O Defending Against Wireless Client Attacks

Client-side wireless security auditing is not usually carried out during many wireless security audits. However, it is necessary to do so as attackers can exploit the weaknesses residing on vulnerable wireless clients. And once an attacker can compromise a wireless client that is connected to a corporate wired network, he or she is able to freely enumerate for and exploit weaknesses within your "protected" wired network because the attacker is now a trusted entity (due to entering via the legitimate wireless client).

An organization with an explicit "no-wireless" policy would have to enforce it for the policy to be effective. Wireless clients form a big part of any "no-wireless" policy compliance. Client-side auditing (which simulates hacker attack methods) should be carried out in order to discover if any wireless-enabled client devices are operating within the organization. For organizations that have deployed authorized wireless infrastructure, the defender should ensure that enduser wireless clients are not configured to probe for or contain the SSIDs/profiles of any wireless networks other than what is explicitly allowed. Even then, the enduser wireless clients should never contain profiles for open wireless networks. In addition, the wireless profiles present should never be set for auto-connection. In Windows, this is typically done by unchecking a box in the Properties page for each wireless profile.

As a general precaution, both corporate and home users should not leave their WNICs on when they are not in use, even when for just a short while. Wireless driver vulnerabilities (and web-browser vulnerabilities if a ph00ling attack is used) can be exploited in seconds whenever the WNIC is in use, and malware, which is installed postexploitation, need not rely on any wireless connection being maintained to connect back to a remote controller. Indeed, the wireless avenue is mainly used for the planting of malware such as Trojans and rootkits, which subsequently connect back to remote controllers via any available network connection, wired or wireless.

Wireless drivers, like any other piece of software, should be kept up to date in order to reduce the attack surface presented to attackers. Defenders should test the WNIC drivers that are used in corporate machines with the wireless fuzzing tools mentioned earlier and report all problems found to the hardware vendor in order to obtain patched versions.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook

Post a comment