- UBIQUITI DEVICE DISCOVERY TOOL CONTAINS MALWARE MAC OS
- UBIQUITI DEVICE DISCOVERY TOOL CONTAINS MALWARE INSTALL
- UBIQUITI DEVICE DISCOVERY TOOL CONTAINS MALWARE DRIVERS
The PCI DSS Wireless Guideline clearly states, and re-enforces PCI requirement 11.1, the need to perform wireless rogue access point detection using a wireless sensor. More information about this project can be found at. In this case, the trusted side of the rogue access point is connected to the internal network making it easier to detect (depending on the configuration). The Ethernet ports on the UPS are connected to the Ethernet ports on the Linksys router, providing the ability to collect traffic in addition to providing the attacker or user remote access. The device is a Linksys WRT54G router with 802.11b/g wireless capability. Rogue Access Point Inside UPS The picture above shows a rogue wireless access point installed into a desktop APC UPS.
UBIQUITI DEVICE DISCOVERY TOOL CONTAINS MALWARE DRIVERS
Enabling wireless on a device already on the trusted LAN - This is the same as the above, except the attacker or user utilizes the hardware and drivers that are already present.
UBIQUITI DEVICE DISCOVERY TOOL CONTAINS MALWARE MAC OS
The system could then be configured as an access point, which is a function supported by most wireless chipsets, drivers and popular operating systems such as Windows, Linux and Mac OS X.
UBIQUITI DEVICE DISCOVERY TOOL CONTAINS MALWARE INSTALL
Installing a wireless card into a device already on the trusted LAN - While this requires physical access, an attacker or user could install a wireless card into a system on the trusted LAN.Typically, very few services, if any, are available on this interface, making it difficult to detect across the network. Wireless router connected via the “untrusted” interface - In this case the external, or firewalled side, is plugged into your internal LAN.Usually all management ports and services are configured as well, such as HTTP or SNMP. A DHCP server is typically enabled and can conflict with your own internal DHCP server. Wireless router connected via the “trusted” interface - In this configuration the wireless access point connects the "trusted" side of the router to your internal network.
However, there are typically multiple configurations for the rogue access point: Popular examples include using a SOHO wireless router or reconfiguring an existing wireless client/device. This is a good reminder of the importance for organizations to continually seek out rogue access points in their environments and remove them.Ī rogue access point can take many forms. Recently the PCI standards council has produced a document called " The Information Supplement: PCI DSS Wireless Guideline", that outlines the recommendations for securing wireless networks for PCI DSS compliance.
Users could put one on the network for convenience, or a company provisioned access point could be misconfigured by the IT department. A wireless access point plugged into your network will typically have an Ethernet connection tied into some part of your LAN, and provide wireless access to an attacker that bridges the connections.
The problem is that it is very easy for a user to establish a rogue wireless access point either inadvertently or deliberately. It is important to ensure that all wireless networks are established and configured in compliance with the organization’s policies and standards for wireless networks. Detecting and preventing rogue wireless access points is a major concern for many organizations.
0 kommentar(er)
