Enterprise IT Watch Blog

September 2, 2010  6:10 AM

Are your airwaves secure? Prove it with these tools.

Kevin Beaver Kevin Beaver Profile: Kevin Beaver

Once you implement your “secure” wireless network, the true test is to see how your airwaves and devices look from a hacker’s eye view. There are several must-have tools that can help you along with this. Keep in mind there’s a bit of knowledge required to operate these tools and interpret their findings but it’s not rocket science. With a little bit of reading and some hands-on practice you can use these tools to find out where your wireless network is (still) vulnerable.

In addition to a laptop computer with a mainstream network card, consider adding the following tools to your wireless network security testing toolbox.

  • NetStumbler (www.netstumbler.com/downloads) to find out what wireless devices respond to a “hey, anybody there?” request.
  • Kismet (www.kismetwireless.net) to find wireless devices that may not respond to NetStumbler requests, capture packets, and much more.
  • BackTrack (www.backtrack-linux.org) to be able to run Kismet and a ton of other wireless network tools directly from a bootable CD without having to fuss and cuss getting Linux to work with wireless drivers.
  • OmniPeek Network Analyzer (www.wildpackets.com/products/network_analysis_and_monitoring/omnipeek_network_analyzer) to capture packets, look for top talkers, analyze protocols, and practically anything else wireless-related, all in a very easy-to-use graphical interface.
  • AirMagnet WiFi Analyzer (www.airmagnet.com/products/wifi_analyzer/) for a really nice graphical representation of anything imaginable involving the 802.11 protocol.
  • CommView for WiFi (www.tamos.com/products/commwifi) for a great lower-cost wireless network analyzer alternative to capture packets, monitor the airwaves, capture packets, generate packets (great for wireless packet injection), bandwidth monitoring, and more. To me, the best thing about CommView for WiFi is its top notch WEP and WPA cracking capabilities.
  • Aircrack-ng (www.aircrack-ng.org/) for a low-cost (free) way of cracking WEP and WPA-PSKs.
  • GFI LANguard (www.gfi.com/lannetscan) and QualysGuard (www.qualys.com) for in-depth vulnerability testing of the hosts on your wireless network including workstations, servers, access points, and more.
  • Acunetix Web Vulnerability Scanner (www.acunetix.com) and N-Stalker (www.nstalker.com) for vulnerability testing of the Web interfaces on your access points and related Web hosts.

As you go along with your wireless security testing endeavors, keep in mind the following two things about security testing tools: 1) You’ll likely need multiple tools to ensure you’ve looked at everything, and 2) With a few exceptions, you get what you pay for.

Kevin Beaver is an independent information security consultant, expert witness, author, and professional speaker with Atlanta-based Principle Logic, LLC and a contributor to the IT Watch Blog. He can be reached through his website at www.principlelogic.com.

September 1, 2010  4:25 PM

Virtual Roads, Actual Clouds: VMware 2010

Melanie Yarbrough Profile: MelanieYarbrough

Monday was the big kickoff for VMworld 2010, where attendees are promised virtual roads and actual clouds. The annual, four-day conference boasts over 200 exhibitors, 30 lab topics ranging from virtualized desktop infrastructure to VMware-powered clouds, and more than 170 breakout sessions this year. Not one of the 17,000 registered attendees at the conference? No worries, we’ve got you covered.

Among the topics being discussed at VMworld 2010 – and the enterprise at large – is how to change IT from a wallet leech into an efficient and essential link in the product delivery chain. Virtualization and the cloud will help IT transition into business-centric thinking, or at least that’s the hope. The opening keynote opened with a sense of humor about itself, with a “humorous short movie that was attempting to describe and define Cloud Computing, it even enlisted the help of ‘The Oracle’ from the feature trilogy ‘The Matrix’ to try and define Cloud Computing to no avail.” Beyond the abstract goals of the conference, there are some exciting and concrete announcements coming from the Golden Gate city.

VMware’s vCloud Director, or what some are calling “a new model for consuming infrastructure services,” and starting today, you can get your own per-VM 25-pack of licenses starting at $3,750. Excitement is balanced with industry experts criticizing vCloud Director’s complicated deployment requirements (i.e. don’t expect to float into the cloud without the help of third-party products and services).

Isilon announced its integration of iSCSI into the OneFS operating system, providing an option for block storage capabilities in addition to file storage.

NetApp announces integration with VMware View 4.5 for enhanced storage and desktop virtualization capabilities. You can also count on NetApp to support VMware’s vCloud Director.

Blade Network Technologies can provide automation, provisioning, and security for virtualized networks with VMready 3.0.

Xsigo announced “the industry’s first virtual I/O technology to leverage the standard Ethernet ports found on every x86 server.” Another step forward in the quest for better enterprise efficiency and data center convergence.

Can’t get enough of VMworld 2010? Search Server Virtualization has you covered with play-by-play coverage of the goings on at VMworld 2010 and daily updates on their Search Server Virtualization blog. What are some of your favorite announcements or sessions at the conference?

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.

September 1, 2010  2:06 PM

Analyze That… Wireless Network

Kevin Beaver Kevin Beaver Profile: Kevin Beaver

If you do anything to support, manage, maintain, or secure 802.11-based wireless networks, having a good commercial wireless network analyzer is an absolute MUST. I say “commercial” because like most things IT-related, you get what you pay for. Commercial wireless network analyzers are easy to use, they can do lots of stuff right out of the box, and have good reporting capabilities. Did I mention they’re easy to use?

Anyway, two tools you really need to have on your radar are the following:

I’ve used both tools extensively; they’re solid, proven, and just work. All things considered, they’re not that expensive either.

The reality with wireless networks is that if you don’t have good tools, you’re not going to get good results. Period. So try these tools or scope out some others; just do something to get your hands on one. While you’re at it, take the time to read through the documentation, watch any vendor webcasts and so on to familiarize yourself with the tools. Ideally, you should take a class to learn both the tools and 802.11-based technologies. Doing so will make your job – and your life – much, much easier moving forward.

Kevin Beaver is an independent information security consultant, expert witness, author, and professional speaker with Atlanta-based Principle Logic, LLC and a contributor to the IT Watch Blog. He can be reached through his website at www.principlelogic.com.

September 1, 2010  1:55 PM

The unsung perils of Linux love and penny pinching

Michael Morisy Michael Morisy Profile: Michael Morisy

There are few things I love more than dissecting old PCs and seeing what kind of FrankenComputers I can pull together. In my apartment, I have two dead towers, four deceased laptops and one deep-fried modded XBox, none of which I’m eager to part with. I’d have a hard time trusting any of these kludges, or even something a few notches sturdier, to run anything more mission critical than a puppy cam or media server.

Am I just a prude? Have I drunk too much enterprise vendor Kool-aid over the years? Steven J. Vaughan-Nichols had a good piece about deploying cheap Linux appliances which made me wonder:

I’m cheap. Given a choice between buying an elaborate, full-featured server requiring expensive technicians and administrators, versus turning an out-of-date PC into a single-purpose Linux server, I’m going to go with the Linux server every time.

It’s not that Linux isn’t expensive. It sometimes is. But if a department or a branch office just needs one or two specific server jobs, there are plenty of obsolete PCs and easy-to-set-up, special-purpose Linux servers that can fill the bill for little or no cost.

In the home office, where I’m my own IT, I couldn’t agree more, but the thought of second-hand boxen powering a branch office day in, day out, for critical needs sent chills down my spine: I’ve seen how bad makeshift deployments can get (check out our server disaster slideshow).

Trust my e-mail security and firewall to a device that I may or may not be able to access, that may or may not fail at a moment’s notice, and that my users may or may not be trying to load up solitaire on? No, thank you. But I decided to poll the ITKnowledgeExchange.com community for their thoughts, and as usual there were several thoughtful replies.

MrDenny said trying to save money up front would cost you down the road, particularly when it comes to maintaining that hardware on an ongoing basis:

I would say that it you need the remote server to be reliable and be online then no. Spend a few thousand bucks and get a new server with a support contract so that if the hardware at the remote office fails the vendor can send someone to fix it. This will also get you things like lights out management so that you can power the server on and off if you need to.

Aquacer0 agreed:

It’s like insurance, one day you will regret not having it. I would spend the money on quality hardware with redundant components even for a small remote branch. If the remote branch needs multiple “services,” you can utilize VMware Server to provide multiple virtual servers on a single reliable platform.

So what do you think? Is there any scenario in which you’d trust a remote branch, either down the street or hundreds of miles away, with your main office’s castoffs? I would love to hear your thoughts, either in the comments or at Michael@ITKnowledgeExchange.com.  And if you are brave enough to trust the fates with a box of a certain age, check out Vaughan-Nichols’s list of Linux utilities for common IT tasks, and let us know if there’s any you would add.

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.

September 1, 2010  6:59 AM

CLEAR’s WiMAX is a bit foggy to me right now

Kevin Beaver Kevin Beaver Profile: Kevin Beaver

I was excited to find out last year that CLEAR’s WiMAX service was available in the metro-Atlanta area where I live and work. I proceeded to find out if they had coverage in my area and wah, wah, wah, they didn’t. A few months later, I came across CLEAR at a festival booth and got to speak with a couple of sales weasels about it. They told me that not only was the coverage in and around my area but they demonstrated just how fast the service is (it really was). They even told me they’d put me in touch with my local rep who could help me confirm that I would indeed have coverage where I needed it. I thought, okay, now we’re going somewhere.

Well, I heard back from their rep and he said,sorry, no coverage in your area. My immediate thought was, Go figure! I asked about future coverage and never heard back. Contacted the rep again – nothing. At this point, I started to realize that I probably didn’t want to do business with this company. If they aren’t responsive in the pre-sales cycle, what’s it going to be like once they’ve got me? I even contacted the company through their Web site to see what the deal was. Never heard back. It was probably a technical glitch on my end.

I was persistent because a technology such as this could really help me in my work, and allow me to drop my existing (and expensive) “tethering” option I have for my cell phone so I can get modem-like Internet coverage with it. In fact, WiMAX solves a lot of problems for a lot of people – especially in (to use that beloved marketing term) the “last mile” where service is often the most difficult to get. It’s fast – or fast enough – for most types of Internet usage. It’s supposedly reliable. And, with its end-to-end encryption and authentication, it’s pretty secure, at least for a while.

But my hopes for WiMAX have died off for now. The mutual lack of concern between CLEAR and myself has me stuck where I started. Back to DSL, EDGE, and 3G.

I can understand CLEAR not offering coverage in a highly-populated suburb of metro-Atlanta (okay, just kidding), but I can’t understand why they wouldn’t at least write back to say “We don’t want your business” or something like that. Like many other good technologies and ideas, it’s the people involved that often impede adoption if not make it go away altogether…and thus the cycle of slow Internet access continues.

Apparently I’m not the only one who’s had issues with CLEAR – something not uncommon for early adopters of an emerging technology. Just Google the terms CLEAR or Clearwire and you’ll see what I’m talking about. In CLEAR’s defense, given the technical complexities and – especially – the infrastructure needed to build out something of that scale, they’re certainly not going to please everyone. I remain hopeful that I can eventually get WiMAX service in my area, but I’m not holding my breath.

Kevin Beaver is an independent information security consultant, expert witness, author, and professional speaker with Atlanta-based Principle Logic, LLC and a contributor to the IT Watch Blog. He can be reached through his website at www.principlelogic.com.

August 31, 2010  1:33 PM

Snapshot 2010: Hotspots are not secure, free Wi-Fi coming to planes, and CWNP exam re-takes?!

Kevin Beaver Kevin Beaver Profile: Kevin Beaver

Here are a few wireless network-related stories I recently came across that piqued my interest – and will hopefully do the same for you:

Experts Warn That Public Wi-Fi Is Not Always Secure: Breaking news! Wireless Internet access that’s not under your direct control is risky. Fascinating. Yeah, we’ve known that for nearly a decade. I wrote about public Wi-Fi and why I’m not too crazy about using it last week in my discussion about KeyWiFi. I suppose the popularity of “free” Wi-Fi (Thanks, Starbucks!) is drawing out the masses and people need to be reminded of the dangers.

When Will Wi-Fi in the Sky Truly Take Off?: An airline technology consultant thinks we may see free Wi-Fi on airplanes as early as next year. Personally I’m not looking forward to everyone using the Internet on planes. We’re cramped in there enough…and bandwidth is already limited. Free Wi-Fi will just be another one of those annoyances that’ll encourage me to drive or stay home. I suspect it’ll go something like this: Wi-Fi on planes will be free until the airlines will realize their connections can’t handle the capacity. Either way, is the writing on the wall for Gogo?

Free 2nd shot voucher on all CWNP Exams from May 1 – August 31, 2010: So you failed a recent CWNP exam? Or, perhaps you’re thinking about taking a CWNP exam but you’re afraid you’re going to fail (I have heard they’re pretty difficult)? No worries, the great folks at CWNP, Inc. are offering up this safety net you can’t refuse. I don’t know if this is a sign of the economy, the level of experience of the people taking the exams, or just Kevin Sandlin realizing that the tests that Devin Akin wrote are just too darned difficult! Whatever the case, the CWNP program is a great program and worth checking out if wireless drives your career.

Kevin Beaver is an independent information security consultant, expert witness, author, and professional speaker with Atlanta-based Principle Logic, LLC and a contributor to the IT Watch Blog. He can be reached through his website at www.principlelogic.com.

August 31, 2010  6:30 AM

Keeping up with the Jones’ Wireless Network

Melanie Yarbrough Profile: MelanieYarbrough

Wondering what brands IT experts trust in the trenches of enterprise IT and at home? IT Knowledge Exchange members answered the call.

Mr. Denny uses AT&T’s U-verse offerings, a cable modem, router and WiFi all in one, while relying on Cisco’s WiFi Linksys and routers and switches at the office. Jinteik‘s been through the gamut at home, from D-Link and Aztech modems, D-Link switch, Netgear 3-in-1 and TPLink 3-in-1, but at the office he’s a Cisco switch guy. At home, Shanekearney daisy chained a 24-port Cisco 2950 switch to a Cisco DSL router, while dealing with a mixture of 3Com, Cisco, D-Link and Netgear at work. He’d rather work in an all Cisco environment since he knows the CMD line arguments already.

Monkez prefers SpeedTouch at home due to its ease of configuration, but he also recommends 3Com switches if bandwidth isn’t a major concern at home.

Asishqupta uses D-Link or Linksys (Cisco) at home and Cisco at the office. Carlosdl‘s company uses 3Com and Cisco.

Dvord2569, our winner of the 150 knowledge points, uses Linksys RVS4000 at home and hosts web/mail/etc. with it. His only complaint? The lack of support and documentation; it took him a while to track down a software update. At work he happily relied on WatchGuard Firebox x750e until software updates after 9.1 disabled the ability to easily provide proxy and filter reports. Dvord2569 quips, “Apparently WatchGuard subscribes to the M$ model of removing features as you ‘upgrade’ the product.” As a result, his latest buildout will be WatchGuard XTM 22 because “it simply provides all the features I need without bleeding me dry with subscriptions, being overpriced, or limiting the number of LAN nodes that can use it.” Thanks for such a thorough analysis, Dvord2569!

Yasirirfan is a Cisco man himself and recommends Linksys internet routers for SMBs. Learnteach is fortunate enough to have a Cisco partner at the enterprise level, providing his company with great support and discounts. He also likes Adtran and Juniper, but believes that Cisco performs superior on all fronts: training, knowledge base, troubleshooting help, SMB products, and support.

Mitrum wraps up a common sentiment: CISCO only.

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.

August 30, 2010  3:32 PM

WIPS is better than WHOOPS

Kevin Beaver Kevin Beaver Profile: Kevin Beaver

AirMagnet recently released a whitepaper entitled Wireless Clients in the Crosshairs that delves into the subject of client-side vulnerabilities and wireless intrusion prevention systems (WIPS).

The paper focuses on one of the greatest problems we see with wireless networks, yet something that doesn’t get the attention it deserves. I like this line from the introduction: “wired security systems do little to protect against this over-the-air malicious traffic.” True, true – something that’s often overlooked. The paper goes on to say “the majority of Wi-Fi threats occur, and are only detectable, in the air, and the majority of evolving hacks and vulnerabilities revolve around end-user client devices, not enterprise APs.”

This is actually something I’ve seen over the years whereby the focus has been on the APs, similar to the original focus we had on firewalls when it came to network security. As wireless networks have matured, it’s no longer enough to focus on vulnerable or rogue APs alone. Instead, we have to look at everything, end to end.

The paper also covers the wireless hacking tools KARMA and MDK3 – both of which can spell bad news for your airwaves. Overall, the paper doesn’t take the same old approach to locking down the airwaves but instead talks about wireless network threats that we still have – even with all the fancy encryption and related security controls at our disposal – and how WIPS can lock things down once and for all. Definitely worth checking out.

Kevin Beaver is an independent information security consultant, expert witness, author, and professional speaker with Atlanta-based Principle Logic, LLC and a contributor to the IT Watch Blog. He can be reached through his website at www.principlelogic.com.

August 30, 2010  10:03 AM

Why IT always gets picked last at dodgeball

Melanie Yarbrough Profile: MelanieYarbrough

I’m reading through David Croslin’s Innovate the future: A Radical New Approach to IT Innovation, and it provides me with a better picture of how IT departments should fit into businesses versus how they actually fit in. I’m reading the book in a non-linear fashion, and today I’ve stumbled upon what Croslin refers to as the “Big Bang Cycle of IT.” Essentially it’s one big, inefficient pendulum that swings back and forth between centralized IT and decentralized IT. It seems IT is the odd man out in businesses, but why?

Croslin points a finger at the odd man himself, the IT department. Insert another “but why?” here. Well, if IT considers itself an integral part of the product delivery chain, which Croslin says it is, it should be acting like it: “It is the supplier’s responsibility to make sure the consumer understands what they are paying for and that the consumer is happy with the purchase.” In other words: Speak up for yourself!

Though the general connotation associated with IT is that it’s isolated work, troubleshooting and creating solutions in a locked, dark data center, that image is changing as budget concerns cause a dwindling of the IT population. As far back as 2004, IT World’s Siobhan McBride said that “[t]o survive this transformation, IT executives will need to be able to manage business processes and relationships, rather than focus on technical expertise.” But is IT any closer or better at managing business in addition to technical aspects?

Some tips from Croslin

1. Don’t be afraid of a little PR: Be aware of how the enterprise perceives your IT department and position yourself as an innovator.

2. A little more PR: What’s at the heart of PR? Why, spinning negatives into positives, of course! If there are inefficiencies in IT, document and communicate why they exist and how they can be improved. Rather than simply being the wet blanket, provide solutions to move forward and proof that you have the company’s best interest as your own. Are budget cuts and layoffs hindering your ability to provide innovative solutions? Document staff changes along with changes in productivity.

3. Remain indispensable: Worried about your department or specialty being outsourced? Make it an impossibility not only by providing better solutions and products, but also by making your indispensability evident.

Want to go more in-depth with Croslin’s advice for staying on top of your game in IT? You’re in luck: Innovate the Future: A Radical New Approach to IT Innovation is this week’s free IT book giveaway!

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.

August 26, 2010  6:04 AM

WEP: Only one letter away from ‘weep’

Kevin Beaver Kevin Beaver Profile: Kevin Beaver

Having worked on both sides of the security assessment table, I’ve seen the challenges associated with reducing certain risks that show up on assessment reports. I’m a strong believer that unless – and until – there’s reasonable business justification for plugging a security hole, don’t waste time/effort/money doing so. The goal should be to fix the security problems that serve as the low hanging fruit first. Once you gain your momentum with information risk management and have the basics under control, then you can address the other – less pressing – concerns.

But what about Wired Equivalent Privacy, or WEP?

WEP encryption is low-hanging fruit, perhaps the lowest of the bunch. It’s implementation of encryption has had known exploits for nearly a decade. A decade! Yet time and again I see networks “protected” with WEP. Sure, many people with wireless networks aren’t even aware of the issues related to WEP. Home users, small business owners, enterprise employees, whatever – ignorance is no excuse. That is if you want to take reasonable steps to keep things locked down.

Of those who are aware of the weaknesses with WEP, I think the general perception is that only elite hackers with expensive tools can crack it. Not true, there are free tools and there are commercial tools. Both of which are very affordable and simple to use. Beyond that there’s the all-too-common fallacy: Even if the bad guys were to get in, we don’t have anything on our computers that they’d want. An awfully dangerous mindset, to say the least.

Like unencrypted laptops and mobile storage, I suspect we’ll continue to see WEP-based wireless networks for some time to come. What’s it really going to take to get people to buy into the dangers? Probably the passage of time and a few lessons learned the hard way.

Kevin Beaver is an independent information security consultant, keynote speaker, and expert witness with Principle Logic, LLC and a contributor to the IT Watch Blog.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: