AirDefense Announces Results of Wireless Airwave Monitoring at InfoSec 2005; Company Detects a New Trojan Horse Named Revop and Many Other Wired-Side Viruses and Worms.ATLANTA -- AirDefense, the leader in anywhere, anytime wireless security monitoring, today released the results from the wireless network monitoring The term network monitoring describes the use of a system that constantly monitors a computer network for slow or failing systems and that notifies the network administrator in case of outages via email, pager or other alarms. the company conducted at the InfoSec World Conference and Expo 2005. AirDefense detected a new trojan horse named Revop, that to date has only been detected in the United States. In addition, many other wired-side viruses and worms were discovered. This type of malicious activity has been on the rise as was previously reported most recently by AirDefense at RSA Conference. At InfoSec 2005, AirDefense studied the wireless LAN traffic throughout the conference and identified vulnerability scanning, port mapping and known wired-side viruses and trojan horses infecting the network. The viruses included Netsky, a virus that spreads via email at the start of each Windows session and Lovgate, a family of Internet worms with backdoor See trapdoor. functionality that spread via email and network shares. In addition to the new trojan horse Revop that was discovered, AirDefense's monitoring uncovered Radlight, a trojan horse that damages internet connections. "Attacks typically launched over wired networks are now being performed on the wireless side," said Richard Rushing, chief security officer for AirDefense. "The sophistication so·phis·ti·cate v. so·phis·ti·cat·ed, so·phis·ti·cat·ing, so·phis·ti·cates v.tr. 1. To cause to become less natural, especially to make less naive and more worldly. 2. of attacks continues to increase and attackers have finally realized wireless is just another medium for connectivity. The conclusion that is drawn is that attackers are performing many of the same types of attacks that frequently occur on the wired-side." AirDefense also identified the following risks and threats: --102 identity thefts --60 devices sniffing the airwaves for clear text passwords and information --34 ad-hoc networks --23 devices scanning for wireless devices --12 Soft APs --3 denial of service attacks --An overloaded access point that failed and reverted back to its default unsecured configuration More than 80 percent of wireless stations were susceptible to Access Point (AP) Phishing, or being redirected from a legitimate AP. AP Phishing attacks happened to people looking for Looking for In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. the most common service set identifiers (SSIDs) "Linksys," "Infosec" and "T-Mobile." To prevent AP Phishing, AirDefense advises conference attendees to register for hotspots or wireless service on a wired network. By registering for a wireless account on a wired network such as the home or in the office, attendees increase the likelihood of connecting to the legitimate access point because they will already have the password needed to connect. "Less than 50 percent of the access points at the show used either WEP (Wired Equivalent Privacy) An IEEE standard security protocol for wireless 802.11 networks. Introduced in 1997, WEP was found to be very inadequate and was superseded by WPA, WPA2 and 802.11i. (wired equivalent privacy Wired Equivalent Privacy or Wireless Encryption Protocol (WEP) is a scheme to secure IEEE 802.11 wireless networks. It is part of the IEEE 802.11 wireless networking standard. ) or advanced authentication," said Rushing. "Without proper encryption or authentication, users connecting to access points at the show essentially offered up their passwords and data for attackers to steal and use in potentially malicious ways. Statistics such as these tell us the corporate wireless policy is not making it down to the device level." AirDefense also detected an abundance of clear text traffic, including a device's Network Basic Input Output System (NetBIOS), which would allow an attacker to discover and take advantage of a station's vulnerabilities in the operating system or open services such as file sharing. Also floating in the air, AirDefense identified leaking of network traffic, including Cisco Discovery Protocol The Cisco Discovery Protocol (CDP) is a proprietary layer 2 network protocol developed by Cisco Systems which runs on most Cisco and HP equipment and is used to share information about other directly connected Cisco equipment such as the operating system version and IP address. (CDP CDP (cytidine diphosphate): see cytosine. (1) (Certificate in Data Processing) An earlier award for the successful completion of an examination in hardware, software, systems analysis, programming, management and accounting, ), Spanning Tree Protocol Based on an algorithm invented by Radia Perlman while working for Digital Equipment Corporation[1][2], Spanning Tree Protocol Is an OSI layer-2 protocol which ensures a loop free topology for any bridged LAN. (STP STP or standard temperature and pressure, standard conditions for measurement of the properties of matter. The standard temperature is the freezing point of pure water, 0°C; or 273.15°K;. ) and Open Shortest Path First (OSPF (Open Shortest Path First) A routing protocol that determines the best path for routing IP traffic over a TCP/IP network based on distance between nodes and several quality parameters. ). AirDefense continues to advise conference attendees to use encrypted e-mail to avoid transmitting messages in the open, avoid insecure protocols and services and think defensively about the information being transmitted when using public networks. About AirDefense, Inc. AirDefense is the market leader in anywhere, anytime wireless security and monitoring. The company's products provide the most advanced solutions for rogue wireless detection, policy enforcement and intrusion prevention both inside and outside an organization's four walls. AirDefense's enterprise-class products scale to support everything from single offices to organizations with hundreds of locations. Founded in 2001, AirDefense is based in Alpharetta, GA and services hundreds of government agencies and blue chip corporations. For more information, please visit http://www.airdefense.net or call 770.663.8115. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion