Wireless security is nothing but protecting computers, smartphones, tablets, laptops and other portable devices along with the networks they are connected to, from threats and vulnerabilities associated with wireless computing.
Common Bluetooth Security Issues :
There are a number of ways in which Bluetooth security can be penetrated, often because there is little security in place. The major forms of Bluetooth security problems fall into the following categories:
Bluejacking: Bluejacking is often not a major malicious security problem, although there can be issues with it, especially as it enables someone to get their data onto another person's phone, etc. Bluejacking involves the sending of a vCard message via Bluetooth to other Bluetooth users within the locality - typically 10 metres. The aim is that the recipient will not realise what the message is and allow it into their address book. Thereafter messages might be automatically opened because they have come from a supposedly known contact.
Bluebugging: This more of an issue. This form of Bluetooth security issue allows hackers to remotely access a phone and use its features. This may include placing calls and sending text messages while the owner does not realise that the phone has been taken over.
Car Whispering: This involves the use of software that allows hackers to send and receive audio to and from a Bluetooth enabled car stereo system
BlueBorne: This attack allows attackers to completely take over Bluetooth-enabled devices, spread malware, or even establish a "man-in-the-middle" connection to gain access to devices' critical data and networks without requiring any victim interaction.
In order to protect against these and other forms of vulnerability, the manufacturers of Bluetooth enabled devices are upgrading he security to ensure that these Bluetooth security lapses do not arise with their products.
Common WIFI Security Issues :
- Man-in-the-Middle Attack
- Packet Analyzers
- Rogue Access Points
- Evil Twins
- Ad Hocs
- War Driving
- Cracking Attacks
- Denial Of Service
Securing Wireless Network :
- Change Default Administrator Passwords
- Turn On Wireless Network Encryption
- Utilize The Enterprise Mode Of WPA2 Security
- Keep Track Of Mobile Devices
- Change The Default SSID
- Control Your Broadcast Area
- Limit Access Rights
- Limit The Number Of User Addresses
- Enable Mac Address Filtering
- Disable SSID Broadcast
- Position The Router Or Access Point Strategically
- Assign Static Ip Addresses To Devices
- Turn Off The Network During Extended Periods Of Non-Use
- Monitor For Rogue APs
- Update Router Firmware
- Turn Off WPS
- Disable Remote Access
Wireless Technology Risks :
- All the vulnerabilities that exist in a conventional wired network apply to wireless technologies.
- Malicious entities may gain unauthorized access to an agency's computer network through wireless connections, bypassing any firewall protections.
- Sensitive information that is not encrypted (or that is encrypted with poor cryptographic techniques) and that is transmitted between two wireless devices may be intercepted and disclosed.
- DoS attacks may be directed at wireless connections or devices.
- Malicious entities may steal the identity of legitimate users and masquerade as them on internal or external corporate networks.
- Sensitive data may be corrupted during improper synchronization.
- Malicious entities may be able to violate the privacy of legitimate users and be able to track their movements.
- Malicious entities may deploy unauthorized equipment (e.g., client devices and access points) to surreptitiously gain access to sensitive information.
- Handheld devices are easily stolen and can reveal sensitive information.
- Data may be extracted without detection from improperly configured devices.
- Viruses or other malicious code may corrupt data on a wireless device and subsequently be introduced to a wired network connection.
- Malicious entities may, through wireless connections, connect to other agencies or organizations for the purposes of launching attacks and concealing their activities.
- Interlopers, from inside or out, may be able to gain connectivity to network management controls and thereby disable or disrupt operations.
- Malicious entities may use third-party, untrusted wireless network services to gain access to an agency's or other organization's network resources.
- Internal attacks may be possible via ad hoc transmissions.
No comments:
Post a Comment