Blog

Get the Newest Blog Direct to your Inbox

* indicates required
  • CWNP

Understanding OFDM - Part 1

The 48-string Guitar

Like the sidewalk under your feet, always solid, never doubted, Orthogonal Frequency Division Multiplexing (OFDM) is the rock that supports current and near-term wireless technologies, including 802.11a, 802.11g, 802.11n, WiMAX, and LTE. As a wireless professional, you’ll be working with OFDM-based technologies for the foreseeable future. An understanding of OFDM will give you an edge in designing and maintaining the networks under your care.

Continue reading...

  • CWNP

Wireless Security: A Defense-in-Depth Approach for Wi-Fi Clients

Against those skilled in the attack, an enemy does not know where to defend. Against the experts in defence, the enemy does not know where to attack. – Art of War (Sun Tzu)

 

 

Two of my previous blog posts talked about defense-in-depth against Rogue APs and WLAN infrastructure-based attacks. We discussed that enterprises can achieve the best possible security by deploying a combination of wired solutions (e.g., 802.1X, NAC, Port security) and wireless solutions (e.g., WPA2, Wireless scanning, WIPS). The reason for this is that a combination of complementary security solutions provides better security than any of the individual solutions. This post talks about securing wireless clients.

Continue reading...

  • CWNP

The Hummingbird Sings a Song

A few weeks back, I provided a mild poke at Colubris for their apparent post-HP-acquisition silence.  Most vendors don’t turn up a big smile at such things, so it came as no surprise to me that Colubris was pleased to provide us with some details about their comings and goings since acquisition.  I’ll be the first to admit that I can’t read every press release—at least, not if I want to see my family—so I miss some of the good stuff.  Since my last article, I’ve found that Colubris has been doing some critical integration work with HP and they’ve released a few new products.  This is good news.  Added competition for the big players, innovation, and integration should all prove to be valuable.  Here’s the quick rundown of what I’ve learned.

Continue reading...

  • CWNP

Hot Off the Press: Arbitration Whitepaper

One of CWNP’s instructors and CWNEs, GT Hill, has what might be labeled a “fetish” with 802.11 arbitration.  Some people like shoes, others like gadgets, but GT likes teaching 802.11 arbitration.  He’s a Wi-Fi geek among the best of us.  ;)  If you get the chance, taking him up on the lesson would be a good use of your time.  If you don’t get the chance, the next best thing may be the 802.11 arbitration whitepaper that CWNP just published.   

Continue reading...

  • CWNP

New Attacks on WPA - Move Calmly Toward the Exits

Recently, two announcements were published that detailed successful attacks against the integrity functions of the 802.11 wireless security mechanism known as TKIP (Temporal Key Integrity Protocol). These procedures do not reveal surprises, but instead highlight the known vulnerabilities inherent with the TKIP/Michael protocol since its inception. To be clear, these attacks are not designed to recover the encryption keys or to reveal the private data contained within TKIP protected frames.  Instead, they focus on known weaknesses in the Michael integrity check algorithm, which could enable an intruder to insert customized test packets into a LAN from the wireless side in order to probe for traditional wired-side vulnerabilities. In addition, the new attacks could also be used to stage nuisance, denial-of-service attacks against WLANs and could hasten the advent of future exploits on the encryption keys.

Continue reading...

  • CWNP

Curriculum Director - WirelessTrainingSolutions.com

New Attacks on WPA - Move Calmly Toward the Exits

Rick Murphy

Now that cryptographic researchers Beck – Tews and Ohigashi – Morii have demonstrated practical attacks that allow intruders to jam their feet in the door of TKIP/Michael protected systems, it is clear that the final push towards a complete CCMP upgrade should be planned and executed by SOHO, SMB, and Enterprise users of WLANs within the near future. However, this is not so much a clarion call as it is a gentle reminder that WPA was only intended to be a band-aid for an insufficient confidentiality mechanism (WEP) and that the real solution was and still is, CCMP. If TKIP were a movie theater, then we have our first whiff of smoke. Its time to start calmly moving towards the exits.

 

Continue reading...

  • CWNP

Real Free WiFi

OK, I like Free WiFi.

NOT the kind that makes you pay per minute.

NOT the kind where you watch lots of adverts.

NOT the kind where all web pages go through something that puts an advert on every page.

NOT the kind where you have to put in some special code.

NOT the kind where they block ports so you can't get your e-mail, VPN, etc.

NOT the kind where they throttle the connection to a crawl.

NOT the kind where you can only be in lobby to get net access.


Just REAL Free WiFi!

Continue reading...

  • CWNP

Push-Button Pen Testing

Push-Button Pen Testing: That's my phrase.  I came up with it yesterday.  It's a whole new class of automated hacking...uh, I mean penetration testing...products.  I got to see Silica-U from Immunity yesterday.  This thing is slick.  They finally ported it over from a Nokia N810 Internet tablet to a desktop Linux version (which I got to see running on my favorite Linux distribution - Ubuntu).  It worked just as described.  No longer do you have to remember WEP keys, WPA passphrases, LEAP usernames and passwords (in a future release).  Isn't that great?

Continue reading...

  • CWNP

Attacks on WiFi: Reflections on Recently Revealed Vulnerabilities

In the last couple of weeks, we've witnessed a flurry of activities in the wireless security space. Security researchers have revealed a couple of new attacks on WiFi infrastructure – Skyjacking and an improved attack on WPA-TKIP. This post provides a high level overview of both of these attacks.

Continue reading...

  • CWNP

No TKIP or No Certification

OK, so here's the thing.  The Wi-Fi Alliance's board approved, on March 26, 2009, additional testing to disallow the use of TKIP with HT MCS rates.  Tests were started the next day, and by Sept 1, 2009, all devices must comply.  Big whoop, right?  Well, not with the fact that 18 of 18 APs and 10 of 14 STAs have failed to date.  I wonder how the Wi-Fi Alliance is going to handle that?  Do they suddenly decertify equipment?  Do they extend the deadline?  Do they re-evaluate their decision to make this "feature" mandatory?

Continue reading...

Page 27 of 39