ac Right for Your Network?
Is 11ac Right for Your Network?AirTight Networks
 
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014AirTight Networks
 
Wi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise ThyselfWi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise ThyselfAirTight Networks
 
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014AirTight Networks
 
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration AirTight Networks
 
AirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSPAirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSPAirTight Networks
 
AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6AirTight Networks
 
AirTight social wifi solution brief
AirTight social wifi solution briefAirTight social wifi solution brief
AirTight social wifi solution briefAirTight Networks
 
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...AirTight Networks
 
Survey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise SecuritySurvey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise SecurityAirTight Networks
 
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...AirTight Networks
 
Non WiFi interference combat guide 1
Non WiFi interference combat guide 1Non WiFi interference combat guide 1
Non WiFi interference combat guide 1AirTight Networks
 
WPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQsWPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQsAirTight Networks
 
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation StrategiesWPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation StrategiesAirTight Networks
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsAirTight Networks
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresAirTight Networks
 
Retail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsRetail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsAirTight Networks
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseAirTight Networks
 
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?AirTight Networks
 

Mais de AirTight Networks (20)

Is 11ac Right for Your Network?
Is 11ac Right for Your Network?Is 11ac Right for Your Network?
Is 11ac Right for Your Network?
 
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
 
Wi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise ThyselfWi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise Thyself
 
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
 
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
 
AirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSPAirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSP
 
AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6
 
AirTight social wifi solution brief
AirTight social wifi solution briefAirTight social wifi solution brief
AirTight social wifi solution brief
 
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
 
Survey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise SecuritySurvey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise Security
 
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
 
Non WiFi interference combat guide 1
Non WiFi interference combat guide 1Non WiFi interference combat guide 1
Non WiFi interference combat guide 1
 
WPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQsWPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQs
 
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation StrategiesWPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
 
802.11w Tutorial
802.11w Tutorial802.11w Tutorial
802.11w Tutorial
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
 
Retail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsRetail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—Recommendations
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your Enterprise
 
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
 

Último

H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 

Último (20)

H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 

Conquering Soft Rogue APs

  • 1. Conquering the Minefield of Soft Rogue APs in the Enterprise A Whitepaper by AirTight Networks www.airtightnetworks.com
  • 2. Conquering the Minefield of Soft Rogue APs in the Enterprise Dr. Hemant Chaskar Director of Technology, AirTight Networks Overview A soft access point (AP) is a laptop or other wireless enabled device which performs traffic forwarding between its wireless interface and some other interface which is connected to the secure network. A soft AP can show up as rogue access point on the enterprise network. This can happen inadvertently, for example, when an employee has used a company owned laptop as an AP to share Internet connection at home and later forgets to disable the sharing. A soft AP can, however, be maliciously installed as it is perfect hacker “solution” to put a rogue AP on a network while evading wire-side controls such as 802.1x, NACs and wireside- only rogue AP scanners. Recently, soft APs increasingly have been found in enterprise networks. One main reason behind this is the ease with which end user devices enable soft AP configuration on embedded WiFi interfaces. In most cases, only couple of clicks is what it takes to enable soft AP on the end user device. Notably, while conventional rogue APs required bringing in unmanaged hardware such as home grade WiFi router into the enterprise, soft APs are embedded already in the end user devices. This paper reviews some of the commonly found ways to convert WiFi enabled devices into soft APs. Here Windows OS is used as example, but similar configurations can also be done on many end user devices including the handheld devices such as PDAs and smart phones. The paper also suggests what steps you can take to protect your network from soft AP threats. © 2010 AirTight Networks, Inc 2/6 www.airtightnetworks.com
  • 3. Commonly Found Soft AP Configurations The following are some commonly found soft AP configurations. 1. Windows Network Bridge: A network bridge can be created between the wired Ethernet interface and the wireless WiFi interface of a Windows laptop. If the wired Ethernet interface is connected to the enterprise network, the network can be accessed by intruders from outside of premises who connect wirelessly to the WiFi interface. The intruders will have layer 2 access to the enterprise network. 2. Internet Connection Sharing (ICS): © 2010 AirTight Networks, Inc 3/6 www.airtightnetworks.com
  • 4. When Internet Connection Sharing (ICS) is enabled on a Windows laptop, a routing (NAT) service is created between its wired Ethernet interface and wireless WiFi interface. If the wired Ethernet interface is connected to enterprise network, the network can be accessed by an intruder from outside of the premises by wirelessly connecting to the WiFi interface. The intruder will have layer 3 access to the enterprise network. 3. Add-on Devices on Laptop: External devices can be connected to the laptop to turn it into a soft AP. For example, USB devices such as Windy31 and PCMCIA cards such as WP1200, are available and can act as wireless access points when plugged into the laptop. Devices such as Windy31 also come built in with AP software which auto-installs when the device is plugged into the laptop. The WiFi AP running on such devices can bridge or route traffic to the wired network through the laptop. Windy31 4. Virtual WiFi Interfaces (Windows 7): Windows 7 has introduced the virtual WiFi interfaces feature. This feature enables a single radio interface on the device to act as multiple WiFi devices simultaneously. Software tools such as “connectify” are available to enable both client and AP simultaneously on the radio interface of the Windows 7 laptop. If such radio interface is connected to enterprise network as authorized corporate © 2010 AirTight Networks, Inc 4/6 www.airtightnetworks.com
  • 5. WiFi client, unauthorized users from outside of the premises can connect to the AP operating on the same radio interface and then access the enterprise network. Soft APs on Handheld Devices The virtual interfaces mark a significant development as they extend soft AP threat from laptops to handheld devices. The handheld devices typically do not have wired Ethernet interface, so the first three methods are generally not applicable to them. However, with the advent of virtual interfaces, it is now possible to use a WiFi radio in the handheld device to simultaneously act as authorized corporate WiFi client and unauthorized soft WiFi AP. © 2010 AirTight Networks, Inc 5/6 www.airtightnetworks.com
  • 6. Protection from Soft APs Since it is so easy to convert end user laptops and WiFi enabled handheld devices into soft rogue APs, enterprises need to be continuously monitoring to understand if any soft APs are present on their networks. Monitoring for soft APs requires wireless scanning tools such as wireless intrusion prevention system (WIPS) comprising of wireless monitoring sensors. WIPS sensors can continuously track the wireless activity of end user devices and detect soft AP activity. They can also block soft AP activity over the air. Sensor SpectraGuard® Enterprise Firewall Wireless Intrusion Prevention System Internet While there are many WIPS offerings available in the market, it is essential to evaluate if they can provide protection against all scenarios of soft APs, before installing them in your network. AirTight Networks offers SpectraGuard® Enterprise overlay WIPS which is capable of protecting against all types of soft AP activity due to its unique active classification™ technology enabled by patented marker packet techniques. It is also worth noting that WIPS also provides protection from many other WiFi threats such as conventional rogue APs, mis-associations, ad hoc connections, WiPhishing, wireless DoS attacks etc. (which are not discussed in this paper), helps meet compliance requirements (e.g., PCI, HIPAA etc.), and also provides performance monitoring and troubleshooting for the WLAN. For more information on WiFi security, WIPS and AirTight Networks, please visit www.airtightnetworks.com. You can also review recorded webinar on this topic of soft rogue APs at https://admin.acrobat.com/_a1013426351/p54357857/. © 2010 AirTight Networks, Inc 6/6 www.airtightnetworks.com