- Get a grip or you don't get the job
- Desktops of the future here today
- Researcher hides IE attack on Web
- Cisco third quarter 2008 channel stuffing
- Sci-Fi's goofiest gadgets and technology
Rss FeedRss Feed
Rss FeedSprint, Clearwire in WiMAX venture; Indian workers don't want U.S. jobs. Listen now!
Qwest taps Verizon as wireless carrier; Apple wins big in Consumer Reports survey. Listen now!
The movement towards laptop computers has fueled an unprecedented number of data breaches. For IT and Information Security, encryption and training has proven ineffective against careless users and insider threats. This paper discusses these limitations and explains how endpoint security allows remote deletion of sensitive data, tracking of computers outside the network and the physical recovery of missing computers. Learn how you can ensure mobile data protection regardless of end-user interference.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Find out how you can consolidate Windows workloads and create a more efficient virtualized data center in this informative webcast, "Reduce Complexity and Cost - Windows Server Consolidation with Virtualization." Six concise webcast modules are available for your viewing. Watch them all consecutively or only the topics that interest you. The modules cover performance, user case studies, enterprise-level support, managing windows workloads, setup and configuration and the future of virtualization. Learn more today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
So the line of defence remains is "PIN NUMBER" Wowww what a strong security ? HSBC , invest some money...- Anonymous
How do I secure my wireless network from specific and known product defects such as vulnerabilities in APs (e.g., Cisco Aironet AP Memory Exhaustion DoS)?
Software that runs critical wireless infrastructure can suffer from vulnerabilities just like any complex system - often with devastating effects. A single vulnerability may compromise a host or a group of hosts, but a vulnerability in an infrastructure device can lead to much more damaging effects. Your network may become unavailable at the very least and entirely subverted at the very worst.
The first step to protect against such vulnerabilities might be obvious but is one that is sometimes overlooked: keep up-to-date on vendor patches. But beyond patching, how can you protect yourself from similar vulnerabilities that may be exploited in the future?
Many access point (AP) vulnerabilities are caused by problems with the access points' administrative interfaces. A great way to protect yourself from vulnerabilities that might crop up is to disable access to APs on the wireless side and employ packet filtering on the wired side to limit access to a few select management workstations. However, if a vulnerability exists at Layer 2 and is only exploitable after a station has been authenticated with the network, then there's little you can do to prevent an intruder from attacking the station.
Earlier this year came the disclosure of a DoS vulnerability in Cisco's Aironet AP that enabled attackers to prevent the device from passing traffic by sending spoofed ARP replies to the AP. In this case, the attacker would need to be authenticated with the AP, but it is not wise to trust that your users will never do anything malicious. Similar vulnerabilities are also quite problematic for APs that integrate IDS-like features. When your AP gets knocked out, so does your ability to detect attacks.
In cases like this, the only real way to assure protection is with additional security and monitoring hardware such as a wireless intrusion detection and prevention system. Such systems can monitor the airwaves for these types of attacks, and they do not suffer from vulnerabilities as your wireless infrastructure may. In addition to being able to alert you to an attack, these systems can also take preventative action to shield and contain the attack. In the case of the Aironet DoS, the IPS can detect the ARP storm, then de-authenticate and tar-pit the attacker.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
