|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[ISN] Transceiver Fingerprinting Improves Wireless Security
From: InfoSec News (alerts
infosecnews.org)
Date: Thu Sep 14 2006 - 01:07:30 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:
Save on the #1 Ranked Web Filtering Appliance
http://list.windowsitpro.com/t?ctl=3838F:7EB890
Top 10 Requirements for Effective Patch Management
http://list.windowsitpro.com/t?ctl=383A0:7EB890
Extending SMS to Handheld Devices
http://list.windowsitpro.com/t?ctl=3838B:7EB890
=== CONTENTS ===================================================
IN FOCUS: Transceiver Fingerprinting Improves Wireless Security
NEWS AND FEATURES
- New Unpatched Vulnerability Affects Microsoft Word 2000
- Cisco and Microsoft Team Up on Network Access Control
- BrowserShield Defends Browsers at Network Borders
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: Browzar Bashing--Is It Warranted?
- FAQ: 64-Bit Version of Group Policy Management Console
- From the Forum: NTFS Permission in an Education Environment
- Share Your Security Tips
PRODUCTS
- Full-Featured Firewall-Routers
- Wanted: Your Reviews of Products
RESOURCES AND EVENTS
FEATURED WHITE PAPER
ANNOUNCEMENTS
=== SPONSOR: St. Bernard Software ==============================
Save on the #1 Ranked Web Filtering Appliance
iPrism, the IDC-ranked #1 Web filtering appliance has an offer
that's too good to pass up. Purchase a 3-year subscription to the most
accurate database in the industry and get your iPrism appliance at no
charge. Or, purchase an iPrism and a 3-year subscription and get an
extra year free. Only iPrism gives you two ways to save big. This is a
limited time offer so get a Quick Quote now!
http://list.windowsitpro.com/t?ctl=3838F:7EB890
=== IN FOCUS: Transceiver Fingerprinting Improves Wireless Security
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
If you operate wireless networks, you know that media access control
(MAC) address filtering is an unreliable way to prevent unwanted
network access. The reasons are that it's relatively simple to spoof
any MAC address and to collect MAC addresses from the airwaves.
One technique used to improve on MAC filtering is to develop a
fingerprint of the wireless network driver, which can help identify the
wireless hardware by manufacturer. This approach works because each
manufacturer develops its own driver behavior. The characteristics of
that behavior can be tracked, identified, stored, and later matched
when a wireless device is detected by an intrusion detection system
(IDS) or authentication system. Other techniques involve actively or
passively discovering wireless device model numbers, chipset model
numbers, and OS versions.
Jeyanthi Hall has explored a way to take wireless device fingerprinting
even further. In her research, Hall discovered that each wireless
network device has a unique frequency signal profile, which can be
discovered as the device transmits over the airwaves. This holds true
even for identical card models from the same manufacturer and even when
those cards use exactly the same chipset.
Therefore, a fingerprint can be developed that will match one specific
physical device. Hall thinks that, based on her research, the only way
such a fingerprint can be spoofed is to physically recreate all the
characteristics of the circuits in the original device. In order to
accomplish that task, the original device would be required, which
implies that someone must first steal it. But in the case of a stolen
device, the fingerprint could be blocked, hopefully before someone
replicates the exact circuitry.
In practical use, transceiver fingerprint identification could be used
in wireless intrusion detection and prevention systems and in
authentication systems. What's more, transceiver fingerprinting isn't
limited to Wi-Fi devices. Since Bluetooth technology is also based on
radio transmissions, similar techniques could be used to guard
Bluetooth connectivity.
According to Hall's research (as published to date), transceiver
fingerprinting is about 95 percent accurate. So there is room for
error, which means that additional methods of protection might be
necessary in some situations.
One important issue to keep in mind about any radio transmitter is that
as a device ages, its radio signal profile changes. Therefore, in order
to maintain fingerprint accuracy, the fingerprint must be updated
continually. This of course creates processing overhead and could pose
significant hurdles in large wireless network installations.
Regardless, the hurdles aren't insurmountable.
Hall has published two detailed white papers (one that covers Wi-Fi and
one that covers Bluetooth) that describe her research and its potential
applications. If you're interested in this technology, which very well
might make its way into wireless security solutions, then be sure to
read the papers. They're available at the first two URLs below in PDF
format. If you're interested in other wireless security-related work
published by Hall, then visit her site at Carleton University at the
third URL below.
http://list.windowsitpro.com/t?ctl=38397:7EB890
http://list.windowsitpro.com/t?ctl=38398:7EB890
http://list.windowsitpro.com/t?ctl=383A1:7EB890
=== SPONSOR: Patchlink =========================================
Top 10 Requirements for Effective Patch Management
Endless streams of security patches are a continuous strain on IT
resources. Assessing, deploying, & tracking software patches across
operating systems is even more difficult. Learn to distill the
requirements for selecting an effective patch management solution.
Download now!
http://list.windowsitpro.com/t?ctl=383A0:7EB890
=== SECURITY NEWS AND FEATURES =================================
New Unpatched Vulnerability Affects Microsoft Word 2000
Symantec reported the discovery of a new unpatched vulnerability
that affects Microsoft Word 2000. The vulnerability could allow a
remote intruder to install a Trojan horse that opens a back door on an
affected system when a malicious document is opened. Exploits that take
advantage of the vulnerability have been discovered circulating on the
Internet.
http://list.windowsitpro.com/t?ctl=38393:7EB890
Cisco and Microsoft Team Up on Network Access Control
Cisco and Microsoft announced that their respective technologies,
Cisco Network Admission Control (NAC) and Microsoft Network Access
Protection (NAP), will be interoperable. Both technologies are designed
to prevent computers from accessing a network unless they meet specific
"health" checks.
http://list.windowsitpro.com/t?ctl=38392:7EB890
BrowserShield Defends Browsers at Network Borders
Microsoft developed a prototype defense tool, BrowserShield, that
can defend unpatched browsers by filtering and rewriting incoming Web
content at network borders.
http://list.windowsitpro.com/t?ctl=38394:7EB890
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=38391:7EB890
=== SPONSOR: iAnywhere =========================================
Extending SMS to Handheld Devices
Join iAnywhere on Tuesday, September 26th, for a webcast on how to
extend Microsoft SMS to handheld devices. In this session, we'll
provide an overview of Afaria's management and security capabilities
and focus on enhancing and extending SMS to a wide range of mobile
devices.
http://list.windowsitpro.com/t?ctl=3838B:7EB890
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: Browzar Bashing--Is It Warranted?
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=3839E:7EB890
There's a lot of Browzar bashing going on, and most of it overlooks the
obvious. Read my perspective on the bashing in this blog article
http://list.windowsitpro.com/t?ctl=38395:7EB890
FAQ: 64-Bit Version of Group Policy Management Console
by John Savill, http://list.windowsitpro.com/t?ctl=3839B:7EB890
Q: Where can I get the 64-bit version of Group Policy Management
Console (GPMC)?
Find the answer at
http://list.windowsitpro.com/t?ctl=38396:7EB890
FROM THE FORUM: NTFS Permission in an Education Environment
A forum participant is working on creating a way for teachers and
students to share info while controlling what the students can see and
do. He's running a Windows Server 2003 Release 2 (R2) domain and is
aware of access-based enumeration. He's having difficulty getting the
permissions set properly and needs some advice. Join the discussion at:
http://list.windowsitpro.com/t?ctl=3838A:7EB890
SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in the Windows IT Security print newsletter's
Reader to Reader column. Email your contributions to
r2rwinitsecwindowsitpro.com. If we print your submission, you'll
get $100. We edit submissions for style, grammar, and length.
=== PRODUCTS ===================================================
by Renee Munshi, productswindowsitpro.com
Full-Featured Firewall-Routers
HotBrick Network Solutions offers the HSS 4000 and HSS 6000
firewall-routers. The HSS 4000 has 512MB of RAM, a 1.0GHz Pentium 4
processor, and four flex ports; the HSS 6000 has 1GB of RAM, a 2.8GHz
Pentium 4 processor, and six flex ports. Both firewall-routers include
internal hard drives and an optional hardware-based VPN accelerator
(flexible software-based VPNs are standard). The HSS 4000 supports up
to 1000 LAN users, while the HSS 6000 allows for an unlimited number of
LAN users. You manage the firewall-routers from a Web interface over
HTTP Secure (HTTPS), console port, and Secure Shell (SSH) connection.
The Web-based content-filtering feature and the hard drive-based spam-
filtering and antivirus options can also be managed from the interface.
For more information, go to
http://list.windowsitpro.com/t?ctl=383A3:7EB890
WANTED: your reviews of products you've tested and used in
production. Send your experiences and ratings of products to
whatshotwindowsitpro.com and get a Best Buy gift certificate.
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=3839A:7EB890
Linux + Unix + Windows - TechX World
Pure-play IT shops are a nice idea, but the reality today is that we
are all faced with interoperability issues. TechX World 2006 gives you
access to leading experts in the field and will prepare you to master
interoperability issues in your environment.
http://list.windowsitpro.com/t?ctl=3839C:7EB890
Tired of using separate products on your Microsoft Exchange server for
antivirus, antispam, attachment filtering, disclaimers, content
auditing/filtering? This webcast will address the latest threats to
messaging security and spotlight Sunbelt's Messaging Ninja that enables
system administrators to easily secure their messaging infrastructures
and stop threats at the Exchange Server.
http://list.windowsitpro.com/t?ctl=38390:7EB890
Can you distinguish between the facts and fiction of Linux? Get the
straight answers about Linux, UNIX, and Windows - together and head-to-
to head comparisons. Read articles and download free resources today!
You can also test your Linux skills and enter to win a $150 MSN Music
gift card!
http://list.windowsitpro.com/t?ctl=3839F:7EB890
Randy Franklin Smith outlines five evaluation points to consider when
choosing your antispyware solution in this free podcast. Download it
today!
http://list.windowsitpro.com/t?ctl=3838D:7EB890
Integrate fax services with business applications for major increases
in ROI. Find out how fax technology can benefit your bottom line and
improve business processes. Download the free ebook today!
http://list.windowsitpro.com/t?ctl=3838E:7EB890
=== FEATURED WHITE PAPER =======================================
Extend Microsoft Windows Rights Management Services (RMS) to support
enterprise requirements for information protection, including
proprietary business data. Download the free whitepaper today!
http://list.windowsitpro.com/t?ctl=3838C:7EB890
=== ANNOUNCEMENTS ==============================================
Special Invitation for VIP Access
Become a VIP subscriber and get continuous, inside access to ALL
content published in Windows IT Pro magazine, SQL Server Magazine,
Exchange and Outlook Administrator newsletter, Windows Scripting
Solutions newsletter, and Windows IT Security newsletter. Subscribe now
and SAVE $100:
https://store.pentontech.com/index.cfm?s=1&promocode=eu2769uv
Get the Windows IT Pro Utility Kit FREE
SAVE up to $30 off Windows IT Pro magazine and get an exclusive
Windows IT Pro Utility Kit CD FREE with your paid order! In addition,
you'll get unlimited access to the entire online article archive, which
houses more than 9,000 helpful Windows IT articles. This is a limited-
time offer, so order now:
https://store.pentontech.com/index.cfm?s=1&promocode=eu2069uw
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and the Windows IT Security newsletter
(subscribe at the second URL below).
http://list.windowsitpro.com/t?ctl=3839D:7EB890
https://store.pentontech.com/index.cfm?s=1&promocode=eu255xsb
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=38399:7EB890
Be sure to add Security_UPDATElist.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letterswindowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=383A2:7EB890
About your product news -- productswindowsitpro.com
About your subscription -- windowsitproupdatewindowsitpro.com
About sponsoring Security UPDATE -- salesoppswindowsitpro.com
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2006, Penton Media, Inc. All rights reserved.
_________________________________
HITBSecConf2006 - Malaysia
The largest network security event in Asia
32 internationally renowned speakers
7 tracks of hands-on technical training sessions.
Register now: http://conference.hitb.org/hitbsecconf2006kl/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]