Another devious mythology used by network attackers is spoofing and session hijacking. Using the open nature of the network and sophisticated detection tools, the network hacker can simulate legitimate network directional information – “spoofing” those commands and in that way redirect traffic within the network in a way that disrupts performance and causes unauthorized and unexpected results for network users. Such activity represents forgery and is a serious attack on the network.
In addition to these threats, attackers will often “spy” on the network infrastructure, tracking traffic flow and eavesdropping on the network in operation. Such information can be valuable to anyone planning an attack or unauthorized use of network functionality.
Rogue Access Points
A rogue access point is an unauthorized point of entry into the network that is used to access the infrastructure either from within the corporate environment or from outside the firewall. The ease of access to the wireless network combined with broad availability of standardized equipment makes it very easy for an intruder to purchase necessary equipment and “plug in” to the network with virtually no resistance.
From within an organization, an employee can bring unauthorized equipment and plug into the network from a break room, an unused cubicle or any open access point. Such ports to the network are routinely built into the structure of the office complex when the offices are constructed to allow the business maximum flexibility over time. In the same way, this gives employees maximum flexibility for unauthorized access.
The solution for internal introduction of rogue access points is rigorous network topology audits to assure that all internal nodes to the network are by design. While external intrusion using rogue access to the network is most likely to represent criminal intent, internal access is the greater threat because it can occur inside the firewall. It is likely that internal access is done for benign reasons such as desire to use the internet for chat or other recreational activates. However controls are necessary because an internal break in can occur by someone outside the company as long as they can access the port access points anywhere in the WAN or by disgruntled employees or employees with criminal intent. The good news is rigorous implementation and compliance with the WPA standards dramatically reduces if not makes external rogue access intrusion impossible. We will discuss the WPA standards later in this white paper.
Access Control methods
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.