Sign up for a customized personal demo with an AirTight expert.
AirTight Secure WiFi is a solution for retail organizations of all sizes, looking to deploy Wi-Fi across geographically distributed sites. It is an affordable, easy to use, and scalable Wi-Fi access solution that meets their unique business process and customer service requirements while maintaining their PCI compliance and network security. In fact, organizations with PCI compliance reporting and wireless security as their top priority can start with AirTight's cloud-based wireless security and compliance service, and seamlessly upgrade the service, with the click of a mouse and a phone call, to include secure Wi-Fi access in the future, without touching the hardware.
This paper presents a vulnerability, called Hole1961, in the WPA2 protocol that makes all implementations of WPA- and WPA2-secured Wi-Fi networks (regardless of the authentication and encryption used) vulnerable to insider attacks. It discusses ways in which a malicious insider can exploit Hole196 to attack other authorized Wi-Fi users in a WPA2-secured wireless LAN (WLAN). It also explores remediation strategies at various levels that organizations can implement to mitigate this threat.
A soft access point (AP) is a laptop or other wireless enabled device which performs traffic forwarding between its wireless interface and some other interface which is connected to the secure network. A soft AP can show up as rogue access point on the enterprise network. This can happen inadvertently. A soft AP can, however, be maliciously installed as it is perfect hacker "solution" to put a rogue AP on a network while evading wire-side controls such as 802.1x, NACs and wiresideonly rogue AP scanners.
Using Virtual WiFi, Windows 7 laptops can now be connected to your enterprise Wi-Fi network while sharing their enterprise network access with other unauthorized Wi-Fi devices or users.
This means that every Windows 7 laptop is a potential Rogue AP1 that can be used to bypass your wired security and access your private enterprise LAN. Using a Rogue AP, an attacker could compromise your servers, access sensitive data, and launch network reconnaissance and disruption attacks.
WiFi is proliferating fast. The convenience of wireless access, low cost, and plug-and-play nature of the technology have been the major drivers for WiFi's popularity among home Internet users. Lately we are also seeing an increasing adoption of WiFi in the enterprise. More and more businesses are rolling out wireless LANs to cut costs and increase productivity. Today all laptops, PDAs, and smartphones have WiFi built in. WiFi hotspots, spanning coffee shops, hotels, airports, or even cities, are mushrooming to meet the growing demand of WiFi Internet access.
Understanding the PCI DSS Wireless Requirements
The Payment Card Industry Security Standards Council (PCI SSC) has published a PCI DSS Wireless Guideline which acknowledges that wireless is a clear and present danger to network security and those who collect, store or transmit card holder data must take steps to assure that it is secure, whether or not wireless is deployed in the cardholder data environment. Though the PCI DSS already included wireless security requirements, this is the first time that the requirements for wireless security have been described unambiguously for all cardholder data environments (CDE). Organizations which handle payment card data must take steps to secure the CDE against wireless threats including unmanaged and unknown wireless devices in the environment and must scan all locations. This white paper helps those organizations understand how the PCI DSS 1.2 wireless requirements apply to them, how to meet those requirements in a cost effective way, and how to secure your network and cardholder data from wireless threats.
To enable organizations to leverage their investment in Cisco Wireless LAN infrastructure, AirTight Networks delivers powerful integration capabilities with its flagship product, SpectraGuard® Enterprise. This technical brief provides an overview of the integration between AirTight’s SpectraGuard Enterprise and Cisco’s Wireless LAN Controller (WLC) that operates with Lightweight Access Points (LWAPP APs)
The proliferation of WiFi presents new security challenges for enterprise networks both wired and WLANs. Introduction of WiFi in and around enterprise networks opens security backdoors, which fall outside the realm of protection offered by firewall and other conventional wired network security systems. Appropriate wireless security architecture is essential to plug these backdoors and to complement conventional wired network security.
Both excitement and unease rolled through the wireless security community in November 2008 when news broke that researchers had cracked TKIP at the security convention in Japan [1, 2]. TKIP, an essential encryption component of WPA, which was heralded for years as the replacement for the broken WEP encryption to guard our wireless networks had been poked and sprung a leak for the first time.
This paper describes a new hosted service architecture offered by AirTight Networks that enables effortless, automated wireless security audits from anywhere on the Internet, anytime. No more “walk arounds.” Plug-and-play wireless scanners onsite scan round-the-clock without human intervention, and securely communicate with a central server hosted on the Internet in a secure data center. The central server analyzes the data with an up-to-date wireless vulnerability database and assesses the wireless security posture or compliance of a network. Rich vulnerability assessment and compliance reports can be generated on demand with just a mouse click. Now finally, auditors can do a large number of wireless security audits accurately and cost-effectively in very little time.
802.11n is a big leap in the evolution of wireless LANs. With major advantages in throughput, range and reliability over legacy Wi-Fi protocols, 802.11n opens up new possibilities for running various applications over wireless. The same features that drive these advantages also present technical challenges in network planning, installation, security, and operation of these networks. The numerous ways in which 802.11n choices can impact legacy 802.11a/b/g networks cannot be ignored. Enterprises should carefully consider these aspects to maximize the business benefits from 802.11n.
This white paper revisits the wireless security space, debunks common myths and presents wireless vulnerability management (WVM) as a proactive strategy to wireless security.
This white paper introduces a novel way for enabling on-demand wireless security that is affordable, effortless and customizable. In this new architecture, wireless security is delivered over the Internet bringing a revolutionary change in how businesses manage their wireless threat exposure. Depending on their needs, businesses choose and pay only for the value they derive from this online wireless security service.
Understanding of wireless security is unfortunately marred by many myths. Some are even propagated as wireless LAN best practices. Myths about wireless security can be both dangerous and costly. Many organizations spend valuable resources in implementing these urban legends that give a false sense of security and leave private networks and sensitive data exposed. In this paper, we will revisit and debunk top ten wireless security myths.
Learn how you can achieve PCI wireless compliance and avoid becoming the next victim of a wireless security breach.
While at first glance, Sarbanes-Oxley would seem to have very little to do with IT departments and network security, closer study reveals that it actually has major impact on IT departments and IT security in particular. Since IT underlies the very business of recording and reporting all financial activity, it follows that a lack of control over IT security would imply a lack of control over the organization's financial reports, in direct violation of Sarbanes-Oxley section 404. When a wireless LAN is part of the network infrastructure, it too must be subject to the strictest controls to ensure the credentials of those using it. This whitepaper addresses the implications of Wi-Fi technology on public corporations, and reveals the dangers of Wi-Fi threats to public financial data integrity, even if the corporation has a strict 'no Wi-Fi' policy. It also describes how the AirTight SpectraGuard Enterprise Wireless IPS can be implemented to protect against these threats and ensure compliance to SOX.