...SECURING WI-FI ROGUE ACESS WITHIN AN ENTERPRISE SETTING Securing Wi-Fi Rogue Access within an Enterprise Setting Daniel Joel Clark A Capstone Presented to the Information Technology College Faculty of Western Governors University in Partial Fulfillment of the Requirements for the Degree Master of Science in Information Security Assurance January 9, 2014 1 SECURING WI-FI ROGUE ACESS WITHIN AN ENTERPRISE SETTING 2 A1 - Abstract Since 1999 wireless devices have become a necessity in enterprises. While increasing convenience, connectivity, and productivity, they also pose an unprecedented threat to network security guarding, which has literally taken to the airwaves. This paper will deal with vulnerabilities and risks regarding access points (APs) in a wireless network (WLAN) connecting to a wired local area network (LAN) in enterprises. Data for this paper will come from published academic papers, industry publications including white papers and surveys, and industry specialists. It will also include definitions of terms, policy and procedures that affect access points, and current practices regarding rogue APs. A case study will be presented for a fictional enterprise with multiple locations that has standard procedures, policies, and protocols in place, but recent events have questioned their ability to control access points with the discovery of rogue devices hidden in several office locations. Industry warnings about access points span the...
Words: 18577 - Pages: 75
...Network Hardening Client side attacks are attacks that target vulnerabilities in client applications that interact with a malicious server or process malicious data. Here, the client initiates the connection that could result in an attack. If a client does not interact with a server, it is not at risk, because it doesn’t process any potentially harmful data sent from the server. Merely running an FTP client without connecting to an FTP server would not allow for a client-side attack to take place. Simply starting up an instant messaging application potentially exposes the client to such attacks, because clients are usually configured to automatically log into a remote server. With this client server diagram there is only one firewall posted between the internet and the web server. I would consider placing a firewall between the wireless and the switch. Modern firewalls have the capability to function as a router, opposing the need of additional device on the network. However, if you have a large number of hosts in the Demilitarized Zone DMZ, you may wish to consider a router with fundamental filtering rules; placing one on the network can reduce the load on the firewall itself. The network has only one mutual Internet connection; I would protect it by enabling Internet Connection Firewall. Internet Connection Firewall can only check the infrastructures that cross the Internet connection on which it is enabled. Because Internet Connection Firewall works on a per connection...
Words: 369 - Pages: 2
...year. What can be done to prevent the release of potentially sensitive information? There are several precautions that can make a big difference when it comes to security breaches. Three of the most important are keeping software up-to-date, securing your network and properly training your employees. Keep Software Up-to-date Earlier this year, thousands of Oregonians who used state websites to pay child support, file unemployment claims and renew their vehicle registration were left vulnerable to attackers who could intercept Social Security numbers and other sensitive information. This vulnerability was due to the use of outdated encryption protocols on the state of Oregon’s websites. One of the easiest ways to avoid security breaches is simply to keep all software and systems up-to-date. Using outdated encryption, last year’s virus protection software or an operating system from 1998 is a recipe for disaster. Secure Your Network During late 2014, the State Department revealed that hackers had breached its unclassified email system. While the government claims that no sensitive information was lost, we have to wonder: why wasn’t this “unclassified” network encrypted with the same strength as its other networks? Securing networks by password protecting them and encrypting them is another easy way to avoid data breaches. Hackers are far more likely to take advantage of “low hanging fruit” than...
Words: 524 - Pages: 3
...Securing Windows XP By Johnise Felder Professor Dawn Smith CMIT 364 Windows XP operating system sets new standards for optimal performance and system reliability. Whether you are a network administrator or just an end-user you can expect to get the most from this system due to its dependable computing and efficient uses. Windows XP operating system was built on Windows NT/2000 technology, which was proven to be more stable than previous operating systems such as 95, 98 or Me (Millennium Edition). Windows XP has a much brighter look and better GUI (graphical user interface) technology. This operating system automatically keeps your PC up to date with the latest security enhancements such as windows firewall that helps to protect your computer from viruses and worms that are spread throughout the Internet. Windows XP also allows quicker access to wireless networks from your laptop and with the built-in Encrypting File System (EFS), found only in Windows XP Professional this provides an additional level of file protection from hackers and data theft by encrypting files with a randomly generated encryption key based cryptographic scheme that encrypts all files in a folder. Users with itinerant profiles can use the same key with trusted remote systems. EFS have some key features that it offers such as, transparent encryption, strong protection of encryption keys, integral data-recovery system and secure temporary and paging files. Most end-users with...
Words: 2078 - Pages: 9
...Securing a Network Kaplan University Securing a network for a company is a very important job because without security anything can come in or be taken from the company. With securing a company I would have a firewall in place of course. A firewall is a software and sometimes hardware that screen out hackers, viruses etc. coming in from the internet (Microsoft Office, 2013). After making sure the firewall is up and running at all times I would began hardening the system. When hardening the system I will take out every unnecessary piece of item that I can without interfering with the task that needs to be done by this system. By taking these unnecessary pieces away I will be creating an easier task for myself and the firewall because, it will increase the security. I will then audit the firewall to make sure everything works properly. Once everything is checked on and I have finished making sure it is running smooth I will have an ongoing maintenance. This ongoing maintenance will detect anything suspicious and any intrusions. A method of encrypting alphabetic: P mxlfop sy lbffdtgkee pexugbpipc. Using Vigenere Cipher I was able to come up with this Cipher. I used http://rumkin.com/tools/cipher/vigenere-autokey.php# an online cipher to help with this Cipher, using the alphabet key A and the passphrase Patsy. I believe this a very secure cipher due to the fact that there can be up to 26 different cipher alphabets. When securing the network that I have chosen I need an...
Words: 1001 - Pages: 5
...Securing Windows and Unix/Linux Servers Floyd E. Street DeVry University Securing Windows and Unix/Linux Servers With the constant threat of internet hackers on the rise, Companies must pay close attention to secure their computer networks from would be intruders. In order to maintain the highest level of security within the os servers you must first have knowledge of the vulnerabilities of the running operating system. It is those vulnerabilities in the system that the intruders will be searching your network for. The known shortcomings and vulnerabilities of Windows and Unix/Linux servers have dysfunctions that can be exploited to gain access to a company’s private information. This information in the wrong hands could cost an organization millions of dollars in security damages. One of the ways to prevent this type security breech is to make sure that your Windows and Unix/Linux servers has the right up dated patches for these operating systems. According to, (Conklin, W. A.2009) “One of the most effective measures security professionals can take to address attacks on their computer systems and networks is to ensure that all software is up-to-date in terms of vendor-released patches. Many of the outbreaks of viruses and worms would have been much less severe if everybody had applied security updates and patches when they were released.” Ignoring the update prompts on your system is not a wise thing to do. New vulnerabilities in operating...
Words: 471 - Pages: 2
...Securing and Protecting Information Jane Doe CGMT/400 March 9, 2015 John Doe Securing and Protecting Information As the most important asset within the organization it is necessary to provide measures that can effectively protect data from loss and unauthorized intrusions. Information security involves authenticating users with a high level of protocol and promoting accountability within the information infrastructure. This approach may involve use of the organization assets, identification, authentication, authorization and the use of third party security systems or devices to protect data from unauthorized access. Security Authentication Process The security authentication process is the first step in information security and assurance. This process involves “binding a specific ID to a specific computer connection” (University of Phoenix, 2011) in order to authenticate access to the information system. During this process the user provides a user ID and password to the computer system or remote server to verify his or her identity. Authentication is accomplished when the system or server matches the user ID to a specific password and grants the user remote access to system resources. Identification The identification process is an access control element designed to match a user to a specific process. The identification process is performed the first time a user ID is issued to a specific user. User IDs have unique values and can...
Words: 1903 - Pages: 8
...Securing LAN One way to secure your LAN connection is to use a separate network for your LAN. If you use a TCP/IP protocol for any of your network adapters you are connected to the internet and are open to unwanted visitors. It is simple to prevent this threat of becoming an easy attack point for hackers. Open the TCP/IP properties and uncheck the Client for Microsoft Networks and the File and Printer Sharing, also uncheck the Microsoft Family Logon. Other way your LAN can be attacked is from the inside. It can be as simple as an attacker gaining access to the wiring closet. It is very important to make sure that your wiring closet is secure using some type of ID access, being ID card, Finger Print, or combination code. For the best method I would recommend using a at least two of these access methods. Securing WAN One threat to your VAN is eavesdropping; this is where a hacker uses software to intercept the data being via the WAN. To prevent this from being a problem for your company you want to use an encryption and VPN tunnels for end-to-end secure IP communications. The administrator should create a data classification standard and the policies, procedures, and guidelines should always be followed. Another way to protect your WAN is to apply filters to your exterior IP stateful firewalls and IP router WAN interfaces to block TCP SYN and ICMP. The network administrator should contact the ISP to put the proper filters on its IP router WAN interfaces in accordance with...
Words: 272 - Pages: 2
...Technical Writing Project Coversheet Capstone Proposal Project Name: Securing the Universal Serial Bus Interface for the Enterprise Environment Student Name: Steve Wild _ Degree Program: Bachelor of Science in Information Technology – Security Emphasis _ Mentor Name: Yolanda DuPree____________________________________________________ Signature Block: Student’s Signature: _______________________________________________________ Mentor’s Signature: _______________________________________________________ Running head: SECURING THE USB INTERFACE 1 Securing the Universal Serial Bus Interface for the Enterprise Environment Steve Wild Western Governor’s University SECURING THE USB INTERFACE 2 Summary The USB interface is one vector of possible attack against a company and must be proactively defended against data theft, data loss, and corporate espionage in order for a company to maintain a secure enterprise environment, minimize downtime, and maximize productivity. Project Goals and Objectives There are several goals that will be accomplished during this project: explore the hardware problems, explore the software problems, explore the policy problems, and give real world examples. The objectives are: provide example...
Words: 3010 - Pages: 13
...PARTNER SOLUTION NOTE Monitor critical IT environments with a rack mounted network camera. Physically securing your business is just as important as virtually securing the information it holds. Network video cameras allow you to monitor physical access to critical IT environments, where strict data compliances apply. These controls can help identify individuals that physically access areas storing critical organizational and customer data, should an incident occur. Using high-quality network video to record individual access will ensure proactive protection of your network infrastructure, giving you the ability to see who accessed your servers and switches. Record and archive video to look back after an event has occurred or in real-time. > Protect valuable assets and customer information > Easy and flexible installation > Data privacy compliance IT Environment monitoring Monitor network hardware and search through video at an exact time period to determine when equipment was accessed for service, maintenance or malicious intent. It also easily integrates with access control devices for additional protection. Axis’ Corridor Format allows you to get a vertically oriented, “portrait”-shaped video stream from the camera. The video is adapted perfectly to the monitored area, maximizing image quality while eliminating bandwidth and storage waste. CommScope’s camera panel kit fits into any standard racking architecture such as wall hanging or free standing...
Words: 705 - Pages: 3
...Topics |Securing Windows 7 |Installing Windows Server 2008 | |Password and Account Lockout Policies |What Defines a Server | |Windows Firewall Configuration |Server Hardware | |Encrypting File System (EFS) |Windows Server 2008 Editions | |Remote Access Technologies |Server Roles in Windows Server 2008 | |Backup and Restore |Method of Installing Windows Server 2008 | |System Restore Points |Server Configuration | | |IP Address Settings | | |Management of Devices and Device Drivers | | |Microsoft Management Console (MMC) ...
Words: 2079 - Pages: 9
...Assumptions: 1. Both Myrtle & Associates & Bellview Law Group Utilized Access To the Internet via a Digital Subscribers Line(DSL) 2. Myrtle & Associates & Bellview Law Group are separated by a considerable geographical distance. 3. Current Novell Servers Used by Bellview Law Group are Old. 4. All internal hard cabling runs will be wired with CAT 5e. Current Network Diagram Please See Exhibit (A-1 & A-2) Diagram of Proposed Network Integration Please See Exhibit (B) Challenges to Integrating the Current LANs, Challenges integrating the Myrtle & Associates and Bellview Law Group networks will be presented by the following: * The geographical distance between the two offices (L2TP/IPsec) * Bellview Law Group use of Novell and IPX/SPX instead of TCP/IP Integrating these two networks will be faced by the geographical distance between the two offices where the law firms reside. One solution would be to lease a dedicated line however; this option would be a very expensive one and is unnecessary due to new Virtual Private Network (VPN) technologies such as Layer 2 Tunneling Protocol (L2TP). Layer 2 Tunneling Protocol (L2TP) is a VPN technology allows for communication between two LAN segments separated by geographic distance by means of Point to Point Protocol (PPP) & encryption. Encryption, which is the process of converting the senders “plaintext” to a unreadable altered version of that plaintext called “ciphertext...
Words: 2057 - Pages: 9
...Possible threats with a small business network Vernon Hellbusch Coleman University We will be looking into threats and risks that can invade a small business network. The security of a small business network may be jeopardized in many ways. One of the many ways might be through your e-mail, or it could be someone sabotaging internally. Another way could be the use of hardware, such an external hard drive, thumb drive etc. Even as simple as a cell phone could interrupt the security of your network. We will be taking a look at ways to secure a business network from the cybercriminals that our out there trying to disrupt the security of the network systems. 1. We can do a risk assessment 2. We can educate the users 3. We can use packet filtering on the router 4. We can use antivirus software at the gateway and on the desktops Harden your systems by getting rid of useless applications These are just a few ways on getting started on securing your network. We can start looking at different software options that will help in securing your network. Let’s take a look at what’s out there for free, you have Microsoft securities that you can download for Free. You have AVG is another that is free, you have Malware Bytes also as well. These are just a few downloads that are free that work if you’re on a tight budget and just getting started. Also when using products like these, you want to make sure you keep track of your daily updates to make sure they’re...
Words: 582 - Pages: 3
...router settings and deny internet service to the company. There is a very low likelihood that the router will be taken over by an unauthorized user. This is also a vulnerability in terms of access control, with no access to an ISP controlled router, Quality Web Design can not secure this router to limit unauthorized access. An edge router should have specific items addressed to ensure that it has as little vulnerability as possible. Here are a few points to consider when securing a router: • Make sure that the OS is patched and as up to date as possible • Protocols o use ingress and egress filtering o Screen ICMP traffic from the internal network • Disable unused ports, and services • Utilize strong passwords • Audit Internet facing administration links • Use static routing to limit an attackers ability to edit routes, and cause a DoS • Verify that auditing and logging are in place • Send router logs to a secure central location for storage and future review if necessary ("Securing your network") Impact on Business Process Were the...
Words: 718 - Pages: 3
...Wireless Network xxxxxxxxxxx Strayer University CIS 341 Professor Kevin Jayne My name is xxxxxxx from IT-Vets. Today we will go over the transfer of paper to electronic documentation. We will discuss the use of wireless technology and the risk that are involved. I will also provide ways to make sure we are as secure as we can be. I understand you are moving to electronic documentation due to a federal requirement. In 2004, President George Bush proposed a law that all medical documentation will be electronic by 2014. He stated “by computerizing health records, we can avoid dangerous medical mistakes, reducing cost and improve care.” With this said it is better to act now and get you changed over instead of waiting till the last minute. First thing we will do is go over the plan of attack. With any wireless network the first thing to think about is security. You don’t want just anyone in your network, especially with the sensitive information we will be housing on our network. One of the best ways to do this is to remain invisible. When you drive around with your phone and you have WiFi enable and you pickup signals all over, this is an example of broadcasting your signal. With only authorized users on this network, there is no need to publicly broadcast we have a wireless network. This to me is like a company broadcasting “come see if you can get into my network”. Without the carrot dangling in front of your company you will have less rabbits trying to nibble. Another...
Words: 610 - Pages: 3
