05/17/2012

An Overview Of Zenprise Mobile Device Management MDM – Setting Up A Zenprise Lab

An Overview Of Zenprise Mobile Device Management MDM – Setting Up A Zenprise LabBring Your Own Device (BYOD) has become a hot topic for many industries. Lately security people are using the term BYOD like datacenter folks classify everything as Cloud. My team has advised our customers using a best practice BYOD architecture (more info HERE) and like many consultants feel Mobile Device Management aka MDM is a key factor.

A few months ago I posted about one of the market leaders, MobileIron, HERE. I have received multiple requests for another vendor and chose the current leader Zenprise according to Gartner’s Report “Critical Capabilities for Mobile Device Management”. Plus I really like Zenprise.

Zenprise offers all the popular features expected from leading MDM vendors such as controlled remote wipe, policy enforcement (passwords, etc.), flagging jailbroken devices and enabling location. A few differentiators as of today for Zenprise are the ability to remotely login into phones (similar to remote desktop for windows), secure content distribution and Mobile DLP, application-specific VPN tunnels, and SIEM integration.

The architecture of Zenprise is similar to other MDM vendors. They have a management system (Zenprise Device Manager, or ZDM) and enforcement system (Zenprise Secure Mobile Gateway (SMG)). The Zenprise SMG is what denies email services to devices that violate policy. They also have a component that sits inside the network and does advanced diagnostics and troubleshooting for Microsoft Exchange and BlackBerry Enterprise Server (Zenprise Service Manager, or ZSM). Like many MDM vendors, Zenprise has an agent that sits on endpoints to enforce policy. Most people install both the ZDM and Zenprise SMG since it makes sense to enforce policies. Licensing for cloud or on-premise is based on the number of endpoints and drops as larger quantities are purchased.

To try Zenrpise out, go to https://zencloud.zenprise.com/zencloud/cloudUser/create and fill out the form to gain access to a free trial of the cloud service. You can also request Zenprise software to setup an on-premise trial however you will have to request that from a Zenprise sales person or partner such as World Wide Technology Inc. One you gain access to the management system, login in and you should hit the main dashboard.

Screen Shot 2012 05 09 at 2.14.11 PM An Overview Of Zenprise Mobile Device Management MDM – Setting Up A Zenprise Lab

After logging in, the main Zenprise landing page will show devices you are managing. Details include Jailbroken / Rooted, Managed / Unmanaged, Serial numbers, IMEI/MEID, last connected, User, OS Version, etc. You can click a device and see details such as what apps are installed, how much battery life is available, installed certificates, etc.


Screen Shot 2012 05 09 at 2.40.40 PM An Overview Of Zenprise Mobile Device Management MDM – Setting Up A Zenprise Lab

Zenprise policies are pretty easy to setup and can be device specific. The screenshot below shows a blacklist policy for Angry Birds and Dropbox on iOS devices. Screen Shot 2012 05 10 at 3.51.53 PM An Overview Of Zenprise Mobile Device Management MDM – Setting Up A Zenprise Lab

You have a few options in Zenprise to add a new device. One option is downloading the Zenprise agent from iTunes / Google Play and enrolling. Enrolling requires the ZDM address, username and password. Once you login, it will prompt you for certificates and any profiles configurations setup by administration. IMG 0012 An Overview Of Zenprise Mobile Device Management MDM – Setting Up A Zenprise Lab

Once Zenprise is installed, the user can access apps offered by administration and view the agent configuration. IMG 0017 An Overview Of Zenprise Mobile Device Management MDM – Setting Up A Zenprise Lab

Other methods in Zenprise to add devices include registration using the administration dash (asks for the serial number of the device) and sending out a registration link via email or txt.Screen Shot 2012 05 14 at 11.02.55 AM An Overview Of Zenprise Mobile Device Management MDM – Setting Up A Zenprise Lab

There are many options in Zenprise for reports which include inventory, software, jailbroken / rooted and hardware. Below is a screenshot from the next release coming out in June/July 2012. Check out www.zenprise.com for more info on their solution. NewZenImage An Overview Of Zenprise Mobile Device Management MDM – Setting Up A Zenprise Lab

VN:F [1.9.17_1161]
Rating: 5.0/5 (7 votes cast)

Leave a Comment

Filed under BYOD - Bring Your Own Device, Endpoint / Mobility / Server Security

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

05/14/2012

Cisco Identity Services Engine ISE 1.1 Profiling – Identify And Monitor What Is On Your Network

Cisco Identity Services Engine ISE 1.1 Profiling Identify And Monitor What Is On Your NetworkMany network administrators do not have a method to know what is on their network. Devices may be very basic yet use IP for updates or heartbeat purposes (examples are printers, card readers, even some refrigerators). Other issues could be users not having administrator privileges to their systems or recently the demand to bring personal mobile devices onto the network. For these and other reasons, the visibility on what is on the network is becoming blurred.

Cisco released its flagship access control solution Cisco Identity Services Engine ISE last year with the goal of using identity as a means to provision network access. Many people evaluating Network Admission Control solutions get caught up with the concept of denying rather than understanding a core purpose of these solutions is identification. Cisco ISE is able to profile devices using a number of network probes that analyze the behavior of devices on the network to determine what they are. Probes are optional yet best practice is to enable as much as possible to gain the best network visibility. Some options for probes are Netflow, DHCP, DHCP SPAN, HTTP, Radius, NMAP, DNS, SNMP Query and SNMP Traps. Ports used are configurable as well as device profiles. For example, if a Avaya phone requires DHCP as a requirement for identification, that requirement can be adjusted if DHCP is not available.

ports Cisco Identity Services Engine ISE 1.1 Profiling Identify And Monitor What Is On Your Network
To prove the ISE network monitoring concept, I stood up a ISE system on a small server, enabled all profiling probes and let it sit on my network overnight. ISE did not have AAA setup, user information, 802.1x or device management enabled. Consider this ISE system a server / laptop plugging into a DHCP port and sniffing the wire using profiling probes.shot11 Cisco Identity Services Engine ISE 1.1 Profiling Identify And Monitor What Is On Your Network

My network is very basic. I have a small Cisco Firewall providing LAN access with a ROKU Netflixs player, Blue Ray device (off during test) and Cisco Access Point powered from the firewall. ISE was able to identify my laptop as a Apple Workstation running Lion, my printer as a Canon device (I turned it on for 5 minutes to scan a document and powered it down), MACMINI as a apple device hosting VMWare, Apple iPad connecting to the Access Point and iPhone connected but not surfing the internet (seen as Apple iDevice since it generated little network traffic). This was done without using the new NMAP feature.

I verified findings by launching a NMAP scan and found a consolidated list of active devices. (Note this is the MR1.1 release however 1.1 includes NMAP as well)nmap Cisco Identity Services Engine ISE 1.1 Profiling Identify And Monitor What Is On Your Networkshot2 Cisco Identity Services Engine ISE 1.1 Profiling Identify And Monitor What Is On Your Network

Cisco Identity Services Engine ISE is a very powerful access control tool yet many forget the simple things in life. Consider ISE for identifying what is on your network using profiling as a network monitoring tool. Its a great first step to establish your network policy.

VN:F [1.9.17_1161]
Rating: 5.0/5 (2 votes cast)

1 Comment

Filed under Network Admission Control (NAC)

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

05/08/2012

Configuring Cisco LAN Manager LMS 4.2 To Assess Your Network And Check Compliance

Cisco’s flagship network management solution LMS has come a VERY long way. I was a Cisco LAN Manager LMS hater for a long time however the latest version is a completely new program. I’m now using LMS as my go to assessment tool and extremely happy with its capabilities. Here are a few steps to setup your own Cisco LMS environment.

Go to www.cisco.com/go/LMS and download the latest LMS software (4.2). You will have a full 90-day license upon installation. The requirements for LMS are pretty large however they offer a few options regarding storage (thick takes up around 270 gigs even though its not all used while thin uses around 90 gigs). See the cisco LMS website on the exact specs. I’m currently using ESXI 5 on a customized MACMINI to host my LMS 4.2.

shot1 Configuring Cisco LAN Manager LMS 4.2 To Assess Your Network And Check Compliance

You will be prompted with standard questions upon starting up LMS via command line (IP, Default Gateway, DNS, NTP, Passwords, etc.). Fill out the questions and let the installation complete. Once complete, you should be able to access the LMS 4.2 GUI using your IP:1741 (ex 192.168.45.12:1741).

Screen Shot 2012 05 08 at 9.47.57 AM Configuring Cisco LAN Manager LMS 4.2 To Assess Your Network And Check Compliance

Login with the username and password you created during the setup. You will hit the LMS Getting Started landing page (also found under the admin tab).

Screen Shot 2012 05 08 at 10.37.56 AM1 Configuring Cisco LAN Manager LMS 4.2 To Assess Your Network And Check Compliance

To start capturing network devices, click device management / device addition. Use the workflow to walk through adding devices. First add Credentials (IE login name, Cisco CCO, passwords and SNMP). Next a Policy (IE IP scope to be scanned). The last step is adding Devices. You can do this manually or by bulk. Best practice is to ensure your credentials are setup properly by manually adding one device. Click the manually add a device and try adding one device using the credentials you created.

To launch a capture in LMS, click edit custom discovery. LMS 4.2 offers many ways to discover the network. You can choose a “seed” as a starting point from which LMS captures meaning you can select a device and discover neighbor devices from that point. Options for device captures include ARP, BGP, OSPF, Routing tables, CDP, CCDP, Ping, Cluster Discovery Module, and HSRP.  Like most Network Management Systems, SNMP is a foundational element of read-only communications from the network devices to the management platform in LMS 4.2. Options are SNMP V1, V2 and V3. Chose how you want new devices labeled / organized and launch the capture. As devices are discovered and logged, your LMS DCR count will increase.

stuff1 Configuring Cisco LAN Manager LMS 4.2 To Assess Your Network And Check Compliance

Click on Inventory to see your network

Screen Shot 2012 05 08 at 11.10.44 AM Configuring Cisco LAN Manager LMS 4.2 To Assess Your Network And Check Compliance

Under Reports you will find a TON of options for reports. My favorites are detailed device information, Hardware / Software statistics, IPV6 support, and Utilization reports. One huge add on with the new LMS 4.2 release is the Compliance and Audit report. It includes a End of Sale / Life report for Cisco hardware and software, Smartnet contract verification and a ton of compliance reports such as HIPPA, NSA’s best practices, PSIRT (Cisco Security Advisory), etc.

Screen Shot 2012 05 08 at 11.20.21 AM Configuring Cisco LAN Manager LMS 4.2 To Assess Your Network And Check Compliance

The LMS Work Centers tab has an awesome dedicated section for 802.1x. It shows if your devices are 802.1x capable and provides methods to update software and push down configurations using step-by-step templates. This is huge for those looking at 802.1x via Cisco ACS or Identity Services Engine ISE.

Screen Shot 2012 05 08 at 11.15.41 AM Configuring Cisco LAN Manager LMS 4.2 To Assess Your Network And Check Compliance

There are other dashboards to check out like Energy Wise (aka ability for switches to reduce power for POE devices during non business hours), Medianet (optimizing the network for collaboration technologies), etc. Lots of good stuff. Its worth checking out the latest LMS. Hopefully this guide helps!

VN:F [1.9.17_1161]
Rating: 0.0/5 (0 votes cast)

Leave a Comment

Filed under Security Management & Analysis

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

04/02/2012

Cool Tool – ASUS WL-330N3G Wireless Router Hub Repeater and More

Todays post is on a nifty little gadget I picked up to solve a problem I had with a demo design (needed to bridge wireless to an Ethernet port providing DHCP without using laptop Sharing so I’m in front of a VPN). The tool is the ASUS WL-330N3G Wireless Router and retails for around 60 dollars.

IMG 54081 1024x768 Cool Tool ASUS WL 330N3G Wireless Router Hub Repeater and More

It’s pretty small and looks like a cheap hub but so much more. There are six different settings you can use it for.

Screen Shot 2012 03 31 at 9.09.31 PM Cool Tool ASUS WL 330N3G Wireless Router Hub Repeater and More

1) Wireless Router – Connects to the modem through a network cable and shares the wireless network. In this mode, NAT, firewall, UPnP, DHCP server and default enable

2) Access Point – Connects to a wired/wireless router through a network cable to establish wireless signal sharing. In this mode, firewall, IP sharing , and NAT functions are default disabled.

3) Repeater – Connects to an existing wireless network to extend the wireless coverage. In this mode, the firewall, IP sharing, and NAT functions are disabled.

4) Network Adapter – Connects any Ethernet-enabled device to your wireless network with WL-330N3G.

5) WI-FI account sharing – Connects to a wireless hotspot that requires authorization / payment (e.g Hotel, Airport and Coffe shop WIFI services). With only one payment, you can share wireless signal to all other WIFI devices. Saves on the cost for multiple devices

6) 3G Sharing – Plug a 3G/3.5G USB adapter into WL-33N3G to turn it into a mobile router.

The ASUS comes with a power adaptor however can be powered using USB (awesome). Once powered on, connect it using the Ethernet port and access its GUI using 192.168.1.1 (The ASUS will provide you DHCP address). Log in to 192.168.1.1 with admin admin and you will be presented with six different configuration options as explained earlier. Once you chose one, you will see the GUI below. Its pretty straight forward to setup.

Screen Shot 2012 03 31 at 9.25.30 PM 1024x643 Cool Tool ASUS WL 330N3G Wireless Router Hub Repeater and More

So far I’ve used it as a wireless repeater (extend my wireless to my 3rd floor office), Network Adaptor (provide a Ethernet port from my wireless network to a OEAP600 that requires ethernet DHCP) and WI-FI account sharing (extended a expensive hotel network to my iPad and Laptop using one account login). I’m sure there will be other situations that this tool will be useful. Pick one up on Amazon. Totally worth it

VN:F [1.9.17_1161]
Rating: 5.0/5 (1 vote cast)

1 Comment

Filed under General Security, Wireless Security

Tagged as , , , , , , , , , , , , , , , , , , , , , , ,

03/20/2012

Cisco Identity Services Engine 1.1 Update Is Now Available – Some Details On The Release | ISE

Cisco Identity Solutions Engine 1.1 Update Is Now Available ISE

ISE 1.04Screen Shot 2012 03 19 at 5.22.17 PM Cisco Identity Services Engine 1.1 Update Is Now Available Some Details On The Release | ISE
Screen Shot 2012 03 19 at 5.22.52 PM Cisco Identity Services Engine 1.1 Update Is Now Available Some Details On The Release | ISEISE 1.1

Cisco recently released the latest update for Identity Solutions Engine (ISE). Below are some features and findings. My team has been running this in the lab for a while and so far it’s been rock solid. For those who have seen Cisco Prime Network Control System (NCS), the ISE GUI now has the same theme (see the pictures above and below).

ISE 1.04

Screen Shot 2012 03 19 at 5.23.02 PM 1024x543 Cisco Identity Services Engine 1.1 Update Is Now Available Some Details On The Release | ISE

ISE 1.1

Screen Shot 2012 03 19 at 5.24.01 PM1 1024x537 Cisco Identity Services Engine 1.1 Update Is Now Available Some Details On The Release | ISE

FEATURES

  • Common Criteria Certification – This release will be submitted for Common Criteria Certification, which is a requirement for many federal agencies.
  • FIPSISE 802.1x services with Common Access Card (CAC) including NAC & AnyConnect Agent
  • IOS Sensor on 15.0(1) SE1 for Cat 3000 and IOS 15.1(1) SG for CAT 4000. This is a huge for Profiling since it’s the first time Cisco is leveraging the switches for profiling data rather than probing from the ISE server down (like all other profiling type solutions). It makes sense to do this since typical information being probed is already available on switches.* Catalyst 2000 support and DHCP data for IOS Sensor will come later.
  • Active Endpoint Scanning – Manual scan and specific scan action per profile template
  • Endpoint protection services aka (Blacklisting devices) – Enable administrators to quarantine devices by IP or MAC address.

Screen Shot 2012 03 19 at 5.24.23 PM 300x191 Cisco Identity Services Engine 1.1 Update Is Now Available Some Details On The Release | ISE

  • Multiple language support for guest, sponsor and client provisioning portals.
  • NAC agent, AnyConnect NAM client, ISE user input fields and reports.
  • Guest without Logon (Device registration WebAuth). Simple URL for Sponsor Portal Access (A simple, short link). Custom Portal Theme
  • OCSP Support
  • NTP Server authentication
  • External Authentication for Administrators (including CAC)
  • ISE VM Appliance will include VMWare Tools
  • SGA Out Of Band PAC Provisioning
  • SGACL Monitor Mode
  • NMAP added to profiling
Screen Shot 2012 03 24 at 9.31.47 PM 300x148 Cisco Identity Services Engine 1.1 Update Is Now Available Some Details On The Release | ISE

SOME OTHER THINGS TO NOTE ABOUT THE ISE 1.1 RELEASE:

  • There are some Internet Explorer 8 problems that are performance related. The current release notes claim “be patient” and “click several times”.
  • There are some disk space and performance issues on the UCS SATA-2 storage systems.
  • We have been running it on vshpare 5.0 without a problem even though 4 is the supported platform. Same goes for ISE 1.04
  • ISE IPEP will need to be disconnect and use Certificate Based Authetnication to connect to a PAP prior to upgrade  http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.html#wp248769 - IPEP Bug CSCtu39612

ISE 1.1 release notes can be found HERE

VN:F [1.9.17_1161]
Rating: 5.0/5 (2 votes cast)

5 Comments

Filed under Network Admission Control (NAC)

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

03/01/2012

Are you 802.1x ready? What it takes to enable 802.1x using Cisco ISE

Are you 802.1x ready? What it takes to enable 802.1x using Cisco ISEThere is a lot of interest in enabling 802.1x for access control. Certificate based security is an industry standard and mandated by many federal agencies. Cisco’s first 802.1x based access control solution started with ACS and currently is enforced by their flagship access control solution Identity Services Engine ISE .

We have heard some administrators heard 802.1x is almost impossible to enable and something they don’t have the staff to maintain. The truth is 802.1x is like most technologies, which requires a basic understanding of core concepts and must be designed correctly in order for a project to be successful. Here are some concepts to take into considering while looking at Cisco or other 802.1x solutions for your network.

1) MONITOR ONLY – 802.1x can be deployed in a Monitor Only mode meaning you can turn it on and not impact the network. This is huge because it dramatically reduces the risk of 802.1x deployment issues by troubleshooting error messages before going live. Unlike many technologies, you don’t have to “cut over and troubleshoot”.

2) PROFILINGCisco ISE offers network profiling, which has two key benefits. ISE can identify all devices on the network so you can plan for how access control can be handled for device types prior to enforcement. ISE can also maintain monitoring of those devices meaning if a hacker spoofs a printer, the spoofed IP will act differently on the network and be blocked. This is a more secure option than white listing devices. Best practice is planning device security via VLANs, ACLs, etc. prior to moving from 802.1x monitor mode.

3) SUPPLICANT – 802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server. The authenticator acts like a security guard while the supplicant (example laptop) is not permitted access through the authenticator to the protected side of the network until the supplicant’s identity has been validated and authorized. The supplicant provides credentials, such as user name, password or digital certificate, to the authenticator, and the authenticator forwards the credentials to the authentication server for verification. The most common used supplicants are built into windows operating systems meaning you don’t have to distribute any new software or clients. Some devices don’t support 802.1x which best practice is using a combination of MAC address and profiling to provision and maintain credibility of those devices.

4) SYSTEM MANAGEMENT – A common question is “how many people does it take to maintain a Access Control solution such as 802.1x?”. The answer varies on the size, level of desired security and other factors. Regardless, the goal of an Access Control solution is to automate and enforce existing security infrastructure. For example, port security is a form of access control that typically requires manual efforts to maintain. Access Control solutions should reduce the required management hours by automating user and device access.  The same concept goes for troubleshooting and locating rouge devices.

5) CONFIGURATION – 802.1x is an industry standard and uses switch level commands. Best practice is to build a template in a network management tool and push out the 802.1x Access Control configurations to switches to reduce the chance of misconfiguration.

Here is a line-by-line example of configuring a switch for monitor only 802.1x

//Enable =AAA, Enable Port-based authentication, VLAN/ACL and 802.1x / MAB

Switch(config)# aaa new-model

Switch(config)# aaa authentication dot1x default group radius

Switch(config)# aaa authorization network default group radius

Switch(config)# aaa accounting dot1x default start-stop group radius

//Specify the IP and Ports of RADIUS server, pre-shared key, attributes, and RADIUS request source interface

Switch(config)# radius-server host ise-1.demo.local auth-port 1812 acct-port 1813

Switch(config)# radius-server key thesecurityblogger

Switch(config)# radius-server attribute 6 on-for-login-auth

Switch(config)# radius-server attribute 8 include-in-access-req

Switch(config)# radius-server attribute 25 access-request include

Switch(config)# radius-server dead-criteria time 5 tries 3

Switch(config)# ip radius source-interface g0/24

//Test 802.1x

switch#test aaa group radius usertest password new-code

Switch(config)# dot1x system-auth-control

//port level commands

Switch(config)# interface range g0/1-3, g0/5

Switch(config-if-range)# switchport mode access

Switch(config-if-range)# authentication port-control auto

Switch(config-if-range)# dot1x pae authenticator

Switch(config-if-range)# mab

//ISE monitor only mode config.

Switch(config-if-range)# authentication open

Switch(config-if-range)# authentication host-mode multi-auth

Switch(config-if-range)# switchport access vlan 10

switch(config-if-range)# authentication order mab dot1x

switch(config-if-range)# authentication priority dot1x mab

 

Hopefully this helps with the confusion around considering 802.1x and Cisco ISE.

VN:F [1.9.17_1161]
Rating: 3.8/5 (5 votes cast)

Leave a Comment

Filed under Network Admission Control (NAC)

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

02/21/2012

Penetration Testing Tools At Your Next Security Conference – WIFI Pineapple Mark III

pineapple 942x1024 Penetration Testing Tools At Your Next Security Conference – WIFI Pineapple Mark IIIToday’s highlight – WIFI Pineapple Mark III Wireless Penetration Testing Tool.

There are many cool tools sold at conferences. One tool to check out is the WIFI Pineapple Mark III for around $100 dollars. Basically it’s a wireless honeypot using a man-in-the-middle attack to access data. The way it works is it listens for devices calling out for known wireless networks / SSIDs. The WIFI Pineapple will hear the request and clone the requested SSID so the device believes its connecting to a known trusted network.

photo1 1024x768 Penetration Testing Tools At Your Next Security Conference – WIFI Pineapple Mark IIIAn example is connecting an iPad on an airplane to the online network GOGO SSID. Some time later the user may be at a Starbucks and turn on the iPad that was used on the airplane. The iPad will beacon out “am I still on the airplane and can I re-connect to GOGO?”. The WIFI Pineapple will hear the request and reply back  “I’m GOGO … welcome to the internet”. The iPad will auto-connect to the fake GOGO SSID without re-authenticating, which is really the WIFI Pineapple passing traffic through to another network while the hacker sits in the middle. Essentially, the WIFI Pineapple takes advantage of convenience services via auto connecting to known or trusted networks offered by most wireless devices.

The WIFI Pineapple is pretty easy to setup. It has two LAN interfaces (pass through and admin access). It provides auto DHCP 172.16.42.X to the administrative interface. To access the main interface, a GUI located at 172.16.42.1. From here, the pen tester can enable many tools as well as see who is connecting to the WIFI Pineapple. Network setup is pretty easy and designed to pass traffic through without systems knowing the difference from the fake SSID or real network.

Screen Shot 2012 02 07 at 11.41.00 PM Penetration Testing Tools At Your Next Security Conference – WIFI Pineapple Mark IIISome built in tool highlights (in the release of software I’m running) are Karma, Snarf and DNS Spoofing. The GUI is pretty easy to get around. I used the WIFI Pineapple to capture cookies and replay in FireFox via the Add N Edit Cookies plugin. An example is capturing a Facebook cookie to accessing the victim’s Facebook account. An example of using cookies to access a gmail account can be found HERE regarding the cookie reply process.

For those wondering how to defend against this tool there are some options. VPN tunnels encrypt traffic from your device to its destination blocking visibility into traffic seen by the WIFE Pineapple (example using Anyconnect by Cisco). Also using data in motion / encryption technology for sensitive data will defend against this attack since the users must be authenticated to access the data contents that are captured by the man-in-the-middle. Disabling auto-connecting to networks may mean extra steps to establish network connectivity however will help in scenarios like this. The bad part about this attack is you may not auto-connect to known risky networks such as Starbucks however the WIFI Pineapple can clone any SSID including your home network.

Check out Hak5 for more details on this and other cool tools.

VN:F [1.9.17_1161]
Rating: 5.0/5 (3 votes cast)

1 Comment

Filed under General Security, Wireless Security

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

02/10/2012

Mobile Device Theft : How They Get Into Your Locked Phone And What You Can Do

Mobile Device Theft : How They Get Into Your Locked Phone And What You Can DoEverybody hates losing things. It drives you mad looking in the same places thinking a magic gnome will put your item back. Usually that doesn’t happen. Especially when it’s a highly desired product such as a mobile device. Mobile devices are becoming a leading target for theft since they can carry as much sensitive data as a standard laptop. Hackers can steal your photos, instant messages and web history. Some mobile app leverage cookies that never expire meaning hackers could essentially access sensitive websites such as your bank account through replaying old sessions.

How are these types of hacks executed? For iOS products, a hacker could take your device, spend 10 minutes jailbreaking it so they can install a remote Trojan / Administration app before returning it. This would permit the hacker unlimited continuous access into your life. Another option is dumping the records on their computer to go through later and selling the hardware on ebay. Either way, you have been PWN3D and possible put your employer as well as family at risk of future attacks.

These are just some of the methods used if your device is stolen. See this post regarding an attack calling your phone and remotely hacking your voicemail HERE

Mobile Device Theft : How They Get Into Your Locked Phone And What You Can DoThere are things you can do to defend against mobile device theft outside not misplacing your phone. Most manufactures offer password protection as well as limiting information exposed pre-login (IE not displaying text messages or other alerts until the phone is unlocked). Enable password features and stay away from easy passwords such as a row of numbers (1234) or the same number (4444). Some devices offer more complex password options than PINs which is great if available. Shorten the sleep/auto lock timer so the window your device is unlocked is limited in the event its stolen. When you are not using your device, press the lock button. Many mobile device screens absorb fingerprints after use, which make it easy for hackers to guess your password. Consider a protection screen that includes fingerprint resistants. Some devices offer location and remote wiping services that can be used to locate and secure lost or stolen devices. Also make sure to notify your employer if a device containing cooperate email or other sensitive services is stolen.

Mobile Device Theft : How They Get Into Your Locked Phone And What You Can DoEmployers should take securing mobile devices accessing cooperate data very seriously. Some approaches to improve mobile device security are utilizing endpoint management products such as Mobile Iron or Zenprise to enable features described above as well as check for Jailbroken devices (More info on this subject can be found HERE). Employees may not be willing to apply security applications on their mobile devices, which IT could focus on protecting the network as well as data that rests on mobile devices as an alternative to MDM (mobile device management). Some examples are using access control technology to check if mobile device meets company standards before permitting access. Other options are leveraging Data Loss Prevention (DLP) technology, which stops sensitive data from moving to a mobile device or encrypting that data with additional authentication to access. Sandbox solutions are an alternative by locking down the data in a secure session that expires after use (example is Good Technology). Another important function to consider is enforcing VPN tunnels whenever a mobile device accesses data outside of the internal network. This protects against common man in the middle attacks targeted at mobile devices using open wireless networks.

The good news for employers is there are many options for securing mobile devices and the data they use. The investment in mobile security should at a minimal match securing other devices with sensitive data such as laptops and servers. Don’t let mobile devices be the weakest link into your network!

VN:F [1.9.17_1161]
Rating: 0.0/5 (0 votes cast)

2 Comments

Filed under BYOD - Bring Your Own Device, Endpoint / Mobility / Server Security

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

01/09/2012

craigslist scam red flags: The story behind the craigslist con

craigslist scam red flags: The story behind the craigslist conA few months ago I posted about two craigslist scam attempts from adds I listed (go HERE to read). I recently had a few more craigslist scam attempts and noticed a pattern between the different methods to con me. Here are a few Red Flags for scams on craigslist or other merchant websites.

Flag 1: Want your item right away

I noticed the scammers never ask any REAL questions about what’s for sale. For example, I recently listed a glass table and received “I’ll take it, where do I send the check” request regardless of size, weight, looks, etc. Same thing happened when I listed a car. Real buyers ask questions before offering payment.

Flag 2: Location location location?

It seems like con artists believe people don’t have knowledge about the world. I had one guy claim he lived in Canada yet sent me a Utah credit union money order post marked from Spain. Uh huh … you were on holiday in Spain using money orders from a Utal account you never closed due to great service? The con artist ignored any questions and kept insisting I cash the money order. I recently had one scammer ship me a check without paying the postage. What a cheap con #$#@#$#@! At least have the decency to pay for the shipping so I can see the fake check! Come on!cheap craigslist scam red flags: The story behind the craigslist con

Flag 3: Overpay for goods

The con is always about overpaying for goods and banking on the victim paying the difference. For larger items such as a car, the extra money is for “shipping”. For smaller items such as a table, the extra payment “was a return” which I’m suppose to wire the difference. I’ve noticed the scammers tend to send extra funds without initial notification and later justify things with an excuse to wire money. The most recent one was insane. I listed a table for $800 and received a check for $4,500! Everything looked pretty real minus they forgot the water mark. They get a B-fakecheck1 craigslist scam red flags: The story behind the craigslist conbackcheck craigslist scam red flags: The story behind the craigslist con

Flag 4: Engrish … I mean English

Most craigslist con artists seem to use language converting software to write emails. First sign is most emails are one or two long paragraphs, which makes sense if you copy and paste into a language converting software. Second flag is spelling and grammatical structure is off, which again is a sign of the use of language converting software. Scammers also love throwing in things like “god bless you” and capitalizing key phrases such as CASHIERS CHECK and MONEY TRANSFER.

Flag 5: Western Union … the fastest way to steal money

craigslist scam red flags: The story behind the craigslist conCraigslist con artist always ask to wire money though western union (or similar service). The game is having a fake check or money order look real enough to clear in a bank for a few weeks. This gives the con artist enough time to fool the victim into believing the payment is legit so they wire back funds before things bounce. One easy way to confirm things is to call the bank that issued the check to verify its authenticity. If you mention Western Union is involved to the teller, they usually will laugh and say its fake before running a trace in their system.


craigslist scam  craigslist scam  craigslist scam  craigslist scam  craigslist scam  craigslist scam  craigslist scam craigslist scam DON’T BE FOOLED!

VN:F [1.9.17_1161]
Rating: 3.7/5 (3 votes cast)

Leave a Comment

Filed under General Security

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , ,