The document discusses common wireless security threats, particularly focusing on shadow devices and airborne attacks that can bypass security measures. It emphasizes the importance of asset visibility and the need for effective monitoring and enforcement of network access policies to mitigate risks. The key takeaway is that awareness and proactive security measures are essential in the evolving wireless landscape to prevent unauthorized access.

1. Outpost24 Template
2019
Shadow Devices:
Common wireless security threats and how to avoid them.
John Stock
30th October 2019

2. Helping customers improve security posture since 2001
Full stack security assessment
Over 2,000 customers in all regions of the world
Really good at breaking technology
Recently acquired Pwnie Express

3. Outpost24 Template
2019
Today’s topic
3
• Shadow devices and potential wireless
threats
• How hackers use airborne attacks to bypass
security measures
• Why asset and device visibility is critical to
wireless security
• Improving threat detection
• Monitoring and enforcing network access
policies
• Takeaways

4. Outpost24 Template
2019
Today’s topic
4
Why risk is the new normal
Adapting to the threat landscape
Bringing in the business context
Business aligned remediation
Takeaways
View from a:
• business perspective
• With a little added tech

5. Outpost24 Template
2019Shadow devices and potential wireless threats

6. Traditional wired networks had a simple security model
• One Way in, One way out
• Everything inside is ‘trusted’

7. Traditional wired networks had a simple security model
• One Way in, One way out
• Everything inside is ‘trusted’
…but wireless networks, quite literally, turn your network inside-out…

8. • Monitoringand enforcing network access policies

9. Modern tech doesn’t fix the age old problem
9
Ref: https://hexway.io/blog/apple-bleee/

10. Despite our efforts, wireless is EVERYWHERE
10

11. Outpost24 Template
2019How hackers use airborne attacks to bypass
security measures
11

12. Wireless Keyloggers
12
• Cheap to acquire
• Easy to acquire
• Discreet
• Limited range
• Physical access required

13. UnauthorizedAccess points
13
Unauthorised Access Point: DefaultConfiguration
• Weak encryption puts data at risk.
• Default credentialsoffers foothold onto network
Authorized Device
Unauthorized Device

14. Evil Twin Access Points
14
Weak Wireless signal
Strong Wireless signal
Safe Corporate WirelessUnsafe Access Point
SSID: Acme_WirelessSSID: Acme_Wireless
Rogue access point
broadcasts the same
SSID as the corporate
access point

15. Outpost24 Template
2019Why asset and device visibility is critical to
wireless security
15

16. You can only secure what you can see
16

17. You can only secure what you can see
17

18. You can only secure what you can see
18

19. Outpost24 Template
2019Improving threat detection
19

20. 20Who is responsible for monitoring your airspace?
• The network team?
• The security team?
• No-one?

21. Meet Brian
21

22. Meet Brian
22

23. Meet Brian
23

24. Meet Brian
24

25. Meet Brian
25
• Brian is a problem.
• Almost nobody knows Brian is a problem
• Brian knows he is a problem
… and so does the guy outside……

26. But that’s Ok…..We have a wireless audit…
Take an example Security Standard: PCI DSS. 11.1
11.1 - Implement processes to test for the presence of wireless access
points (802.11)
26

27. But that’s Ok…..We have a wireless audit…
Take an example Security Standard: PCI DSS. 11.1
11.1 - Implement processes to test for the presence of wireless access
points (802.11) and detect and identify all authorized and unauthorized
wireless access points
27

28. But that’s Ok…..We have a wireless audit…
Take an example Security Standard: PCI DSS. 11.1
11.1 - Implement processes to test for the presence of wireless access
points (802.11) and detect and identify all authorized and unauthorized
wireless access points on a quarterly basis. Maintain an inventory of
authorized wireless access points and implement incident response
procedures in the event unauthorized wireless access points are
detected.
28

29. But that’s Ok…..We have a wireless audit…
on a quarterly basis
29

30. But that’s Ok…..We have a wireless audit…
on a quarterly
basis
30

31. Outpost24 Template
2019Monitoring and enforcing network access
policies
31

32. 3232
Understanding the airspace
Classify and Normalize
Take Discovered data and transform
into more meaningful data
Report
View historical data which has previously been
gathered about a specific device
Continuousmonitoring
Always looking at the wireless airspace
to identify any threats as and when
they are seen
Correlate
Correlate with previously discovered
data to identify anomalies and risks
Alert
If alert required due to
configuration of alerts.
Discover
Start with Raw data

33. Matching the generalized assessment process
33

34. React in the right way
34

35. Outpost24 Template
2019Takeaways?
35

36. • Wireless networking has changed the
way we need to think
• Its an old problem, that’s growing
rapidly
• You can only protect yourself from
what you know about
• Securing the airspace is no different
to securing a traditional network
• Don’t let a Brian disrupt your
business.
Takeaways

37. Outpost24 Template
2019
John Stock
Product Manager – Wireless and Network Security
js@outpost24.com
Questions?