- Bank Web sites full of security holes
- SCO Group: Its future is all used up
- Maligned feature being added to IPv6
- I returned my iPhone 3G after six days!
- VPNs: Six burning questions
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
To build a secure wireless network, it's not enough to watch the airwaves. You must lock down the access points, much like the rest of your network infrastructure.
Network World Lab Alliance partner Rodney Thayer of Canola Jones conducted a penetration test on the wireless infrastructure devices (access points and switches) we tested. Particularly, we were looking to assess how the vendors protect the point at which the wireless device hits the wired network. We left the devices as close as possible to the recommended default configuration. In cases where Thayer criticizes a default setting but the vendor offers an option to make conditions more secure (such as changing from HTTP to Secure-HTTP), he noted this in the report.
It's clear from this testing that most devices arrive out of the box with a poor set of security defaults. Many access points don't have the option to disable low-security services, such as Telnet and HTTP, and enable higher security services, such as Secure Shell and HTTPS.
Thayer says most vendors opt for simple, rather than secure, defaults. For example, while few people manage wireless access points from a command-line interface, Actiontec ships its access point with Telnet enabled using a default password anyone can guess (it's the same as the username), which cannot be changed or disabled from the user interface. That's a pretty huge hole, even in the relatively low-end market Actiontec targets.
Thayer took steadier aim at enterprise-class access points built on more sophisticated platforms, such as HP and SMC, which left open debug ports from the real-time Wind River VxWorks operating system both use in their shipping products. While there might not be any known VxWorks exploits this week, this doesn't mean there won't be any next week.
Rss FeedRss Feed
If the IT manager is knowledgeable regarding Cisco technology, he would have 2 options. Option 1 - Consult...- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comments (3)
who caresBy Anonymous on June 4, 2008, 9:16 pmjoel and thayer have no idea what they're talking about. If hackers target someone, they will be able to hack into anything. Hey you get what you paid for
Reply | Read entire comment
who caresBy Anonymous on June 4, 2008, 9:16 pmjoel and thayer have no idea what they're talking about. If hackers target someone, they will be able to hack into anything. Hey you get what you paid for
Reply | Read entire comment
window film stops wireless emissions from glassBy Anonymous on April 3, 2008, 6:51 pmI know little about your field but want to have a film installed on my building's windows to reduce the network's emissions to hackers outside...??? I have heard...
Reply | Read entire comment
View all comments