This document discusses the risks of unauthorized wireless connectivity and provides best practices for securing wireless networks and devices. It outlines various threats such as poorly configured Bluetooth devices, rogue wireless access points, and unauthorized use of IPv6. The document recommends implementing intrusion detection and prevention, refined network access controls, role-based access controls, user education, and mobile device security management to help mitigate these risks. The overall message is that wireless technologies introduce new security risks that cannot be ignored and existing security measures need to be reevaluated.

1. Unauthorized Wireless
Connectivity
John Rhoton
Mobile Technology Lead
HP Services
1

2. Risk Benefit Analysis
• Weak Protocols • Uncertified Devices
• Poor Configuration • Insecure Infrastructure
• Careful Monitoring • No User Guidance
• No Administrative Control
2

3. Agenda
• Unmanaged Bluetooth
• Rogue WLANs
• WWAN backdoors
• Underground IPv6
• Best Practices
3

4. Bluetooth Threats
• Poorly configured devices
– Compromise device
• Sensitive data
• Credentials
– Compromise network
• Unauthorized access
• Denial of Service
• Default configurations insufficient
4

5. Bluetooth vulnerability
• PIN Attack
– Often hard-coded
– Usually short (4-digit)
– Passive key interception
• Bluejacking
– Virus Propagation
• Bluesnarfing
– Bluesniping
5

6. Bluetooth Configuration
6

7. Rogue Access Points
• Highest risk when
WLANs are NOT
implemented
– Completely unsecured by
default
– Usually Connected by
naïve users
– Can be strategically placed
by intruders
7

8. Decoy Access Points
• Troubleshooting nightmare
• Denial of Service
• Credential interception
• SSL redirection
8

9. Unauthorized Wireless
Bridge
Private LAN
Public Network
9

10. Trojans, Crawlers and Bots
10

11. Port Forwarding
11

12. Reverse
Network Address Translation
12

13. Bridge device
• No need for integrated WWAN
• PCMCIA card sufficient
• Modem
– Bluetooth phone
– USB / RS-232 phone
• Virtually impossible to prevent unless
desktops/laptops are locked down!
13

14. Rogue IPv6
Devices / Networks
What you don’t know will hurt you
• Unauthorized IPv6
devices
– Windows XP: ipv6
install
• Unauthorized Hijacked
Networks Computer
Private
– Internal tunnels Public Internet
Network
• Compromised
Perimeter Victim
– External tunnels Intruder
14

15. IPv6 Transition Exposure
• IPv6 is available
• IPv6 is in use
• IPv6 is on many private networks
• IPv6 magnifies the wireless vulnerabilities
• Corporate Security
– does not monitor IPv6
• Corporate IT
– is not familiar with IPv6
• This is irresponsible!
15

16. Threat Identification and
Intrusion Prevention
• Intrusion Detection Products
– Manual
– Sensors
– Infrastructure
• Network Monitoring
• Revised Security Model
16

17. Refined Network Access
• Binary Access Insufficient
Access Intranet Internet
• Health checks become mandatory (NAP/NAC)
• Complete Access Layer secured (e.g. 802.1x)
17

18. Role-based Access Control
• Bluesocket • Aruba
• Perfigo (Cisco) • HP ProCurve
• Cranite (Vernier)
User Role
Time Access
Schedule IP Address Port
Control
VLAN Location
18

19. Network Compartmentalization
Adaptive Network Architecture
Virus Throttling
19

20. User Education
• Danger awareness
• Caution on interfaces
• Configuration guidance
• Corporate policy
20

21. Mobile Device Security
Management
• Platform selection
– Software/Firmware Upgrades
– Patch Management
• Configuration Management
• Policy enforcement
– Passwords Security
– Device lock
– Policy updates
• User support
– Device lockout Usability
– Backup/restore
21

22. Summary
• Security concerns are the greatest inhibitor to
mobility
• Wireless networks and devices introduce new
risks
• Ignoring these technologies does not make
the risks disappear!
• The key to mobile security is a thorough
reevaluation of existing security
22

23. Questions?
Contact me at:
http://www.linkedin.com/in/rhoton
23