Readers’ Poll: What Industry Vertical Do You Work In?

A little while back, we began a series of “get to know you” polls in an effort to better shape our content. In a June poll, we asked about your positions within your organizations, with results showing an even split between IT and marketing, with sales also being a popular answer. We found the results quite interesting, and they led us to wonder – in what industry vertical do you work that makes remote access and network security of interest? As always, feel free to elaborate in the comments.

What We’re Reading, Week of 3/26

ZDNet, Should Mobile Security Start From Device or Data?
Dark Reading, Information Security Forum Launches Threat Horizon 2014
Health Care Info Security, Who Decides How to Allot Infosec Funds?
Infosec Island, Pitting Education Against Cyber Attacks 

War Stories: The Faux DHCP Server

By Jeff Orloff

It was the day before the state’s standardized testing day, and I received a call from the assistant principal. At the school district where I was working, standardized testing is done mostly online, so it was certainly bad news when the assistant principal told me that half of the computers in the facility were not working. The school, located in a juvenile detention facility, had about 60 students using computers in eight  different rooms with three servers; a domain controller, an application server, and a media server for online courses that the students could take.

When I arrived at the school, one of the teachers showed me the strange problem. The teachers could not access any of the practice tests, retrieve documents, or access data from other network based applications. They could, however, get online and students could access their online courses — but the videos that delivered lectures were lagging.

Rogue Device to Blame

The computers were obviously attached to a network, since they were able to access the Internet. But running the simple IPCONFIG test on the computers showed a Class C network address opposed to the Class A block that was given out to all computers on the district network. Immediately, I thought that somehow our computers were connecting to the detention facility’s network. Checking one of their computers, I noticed that they, too, were using Class A IP addresses. Now I was starting to worry.

Clearly, something was on the network that was acting as a DHCP server. It would have been easy to ask the teachers if they had brought in a device that they shouldn’t have, but by this time everyone was gone for the day with the exception of myself, the administrator, and the one teacher who was helping me out. Using a laptop with RogueChecker installed on it, I was able to connect to the network and immediately find a server that was pushing out addresses to roughly half the campus. Now I just needed to find it.

RogueChecker in action

Using NetStumbler, I was able to look at the IP address of the server with the different wireless access points in the building. Sure enough, the server IP address of the rogue device shown in RogueChecker matched up with one found in NetStumbler. Using the signal strength indicator we could now narrow down our search to one wing of the building.

Identifying Rogue Devices

Sure enough, one of the classrooms had an off-the-shelf brand wireless router plugged into the network jack which was promptly removed. Once all the computers were restarted, we were able to restore access to network folders, data and most importantly the application that would run the assessment for the students the next day.

For a school this size, the process of finding the exact location of the rogue device was not that difficult a task. On a large secondary school, or university, the search would be more problematic and would take the efforts of many more people. In fact, one of the best methods I have seen to handle this task involves crowdsourcing.

The methodology is similar to this case. First the rogue device needs to be verified and then the location narrowed down using technology, generally more than one person searching for the device’s signal. Once you can eliminate a majority of the campus you need to enlist the help of as many willing participants as you can find to help search for the device by assigning each a geographic location that they are responsible for making sure that the assignments overlap as much as possible to ensure nothing is left unturned.

How To Protect Wi-Fi Networks on School Campuses

By Jeff Orloff

Mobile computing is quickly becoming the cornerstone of education in America. Whether schools are purchasing mobile devices for students or they are adopting a BYOD (bring your own device) policy, students who are not incorporating smart phones, iPod touch devices, tablets or laptops into their learning are rapidly finding themselves on the wrong side of a new digital divide.

But of course, to take full advantage of mobile computing in the classroom, you need a connection to the Internet, and for a mobile device, this means a connection via Wi-Fi. This can pose some security risks, especially for schools. When it comes to security, Wi-Fi can quickly turn from a perfect solution to a perfect nightmare because of any number of the following security concerns. Here are the most common security issues and how to solve them.

Rogue Access Points

This threat takes place when the attacker sets up a fake access point that tricks users into connecting to it, rather than through a legitimate connection. Whether it’s a student or teacher connecting, the traffic can be sniffed for any information that passes through the rogue point, compromising confidential information or user credentials.

Additionally, rogue access points cause service degradation in the TTL value in all packets that traverse through it. And if configured to do so, rogue access points can assign IP addresses to wireless devices instead of the school’s DHCP server, causing a loss of service. This is usually one of the first indications that there is a rogue access point on your network.

Once a rogue access point has been identified, locating and removing it is the next step. However, since most rogue access points are hidden, finding the physical device can be difficult.

One of the best methods for locating these devices on your campus is called the convergence method. This requires a WLAN radio card with an omnidirectional antenna (which is what most notebook computers use) and software that will measure signal strength or a specialized hardware RF signal strength meter. Once the signal from the rogue device is picked up, you play a high tech version of hot and cold as the signal strength will increase as you get closer to the access point. The search should be done by segmenting the area into four quadrants. Once the signal is found, the quadrant it is located in should be segmented again, and so on until the device is found.

Multiple Wi-Fi Networks

In many districts, two or more networks are set up. One network is typically for internal employee use and a second network that has been configured for public or even student use. Connecting to the wrong network can mean the difference between sending encrypted data and data in plain text. Without encryption, sensitive student information and employee information, can be easily captured via a traffic sniffer or man in the middle attack.

Even layer two and layer three encryption are often insufficient for sensitive information, so most wireless LANs require application level encryption, as well, to prevent confidential information from being compromised.

To avoid problems associated with multiple networks, users (especially those who deal with confidential data) should be trained to connect to the proper network. Further encryption of confidential data on the clients can be done using software to encrypt the file system and data transmitted via Wi-Fi.

Wi-Fi Configuration

Typically, bigger school districts can employ a large team of IT professionals. Some may specialize in networking, others in server technologies, and others are hired for their expertise in security. For these larger districts, failing to properly configure a Wi-Fi device is less likely.

However there are smaller school districts across the country whose IT budgets don’t allow for the hiring of such personnel. In these instances, it’s likely the IT staff may consist of only a few, or maybe even one person. Having to take on multiple roles can easily lead to a person not knowing enough about wireless security to adequately protect the devices or simply not having the time to do so. When that’s the case, at a minimum, all access points should be configured by:

• Setting WPA2 encryption on all access points
• Changing the SSID on all access points
• Changing the pre-set password on the access points

Further steps to configure your Wi-Fi network can be taken by turning off identifier broadcasting and allowing only legitimate devices to connect via MAC address filtering.

The truth is, most schools are already using Wi-Fi to some extent. However the implementation of more wireless devices is only set to expand as districts evaluate digital textbooks and handheld learning simulation software. The question is, will they be ready to handle the security when the time comes?

What We’re Reading, Week of 5/17

Insecure about Security…
The Future of Endpoint Security
In this post, analyst, Jon Oltsik, gives us his take on the future of endpoint security.  Some experts believe that AntiVirus is dead and that there is a pressing need for new models, such as cloud security services, white listing, black listing, virtual desktops, etc.  Oltsik disagrees, and thinks that endpoint security will undergo massive changes to address new threats and requirements.  Check out Oltsik’s post to see how he envisions endpoint security in the future.

Accuvant Insight…
Perimeter Security – A Far Flung Fantasy?
Chris Morales, solutions engineer for Accuvant LABS discusses the complications of managing security for an IT infrastructure, particularly now in our mobile environment.  He was approached by a client and was asked what does it means to lose the workstation, to leave workers to their own devices, to place the users on the outside of the ‘kingdom’—what are the security risks? what are the security savings?  Chris ponders these points in his post.

Education Research Report Blog…
Teachers’ Use of Educational Technology in U.S. Public Schools: 2009
Jonathan Kantrowitz summaries some of the data that was discovered in the May 2010 report, Teachers’ Use of Educational Technology in U.S Public Schools:  2009.  He shares with us that teachers indicated that a system on the school or district network was available for entering or viewing grades (94 percent), attendance records (93 percent) and student assessments results (90 percent).  Of the teachers with these systems available, the percent using it sometimes or often was 92 percent for grades, 90 percent for attendance records and 75 percent for student assessments.  These statistics prove the importance VPN and security have within an educational setting.