Information Security all in one place!

Posts tagged “Wireless access point

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers


Cisco WLCs and Cisco WiSMs are responsible for system-wide wireless
LAN functions, such as security policies, intrusion prevention, RF
management, quality of service (QoS), and mobility.

These devices communicate with controller-based access points over any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure using the Lightweight Access Point Protocol (LWAPP) and the Control and Provisioning of Wireless Access Points (CAPWAP) protocol.

The Cisco Wireless LAN Controller (WLC) product family is affected by
the following vulnerabilities:

* Cisco Wireless LAN Controllers HTTP Denial of Service Vulnerability
* Cisco Wireless LAN Controllers IPv6 Denial of Service Vulnerability
* Cisco Wireless LAN Controllers WebAuth Denial of Service Vulnerability
* Cisco Wireless LAN Controllers Unauthorized Access Vulnerability

Cisco has released free software updates that address these vulnerabilities. Workarounds are available that mitigate some of these vulnerabilities.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-wlc

Affected Products

The Cisco WLC product family is affected by multiple vulnerabilities. Affected versions of Cisco ASA Software vary depending on the specific vulnerability.

Vulnerable Products

Each of the following products is affected by at least one of the vulnerabilities covered in this Security Advisory:

* Cisco 2000 Series WLC
* Cisco 2100 Series WLC
* Cisco 2500 Series WLC
* Cisco 4100 Series WLC
* Cisco 4400 Series WLC
* Cisco 5500 Series WLC
* Cisco 500 Series Wireless Express Mobility Controllers
* Cisco Wireless Services Modules (WiSM)
* Cisco Wireless Services Modules version 2 (WiSM version 2)
* Cisco NME-AIR-WLC Modules for Integrated Services Routers (ISRs)
* Cisco NM-AIR-WLC Modules for Integrated Services Routers (ISRs)
* Cisco Catalyst 3750G Integrated WLCs
* Cisco Flex 7500 Series Cloud Controllers

Measures to mitigate these risks can be found here: http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20120229-wlc

Advertisements

5 Steps for analyzing your WLAN


Assessing Your Wireless Network Security

Wireless network penetration testing—using tools and processes to scan the network environment for vulnerabilities—helps refine an enterprise’s security policy, identify vulnerabilities, and ensure that the security implementation actually provides the protection that the enterprise requires and expects. Regularly performing penetration tests helps enterprises uncover WLAN network security weaknesses that can lead to data or equipment being compromised or
destroyed by exploits (attacks on a network, usually by “exploiting” a vulnerability of the system),Trojans (viruses), denial of service attacks, and other intrusions.

Here is a great article I was reading on Cisco blogs and found it useful to post. Enjoy!

5 Steps for Assessing Your Wireless Network Security

Sampa Choudhuri – Network security is a never-ending task; it requires ongoing vigilance. Securing your wireless network can be particularly tricky because unauthorized users can quietly sneak onto your network, unseen and possibly undetected. To keep your WLAN secure, it’s important to stay on top of new wireless vulnerabilities. By regularly performing a vulnerability assessment on your wireless network, you can identify and close any security holes before a hacker can slip through them.

With a WLAN vulnerability assessment, you’re figuring out what your wireless network looks like to the outside world on the Internet. Is there an easy way in to your network? Can unauthorized devices attach themselves to your network? A WLAN vulnerability assessment can answer these questions—and more.

Teaser:

1. Discover wireless devices on your network. You need to know everything about each wireless device that accesses your network, including wireless routers and wireless access points(WAPs) as well as laptops and other mobile devices. The scanner will look for active traffic in both the 2.4GHz and 5GHz bands of your 802.11n wireless network. Then, document all the data you collect from the scanner about the wireless devices on your network, including each device’s location and owner.

English: A Linksys wireless-G router.

2. Hunt down rogue devices. Rogue devices are wireless devices, such as an access point, that should not be on your network. They should be considered dangerous to your network security and dealt with right away. Take your list of devices from the previous step and compare it to your known inventory of devices. Any equipment you don’t recognize should be blocked from network access immediately. Use the vulnerability scanner to also check for activity on any wireless bands or channels you don’t usually use.

Read the 5 Steps here:

http://blogs.cisco.com/smallbusiness/5-steps-for-assessing-your-wireless-network-security/


NPD: Wi-Fi set to conquer home entertainment devices


BannerFans.com

Wi-Fi is now considered a “must-have” feature for video entertainment devices for the home, according to a new report from NPD In-Stat. The research firm said it expects entertainment devices with Wi-Fi integrated in them to reach 600 million shipments by 2015. Those devices include everything from Blu-ray players to stereo speakers to Wi-Fi-enabled TVs. And in this case, Wi-Fi means 802.11b/g, 802.11n and the new, upstart 802.11ac. NPD In-Stat said more than 28 million Wi-Fi-enabled Blu-ray players will ship in 2013.

Wi-Fi Alliance logo

Image via Wikipedia

In-Stat’s vice president of research, Frank Dickson, asserts in the report that this is because Wi-Fi has evolved from an extra feature to a “must-have” function on entertainment devices:

It is important to note though that Wi-Fi is growing from being simply about getting content from a network to devices, to sharing content between devices, as Wi-Fi evolves from being a network-centric connectivity standard to one that enables peer-to-peer connectivity. New innovations such as Wi-Fi Display and Wi-Fi Direct will fundamentally change the way that content is moved and shared in the home.

The report asserts this covers everything from computers (which have had built-in Wi-Fi support for some time now) to Blu-ray players, digital picture frames, and even speaker systems.

Although the report also includes televisions in this regard (and this might definitely be the case in 2015), there are still many consumers out there that are willing to forgo Wi-Fi on televisions — mainly because HDTVs without Internet connectivity are pretty darn cheap these days.

However, as Internet-connected TVs become cheaper to produce and infiltrate the consumer world a bit more, these higher-end screens will likely come down in price as well. Not to mention that content providers (especially ones like Netflix and Hulu along with many TV app developers) will be pushing for and depending upon the sale of as many Wi-Fi-enabled TVs and other home entertainment products as possible.

Read More: http://tinyurl.com/6o9zpnb


Aruba Brings Wi-Fi to Wall Plates


The typical Wi-Fi deployment today involves access points deployed in hallways or rooms as standalone boxes. As the move towards pervasive wireless access grows, so too have the demands on wireless infrastructure. That’s where Aruba Networks(NASDAQ:ARUN) is aiming to fill a gap with a new wall mountable access point.

Setting up a Wi-Fi connection

Image via Wikipedia

The AP-93H is a 2×2 MIMO 802.11n access point that can be installed on a standard wall mount for wired Ethernet access. The AP-93H has a gigabit uplink port for high-speed connectivity to the wired network for access. The access point is a dual band radio operating in either the 2.4 Ghz or the 5 Ghz ranges. On the software side the device includes the Linux-powered Aruba OS 

Read More: http://tinyurl.com/894jo5v


Meraki Enterprise Cloud Controller for APs


When most vendors were building beefier hardware controllers, Meraki refined its multi-tenant hosted controller service, routinely rolling out new features at no extra cost. This low TCO “out of sight, out of mind” tactic helped Meraki land over 18,000 customers, from SMBs and hotels to universities and distributed enterprises. During Wi-Fi Planet’s test drive, we found Meraki’s Enterprise Cloud Controller quietly competent, with expanding depth and scalability.

Price: From $150 per AP (one year)

Pros: Fast deployment, rich traffic controls, app-layer visibility, no-cost extras.

Wi-Fi Signal logo

Image via Wikipedia

Cons: Some simplification at the expense of flexibility, limited RF debug.

Meraki sells a range of cloud-managed routers and Wi-Fi access points (APs), from the indoor single-radio MR12 to the outdoor triple-radio MR58. For this review, we tested three APs: an MR16 (MSRP $649), an MR24 (MSRP $1199) and an MR66 (MSRP $1299).

According to Meraki’s coverage calculator, the MR16’s dual 2×2 MIMO radios and internal antennas deliver 100 Mbps over 22 feet (2.4 GHz). Painting a 20K square foot office with Wi-Fi this way would require 28 MR16’s — a fairly dense deployment.

Big brother MR24 uses 3×3 MIMO to boost max data rate from 600 to 900 Mbps, while the MR66 is ruggedized for outdoor or industrial indoor use. All three support clients in both bands simultaneously, using band-steering to nudge 5 GHz-capable devices out of the 2.4 GHz “junk band.”

Read More: http://tinyurl.com/Cloud-APs


WPA Brute-Force and Design Flaws…..


Wi-Fi Alliance logo

Wi-Fi Protected Setup made easier to brute force

WPS simplifies the process of connecting a device to the Wi-Fi network by pushing a button to start the authentication, entering a PIN number from the new client into the access point, or entering an eight digit PIN number (usually printed on the device) from the access point to configure the connection.

http://www.h-online.com/security/news/item/Wi-Fi-Protected-Setup-made-easier-to-brute-force-1401822.html