Since wireless technology is insecure, companies or anyone can take a proactive approach to try and identify hackers trying to gain access via wireless networks.
Honeypots are fake networks setup to try and lure in hackers. This enables administrators to find out more about what type of techniques hackers are using to gain access. One product is Mantrap created by Symantec.
“ManTrap has the unique ability to detect both host- and network-based attacks, providing hybrid detection in a single solution. No matter how an internal or external attacker tries to compromise the system, Symantec ManTrap’s decoy sensors will deliver holistic detection and response and provide detailed information through its system of data collection modules.”
http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=157
Intrusion Detection - Intrusion Detection is software that monitors traffic on the network. It sounds out a warning if a hacker it trying to access the network. One such free product is Snort.
“Before we proceed, there are a few basic concepts you should understand about Snort. There are three main modes in which Snort can be configured: sniffer, packet logger, and network intrusion detection system. Sniffer mode simply reads the packets off of the network and displays them for you in a continuous stream on the console. Packet logger mode logs the packets to the disk. Network intrusion detection mode is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user defined rule set and perform several actions based upon what it sees.”
http://www.snort.org/docs/writing_rules/chap1.html#tth_chAp1
Network Monitoring- Network Monitoring would be products such as snort that monitor the flow of traffic over the network.
Quick tips and tricks
* When setting up wireless networks and access points there are a few quick steps that can be taken to immediately secure the network, even though it does not make it secure. Some of these ways include:
* Change your default SSID: each router or access point comes with a default SSID. By changing this it can take longer for an attacker to know what type of device he is trying to hack.
* Change the default password - generic default passwords are assigned to access points and routers. Sometimes the password is admin. By changing this password, the attacker cannot modify settings on your router as easily.
* Disable broadcasting SSID: By default AP’s broadcast their SSIDs, if you shutoff this setting it is harder for outsiders to find your AP.
* Enable MAC filtering: WARNING: this can only work in smaller environments where a centralized access list does not need to be maintained. You can enable only specific wireless cards to access the AP by only enabling those MAC addresses.
* Turn off shares: If security is important, scanning for shares and turning off the shares on the network can help. Also encrypting sensitive data can prevent hackers from accessing the data.
* Put your wireless access points in a hard to find and reach spot.
* Keep your drivers on all wireless equipment updated. This helps patch existing security vulnerabilities.
* Read current press releases about emerging wireless news.
You can read the entire article here.
Entries (RSS)