Announcement

Collapse
No announcement yet.

ID Theft via wireless

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ID Theft via wireless

    Has anyone been keeping track of this huge federal ID theft bust? The suspects were simply driving around looking for stores broadcasting credit card info. Hasn't this been something very easy to protect from? Is there anything we can do to monitor and alert when unauthorized users are attempting to access our networks?

  • #2
    Originally posted by sneakybstrd View Post
    Has anyone been keeping track of this huge federal ID theft bust? The suspects were simply driving around looking for stores broadcasting credit card info. Hasn't this been something very easy to protect from? Is there anything we can do to monitor and alert when unauthorized users are attempting to access our networks?
    Good question! Detecting (and preventing) rogue devices attaching to your wireless network can be quite tricky. Many wireless "scanners" will identify access points, but not the clients - including the rogue devices - that are linking to them. You need a wireless protocol scanner like Wireshark to do that. And, to be thorough, you need to look for Bluetooth devices as well, using AirDefense or something like that.

    Better still is to use a Wireless Intrusion Prevention System (WIPS) for continuous monitoring instead of periodic scanning as above. Some WLANs provide this as an embedded feature; if not, a WIPS solution can be overlaid. Of course, just like server and application event logs, packet sniffers and other "information gathering" solutions, the key is that merely putting them in place is not enough - you must continually audit the information they provide AND you must implement preventive/protective solutions as well.

    As far as I have been able to determine, the tightest control you can implement on a wireless network starts by activating MAC (physical) address filtering in your wireless access points, which requires you to actually list the MAC addresses of the wireless devices that can access the network. This sounds more arduous than it is, incidentally, since entries once made do not change frequently. The tedious work is creating the initial list of authorized MAC addresses. After that, the "adds, deletes and changes" would normally be relatively infrequent events, and would take a couple of minutes at most.

    It's pretty easy to apply MAC filtering to WLANs having 30-50 authorized devices or more, and it forces anyone bringing in a new device to obtain permission. (Obviously, we're talking about company networks here, not the "hot-spots" you find in airports, etc.)

    Having said that, there are ways to "spoof" even physical hardware (MAC) addresses, so you must also obviously have strong authentication and at least log-on process encryption to prevent passwords from floating around in plaintext through the airwaves. A wireless VLAN is even better. Just another example of the fact that true security always requires multiple "layers" of protective measures.
    Last edited by SecTrainer; 08-06-2008, 10:07 AM.
    "Every betrayal begins with trust." - Brian Jacques

    "I can't predict the future, but I know that it'll be very weird." - Anonymous

    "There is nothing new under the sun." - Ecclesiastes 1:9

    "History, with all its volumes vast, hath but one page." - Lord Byron

    Comment


    • #3
      Think I will pay cash for the next pizza delivery where they use on those wireless credit card units.

      The one point listed about "you must continually audit the information they provide AND you must implement preventive/protective solutions as well."
      Should be used in many different operations, if it is worth doing, it is worth checking.

      Good question and answer.
      Quote me as saying I was mis-quoted.
      Groucho Marx

      Comment


      • #4
        Originally posted by Eric View Post
        Think I will pay cash for the next pizza delivery where they use on those wireless credit card units.

        The one point listed about "you must continually audit the information they provide AND you must implement preventive/protective solutions as well."
        Should be used in many different operations, if it is worth doing, it is worth checking.

        Good question and answer.
        Fortunately, there is software that uses artificial intelligence and data-mining techniques to evaluate the mountains of data that event logs produce, looking for departures from "normal traffic patterns". This makes auditing log files much easier than doing it manually. Of course, software like this costs a pretty penny, too.
        "Every betrayal begins with trust." - Brian Jacques

        "I can't predict the future, but I know that it'll be very weird." - Anonymous

        "There is nothing new under the sun." - Ecclesiastes 1:9

        "History, with all its volumes vast, hath but one page." - Lord Byron

        Comment


        • #5
          One fault found by investigators was the lack of encrypted traffic flow. The store director's of security attempted to write that in to the security plan but alas the folks wearing the green eye shades nixed those plans. With the placement of corporate security within the structure, not reporting to the CEO, their voices are rarely heard.
          Enjoy the day,
          Bill

          Comment


          • #6
            Originally posted by Bill Warnock View Post
            One fault found by investigators was the lack of encrypted traffic flow. The store director's of security attempted to write that in to the security plan but alas the folks wearing the green eye shades nixed those plans. With the placement of corporate security within the structure, not reporting to the CEO, their voices are rarely heard.
            Enjoy the day,
            Bill
            That's really weird, too, since encryption is one of the cheapest and easiest countermeasures to implement.
            "Every betrayal begins with trust." - Brian Jacques

            "I can't predict the future, but I know that it'll be very weird." - Anonymous

            "There is nothing new under the sun." - Ecclesiastes 1:9

            "History, with all its volumes vast, hath but one page." - Lord Byron

            Comment


            • #7
              Ultimately, all we can do is try to stay ahead. As in SecTrainers other post on China/Russia hackers, someone will always be trying to get the information. So, your retina or fingerprint scanner.... there's a template that represents that. Sooner or later someone will figure out how to get and use those. Then we'll need a new secure ID.
              sigpic
              Rocket Science
              Making everything else look simple, since 1958.


              http://my.opera.com/integrator/blog/
              One Man's Opinion

              The Future. It isn't what it used to be.

              Comment


              • #8
                Originally posted by SecTrainer View Post
                That's really weird, too, since encryption is one of the cheapest and easiest countermeasures to implement.
                SecTrainer there was a squib on a talk radio station stating the Security Manager for TJ Max was fired for gross complancency. The unnamed security manager stated he was fired by someone to whom he did not report.
                I've not seen or heard that anywhere else in the media.
                As the stomach turns, part (name a number).
                Enjoy the day,
                Bill

                Comment


                • #9
                  Obviously, up here I deal with a lot of "hotspots" and unsecured internet access points getting out. When I'm not on my cell phone, I'm on someone else's wireless.

                  The Internet Manager onboard finds it amusing that I call all APs (including his) a "hostile network," till I pulled out two programs.

                  Wireshark: Oh, look, I see your entire network flow.
                  Cain: Nothing escapes my sight, look, passwords!

                  He now understands why I proxy everything through one of the company servers, at all times, no matter where I am.

                  I routinely connect Wireshark to the AP in an internet cafe and wait a minute or two before using it. This way, I know that I'm about to be on the same network as a pedophile, a terrorist, or who knows what. Then, my traffic comes across as SSH2 tunnelled traffic.

                  Paranoia? Of course.
                  Some Kind of Commando Leader

                  "Every time I see another crazy Florida post, I'm glad I don't work there." ~ Minneapolis Security on Florida Security Law

                  Comment


                  • #10
                    Originally posted by Bill Warnock View Post
                    SecTrainer there was a squib on a talk radio station stating the Security Manager for TJ Max was fired for gross complancency. The unnamed security manager stated he was fired by someone to whom he did not report.
                    I've not seen or heard that anywhere else in the media.
                    As the stomach turns, part (name a number).
                    Enjoy the day,
                    Bill
                    Bill, I'm not aware of a Security Manager being fired (very well may of happened), but they did fire a whistle blower.
                    Retail Security Consultant / Expert Witness
                    Co-Author - Effective Security Management 6th Edition

                    Contributor to Retail Crime, Security and Loss Prevention: An Encyclopedic Reference

                    Comment


                    • #11
                      This is why my wireless network at home is called THIS_IS_A_VIRUS. I live in an apartment building, and there are multiple routers floating around with no protection whatsoever.

                      Go ahead, ask me why I pay for internet service when I could very easily hop on the Jones' network three doors down.
                      The CCTV Blog.

                      "Expert" is something like "leader". It's not a title that you can ever claim for yourself no matter what you might know or might have done. It's a title that others bestow on you based on their assessment of what you know and what you have done.

                      -SecTrainer

                      Comment


                      • #12
                        Originally posted by CameraMan View Post
                        This is why my wireless network at home is called THIS_IS_A_VIRUS. I live in an apartment building, and there are multiple routers floating around with no protection whatsoever.

                        Go ahead, ask me why I pay for internet service when I could very easily hop on the Jones' network three doors down.
                        That's an interesting naming idea. I usually give a wireless network a nonsense name like T5779bZ and I also prevent the name from being broadcast. On any network of 50 known users or less I also enable MAC address filtering along with the usual other "standard" measures. As I mentioned above, I don't find MAC filtering to be nearly as troublesome to set up and maintain as it sounds like it would be.
                        "Every betrayal begins with trust." - Brian Jacques

                        "I can't predict the future, but I know that it'll be very weird." - Anonymous

                        "There is nothing new under the sun." - Ecclesiastes 1:9

                        "History, with all its volumes vast, hath but one page." - Lord Byron

                        Comment


                        • #13
                          Or you can disable broadcasting of your SSID.
                          Thats step 1, they need to know your SSID to connect, and rename it to something unique and hard to guess.
                          (2) Enable WPA encryption.
                          (3) Enable Mac Address filtering
                          (4) A secure password thats changed regularly.
                          (5) Reduce the power of your wireless router to create a smaller hotspot.
                          (6) Use directional signal reflection to match the shape of your wifi footprint to your secure location.
                          (7) EM shield your building (if you have that sort of budget)

                          ((In order of expected importance))
                          Darksat Security Forum

                          Comment


                          • #14
                            Anybody have any simple tutorials for setting all this up? Last time I did it a few years ago, I racked my brain. And this is one area I'm not that great at.

                            I need a new router, cause mine will lose the connection to our laptops for no reason, and you'll have to hit repair. It happens to both laptops, not necessarily at the same time though, so I figure it's the router, after being pissed at my laptop so many times. Real pain when your in the middle of a big download from a site you can't resume from.
                            sigpic
                            Rocket Science
                            Making everything else look simple, since 1958.


                            http://my.opera.com/integrator/blog/
                            One Man's Opinion

                            The Future. It isn't what it used to be.

                            Comment

                            Leaderboard

                            Collapse
                            Working...
                            X