Browse archive

Latest news

Experts highlight top data breach vulnerabilities

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Free tool repairs critical Windows configuration vulnerabilities

Guantanamo cuts off Wi-Fi access due to OpGTMO

IT pros focus on cloud security, not hype

Blue Coat to acquire Solera Networks

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

Find TrueCrypt and BitLocker encrypted containers and images

The CSO perspective on healthcare security and compliance

Hacking charge stations for electric cars

A look into Black Hat's wireless network

Posted on 10 August 2011.

Aruba Networks, which provided and maintained the wireless network for last week’s Black Hat USA 2011 conference, today provided some interesting statistics around the network’s use.

The device-fingerprinting capabilities of the Aruba network enabled visibility into exactly who was using what on the network:

Apple devices were most prevalent at 43.3 percent of all devices (28.4 percent alone for iOS iPad and iPhone, with another 14.9 percent running OS X)
Linux users composed 35 percent of the total
Windows users represented 21.8 percent.

Aruba broadcast three network SSIDs at Black Hat USA 2011: one WPA pre-shared key (PSK) for the conference generally, one PEAP network with user self-registration and one EAP-TLS network (for iOS devices) with Aruba’s Mobile Device Access Control (MDAC) solution.

While the majority of attendees used the Black Hat PSK network, Aruba was pleased to find almost 200 attendees utilizing the PEAP/EAP-TLS “secured” network.

This secured network was provisioned using Aruba Amigopod, requiring attendees to accept certificates before being granted network access.

"This scheme seemed to work very well in a hostile environment like Black Hat with no pre-established trust in users or secure means to provision credentials,” said Aruba engineer Robbie Gill, Ph.D., who led the design and deployment of the Black Hat network. “We also managed to capture a huge amount of security events, the most interesting of which were IP spoofing, AP spoofing, Power save DoS attacks and Block ACK attacks. The Aruba controller was configured to block all spoofing attacks and no communication was permitted between users at any network layer in order to protect them from each other."

The wireless network for the conference, designed and deployed by Aruba Networks, and based on the Aruba Mobile Virtual Enterprise (MOVE) architecture, included more than 30 Aruba AP-134 access points distributed over more than 200,000 square feet in the Caesar’s Palace Conference Center.

The network was accessed by more than 2,400 attendees, with 853 as the maximum number of concurrent users. The network detected and contained more than 8,790 independent security events, including 670 rogues, 191 AP flood attacks, 489 instances of AP spoofing, 579 instances of IP spoofing, 1,659 “Hotspotter” attacks and 1,799 “Block ACK” attacks.