Tag Archives: wi-fi

ISACA meet: Understanding Wi-Fi Security Fundamentals by Hemant Chaskar – Sat, 14 Nov

Wi-Fi logo
Image via Wikipedia

What: ISACA Pune meet. Understanding Wi-Fi Security Fundamentals by Dr. Hemant Chaskar
When: Saturday, 14th November, 6pm-8:30pm
Where: College of Agricultural Banking of Reserve Bank of India on University Road, Shivajinagar
Registration and Fees: Free for all to attend. No registration required

Details

Dr. Hemant Chaskar is a domain expert in WiFi security.

He holds Ph.D. in Electrical and Computer Engineering from University of Illinois at Urbana-Champaign, USA. Hemant is also anchor for Pune chapter of Data Security Council of India (DSCI).

He has more than 10 years of experience in security, networking and telecommunications industry in USA and India.

For last 5 years, he has extensively worked on WiFi networking and wireless security. Currently, he is Director of Technology at AirTight Networks, which is a global leader in WiFi security and performance management products and solutions.

See the ISACA Pune website for more information about ISACA.

Reblog this post [with Zemanta]

Seminar on Understanding Wi-Fi Cyber attacks

AirTight Logo

What: Free Seminar on Wi-Fi security and understanding wi-fi cyber attacks conducted by AirTight Networks and MCCI
When: Tuesday, Jan 13, 6pm-8:30pm
Where: Hall No. 6 & 7, B Wing, 5th Floor MCCIA Trade Tower, ICC Complex Senapati Bapat Road
Registration and Fees: This seminar is free for all. Register at: http://www.airtightnetworks.com/seminar/mccia.

Details:
WiFi is fast becoming popular in India – among home users, business travelers, and corporates. While WiFi provides the benefits of wireless and mobile access, unsecured WiFi provides an easy target for hit-and-run style attacks allowing hackers to cause severe damage while remaining invisible and undetected. The crimes range from cyber extortion, downloading illegal content, to theft of credit card numbers and other private corporate information. Most importantly, the recent incidents of cyber terrorism in India showed that an unsecured WiFi connection poses danger to national security.

WiFi cyber-attacks can be used to hack into your network to steal confidential data, steal usernames and passwords, steal user identities or to plan terror attacks. Your WiFi network can become a huge liability if not secured properly.

To create public awareness, MCCIA in association with AirTight Networks Pvt. Ltd., the global leader in wireless security, is conducting a free introductory seminar titled “Understanding WiFi Cyber-attacks”.

This seminar will be followed by a panel discussion titled “Legal and Financial Exposure from WiFi Cyber-attacks”. Panel members include top experts such as Deepak Shikarpur, Chairman, IT Committee, MCCIA, Vaishali Bhagwat, Top Cyber-crime Lawyer and Pravin Bhagwat, Wireless Networking Pioneer.

This seminar is free for all. Register at: http://www.airtightnetworks.com/seminar/mccia

Reblog this post [with Zemanta]

Network Security Workshop by “Null” – Dec 21

What: Workshop on Network Security by security awareness group “Null
When: Sunday, 21st December, 10am to 1:30pm
Where: I2IT, Hinjewadi
Registration and Fees: This event is free for all. No registration required.

Details:

Null, a Network Security
group, is organizing an event on the 21st of December, 2008 at
International Institute of Information Technology, Hinjewadi, Pune.

The seminars which would be held are as below:

Time

                  Workshops                 

Speaker

10 AM – 10:30 AM

Introduction to Null
and Network Security

Mr. Aseem Jakhar

10:30 AM – 11:30 PM

Wireless Security

Mr. Rohit

11:30 PM – 12:30 PM

Application Security

Mr. Ajit Hatti

12:30 PM – 1:30 PM

TCP/IP and NMAP

Mr. Murtuja

Null is a Network Security community for ethical hackers, security
professionals and security enthusiasts, born out of the need for a centralized
knowledge base in security and the fact that security is treated as an add-on
and ignored many a times. It is a step to move towards immunity from security.

Apart from having fun, we also:

          Share security related knowledge

          Create a disclosure platform

          Design/Develop innovative ideas to combat current threats

          Define a “Must-Have” security knowledge-base for different roles (programmers, QA, admin, end user)

          Spread security awareness

          Organize Meetings/Conferences/Training

For further information:

          Contact: Mr. Aseem Jakhar ( giimale@gmail.com )

          Visit the website: http://null.co.in

Speakers

1. Aseem Jakhar (Founder: NULL security community)
A network security and open source enthusiast (and a system programmer
for living). He has contributed to the development of various security products
and networking/security modules including:

– Firewall
– Regex filters.
– Baysian filters.
– Heuristic filters.
– Genetic Algorithm based score generator for heuristic filters.
– Advanced attachment filters.
– Multicast packet-reflection daemon.
– SMTP engine.
– DNSBL engine.

Aseem is an active speaker at security/open source conferences like Blackhat
Europe 2008, ClubHack 2008, Gnunify 2007. He was also invited to speak at
Inbox/Outbox UK 2008. He is a C|EH from Ec-Council and is actively involved in security research. He has also given security advisories
to various organizations including banks.

2. Murtuja Bharmal (Co-founder – NULL)
Murtuja is a Linux Kernel and Network Security
maniac. Earning livelihood by working as a System Programmer. He has been
contributing in development of various Network Security
products
like Firewall, VPN, Application Proxies, and Authentication
Modules for the past 5 years. Murtuja is a C|EH from EC-Council, is
actively involved in Security practices, development, consultancy, with
prestigious organizations. He has single handedly developed firewall product
and got it compliant with ICSA-Labs and also has expertise in
customization, security patching and integration of open
source products
like SQUID, IPTables,
VRRP, and OpenSwan.

3. Rohit Srivastwa (Member – NULL)
Founder of ClubHack, has several years experience in providing consultancy and
training in the fields of Information security, Cyber Crime Investigation and Penetration Testing. He
is actively involved advising and teaching several military agencies, law enforcement
personnel, Corporates and Government bodies in these fields

4. Ajit Hatti (Member – NULL)

Ajit Hatti is a “Software Architect &

System Programmer” by profession and “Network Security, Linux Enthusiast”. From last 4 years he has been
contributing in research & development of security products like
IPS/UTM/Mail Security & Network Scanners with various renowned
Organizations. Ajit is also actively contributing in vulnerability research of
various protocol implementations and has been researching on modern techniques
of Fingerprinting & Application/OS detection. Ajit is also associated with
PLUG, CSI, and Ubuntu’s development and testing.

81% of Pune’s Wi-Fi Networks are insecure – ClubHack report

Wi-Fi Security in Pune. Only the WEP encrypted access points (cream colored pie) are secure. Everything else is unsecure.
Wi-Fi Security in Pune. Only the WPA encrypted access points (cream colored pie) are secure. Everything else is insecure.

ClubHack, the group hell-bent on hammering some sense of security hygiene into the heads of an ignorant and careless public, went around Pune making a note of how secure or insecure various Wi-Fi hotspots in the city were, and found that a full 50% were not protected at all, and another 31% were only weakly protected. That just leaves 19% adequately protected.

If you have no idea what I am talking about, here is a little bit of explanation. More and more users are now using wireless networking cards to get their internet access. In such a setup, there is a Wi-Fi card that goes into your desktop/laptop (most modern laptops have this built-in), and to complete the connection there is a device that needs to be plugged into your internet connection (i.e. your broadband cable, or telephone line). This device is called an access point (AP), and is typically a wireless router. The computer then communicates wirelessly with your wi-fi router to connect to the internet.

The above report points out that in 50% of all wi-fi access points installed in Pune, there is no protection against random third-party computers from connecting to the AP. That’s like leaving your front door open. Not only can they access the internet using your AP, but more importantly, it is very likely that they can access the other computers on your network, and can tap into the network traffic going back and forth between those computers and the internet. If you are unlucky, they can get access to sensitive data, like passwords to your email account, or worse, bank account. Or, if, like our government, you want to focus on the wrong thing, you can worry that THE TERRORISTS CAN USE YOUR NETWORK TO SEND BOMB THREATS!!! (and we dutifully reported that in PuneTech.)

Of the remaining, 31% think that they have protected their AP using encryption, but the encryption scheme they are using (WEP) is known to be very weak, and can be broken in a matter of minutes. Which means that a hacker (cracker actually) sitting in a car outside your building can easily break into the network without anybody realizing it.

How did ClubHack find out? This is what they did:

On 10th November 2008, ClubHack created a setup in a car which included laptops & GPS enabled devices for the exercise. The car was driven in all the popular areas which included IT parks, multiplexes, residential areas, markets, busy streets etc. While the car was driving at a normal speed, the GPS and wireless enabled devices sensed the availability of wireless signals on the road. These signals were then recorded with details like MAC address of the access point, name of the network, security used, longitude and latitude of the location where the signal of a particular network was highest.

And just in case anybody amongst you is thinking that what they did was illegal and actionable, don’t worry! They took permission of Pune Police to undertake this mission, and Pune Police actually sent an officer to accompany them. For some more details of their project and findings, you can check out the short report, or the full report (PDF).

What should you do? If you are reading PuneTech, then no doubt you are one of the smart ones who are in the 19% that use WPA based encryption. But just in case someone slipped through, what you need to do is educate yourself about wi-fi security issues, and ensure that you change the settings on your wi-fi access point to use one of the WPA based encryption schemes. (There are 6 or 7 variants like WPA-PSK, WPA2-Personal, etc. Any one of them will do.) And please change the default administrator password for your AP. And if you have no clue what I am talking about, get a friend who understands to help you. Or pony up the Rs. 1000 for the wi-fi security workshop that ClubHack is going to conduct next month, or the Rs. 8000 for the wi-fi security training that AirTight networks is going to conduct later this month. This last one is certainly recommended if you are the network admin for one of the IT companies that ClubHack managed to snag during their wardrive.

And just in case the remaining 19% are feeling very pleased with yourself, I should also point out that security guru Bruce Schneier keeps his own wi-fi network open. It is a fascinating, and insightful, and a different take on this issue that you should read. But inspite of Bruce’s sage advice, I keep my router protected with WPA. Because Bruce’s advice amounts to saying that I should leave my door open, but keep all my drawers, and cupboards, and closets and bedroom door locked, and the fridge and TV chained to the wall. I’m not a security guru, and I am sure I’ll leave some door open. Don’t want to take that chance.

Pune company watch: Companies that are doing work related to this area in Pune: Airtight Networks, Symantec, QuickHeal.

PMC to re-charge Pune wi-fi project

From ExpressIndia.Com

With private company, Microsense, “struggling” to implement the Unwire Pune project a year after its launch through out the city, the Pune Municipal Corporation is planning to rope in multiple agencies to provide the (Wi-Fi) wireless internet connectivity facility.

[…]

“Four more private agencies have offered to provide the wireless internet connectivity service and we are planning to rope them for the implementation of the coveted project,” Anupam Saraph, chief information officer (CIO), PMC, told this paper on Sunday.

PMC now has an experienced industry veteran, in the form of CIO Anupam Saraph, at the helm of IT-related affairs since January 2008, and he is slowly trying to overhaul the system. He recently gave the PMC website a new look, and introduced the use of wikis for internal project management. He has a bunch of other initiatives cooking that I hope to write about in detail later this week. Stay tuned.