Tag Archives: wireless

ISACA meet: Understanding Wi-Fi Security Fundamentals by Hemant Chaskar – Sat, 14 Nov

Wi-Fi logo
Image via Wikipedia

What: ISACA Pune meet. Understanding Wi-Fi Security Fundamentals by Dr. Hemant Chaskar
When: Saturday, 14th November, 6pm-8:30pm
Where: College of Agricultural Banking of Reserve Bank of India on University Road, Shivajinagar
Registration and Fees: Free for all to attend. No registration required

Details

Dr. Hemant Chaskar is a domain expert in WiFi security.

He holds Ph.D. in Electrical and Computer Engineering from University of Illinois at Urbana-Champaign, USA. Hemant is also anchor for Pune chapter of Data Security Council of India (DSCI).

He has more than 10 years of experience in security, networking and telecommunications industry in USA and India.

For last 5 years, he has extensively worked on WiFi networking and wireless security. Currently, he is Director of Technology at AirTight Networks, which is a global leader in WiFi security and performance management products and solutions.

See the ISACA Pune website for more information about ISACA.

Reblog this post [with Zemanta]

Network Security Workshop by “Null” – Dec 21

What: Workshop on Network Security by security awareness group “Null
When: Sunday, 21st December, 10am to 1:30pm
Where: I2IT, Hinjewadi
Registration and Fees: This event is free for all. No registration required.

Details:

Null, a Network Security
group, is organizing an event on the 21st of December, 2008 at
International Institute of Information Technology, Hinjewadi, Pune.

The seminars which would be held are as below:

Time

                  Workshops                 

Speaker

10 AM – 10:30 AM

Introduction to Null
and Network Security

Mr. Aseem Jakhar

10:30 AM – 11:30 PM

Wireless Security

Mr. Rohit

11:30 PM – 12:30 PM

Application Security

Mr. Ajit Hatti

12:30 PM – 1:30 PM

TCP/IP and NMAP

Mr. Murtuja

Null is a Network Security community for ethical hackers, security
professionals and security enthusiasts, born out of the need for a centralized
knowledge base in security and the fact that security is treated as an add-on
and ignored many a times. It is a step to move towards immunity from security.

Apart from having fun, we also:

          Share security related knowledge

          Create a disclosure platform

          Design/Develop innovative ideas to combat current threats

          Define a “Must-Have” security knowledge-base for different roles (programmers, QA, admin, end user)

          Spread security awareness

          Organize Meetings/Conferences/Training

For further information:

          Contact: Mr. Aseem Jakhar ( giimale@gmail.com )

          Visit the website: http://null.co.in

Speakers

1. Aseem Jakhar (Founder: NULL security community)
A network security and open source enthusiast (and a system programmer
for living). He has contributed to the development of various security products
and networking/security modules including:

– Firewall
– Regex filters.
– Baysian filters.
– Heuristic filters.
– Genetic Algorithm based score generator for heuristic filters.
– Advanced attachment filters.
– Multicast packet-reflection daemon.
– SMTP engine.
– DNSBL engine.

Aseem is an active speaker at security/open source conferences like Blackhat
Europe 2008, ClubHack 2008, Gnunify 2007. He was also invited to speak at
Inbox/Outbox UK 2008. He is a C|EH from Ec-Council and is actively involved in security research. He has also given security advisories
to various organizations including banks.

2. Murtuja Bharmal (Co-founder – NULL)
Murtuja is a Linux Kernel and Network Security
maniac. Earning livelihood by working as a System Programmer. He has been
contributing in development of various Network Security
products
like Firewall, VPN, Application Proxies, and Authentication
Modules for the past 5 years. Murtuja is a C|EH from EC-Council, is
actively involved in Security practices, development, consultancy, with
prestigious organizations. He has single handedly developed firewall product
and got it compliant with ICSA-Labs and also has expertise in
customization, security patching and integration of open
source products
like SQUID, IPTables,
VRRP, and OpenSwan.

3. Rohit Srivastwa (Member – NULL)
Founder of ClubHack, has several years experience in providing consultancy and
training in the fields of Information security, Cyber Crime Investigation and Penetration Testing. He
is actively involved advising and teaching several military agencies, law enforcement
personnel, Corporates and Government bodies in these fields

4. Ajit Hatti (Member – NULL)

Ajit Hatti is a “Software Architect &

System Programmer” by profession and “Network Security, Linux Enthusiast”. From last 4 years he has been
contributing in research & development of security products like
IPS/UTM/Mail Security & Network Scanners with various renowned
Organizations. Ajit is also actively contributing in vulnerability research of
various protocol implementations and has been researching on modern techniques
of Fingerprinting & Application/OS detection. Ajit is also associated with
PLUG, CSI, and Ubuntu’s development and testing.

Stop terrorists from hacking into your company computers with AirTight networks?

AirTight Logo

In a report titled “Wi-Fi networks extremely vulnerable to terror attacks,” the Economic Times points out that:

 

The recent incident involving US national Kenneth Haywood, whose Internet Protocol (IP) address was allegedly used to send the terror e-mail prior to the Ahmedabad serial blasts, should be regarded as a wake up call. While this incident of wireless hacking took security agencies by surprise, lakhs of individuals and companies are actually exposed to a similar risk. Incidents of such hacking are common, but go unreported since they may not have such grave implications.

The police version of the Haywood incident, as reported in the newspapers, is that suspected criminals allegedly hacked into the Wi-Fi network of his laptop and used it to send the terror e-mail. Prior to this hacking, Mr Haywood is said to have complained of high browsing bills. If this is to be believed, then one possibility is that Haywoood may have left his access point open. The suspected terrorist could then have hooked on to this access point and sent the email, which then showed Haywood’s IP address as the originator. This is regarded, in hacking terminology, as stealing of bandwidth while impersonating Haywood.

Wi-Fi hacking is an even bigger a problem for companies that have many employees who take their laptops all over the place and might come back infected, or who have a number of access points that can be easy targets if not secured properly. This is the market that Pune-based AirTight Networks is going after:

Hemant Chaskar, Airtight’s technology director, explained: “Companies earlier used firewalls, which prevented or regulated data access between internal systems and the external world. With the adoption of wireless, firewalls can be bypassed, exposing internal systems to free external access. External devices can access internal enterprise networks, while internal devices can also connect to networks outside the company’s premises in the absence of adequate security measures.

There are a few different capabilities that a company needs to be able to tackle this threat. First, being able to detect that wireless intrusion is happening. Second, being able to phyisically (i.e. goegraphically) locate exactly where the threat is coming from. Third, being able to do something about it. And finally, for the sake of compliance with government laws, being able to generate appropriate reports proving that you took all the appropriate steps to keep your company’s data secure from hackers. This last one is required whether you are worried about hackers or not, and is a huge pain.

AirTight provides all these facilities and then goes one step further, which makes it unique. At $20000 a pop, most small companies would balk at the price of all the infrastructure required for achieving all this. So AirTight provides WiFi security as an online service – you simply install a few sensors in your company. Everything else is on AirTight’s servers. So you just have to pay a small monthly fee, as low as $60 per month. And you get full security from wi-fi hacking, and you keep the government happy with nice compliance reports.

For a more details of AirTight’s products, see the PuneTech wiki profile of AirTight.

Reblog this post [with Zemanta]

AirTight Networks offers Wireless Security as an online service

Pune-based startup AirTight networks, which provides wireless security products, has announced that it is making wireless security available as an online service. The customer has to buy some wireless sensors (little plug-n-play hardware accessories) and attach them to appropriate machines in their company, respond to a few questions about their wireless setup and that’s it. Within a few days they begin to receive wireless security reports. There are no servers or software to buy, configure, or administer – because all the data analysis and report generation is hosted on AirTight’s servers over the internet.

The major benefits of this are ease of installation, ease of use, and most importantly the investment needed can be ramped up gradually. The simplest system costs just $2 per day as opposed to the upfront $20000 capital investment that would be required otherwise. In addition there is a free 30-day trial. This makes it easy for enterprises that are interested in wireless security but are worried about paying too much for something that they are unsure about.

The services provided are vulnerability assessment (“There are hackers outside your office on the North side!”), vulnerability remediation (“And I’ve blocked their wireless signals! Yippie!”), and regulatory compliance (“And here is a report you can show SOX auditors to prove that you’ll done all that’s humanly possible to protect customer data”). Each of these three is a separate offering that is priced independently.

Over at NetworkWorld, FarPoint Group’s Craig Mathias gushes breathlessly over this offering:

this was a smack-myself-in-the-forehead moment – why not provision IDS/IPS as a service, effectively leasing the infrastructure and offering the rest as a managed service? This is positively brilliant, and AirTight Networks has now done precisely this with their new SpectraGuard Online service, launched today.

[…]

I’ve seen a number of security-as-a-service offerings for small wireless LANs, but this is the first time I’ve seen such a service for large organizations. And I’m willing to bet this business model could become very popular indeed. As WLAN technology continues to change rapidly, and as one is never, ever “done” when it comes to security, AirTight has broken some important new ground here. The question, of course, is how this model might extend to other elements of network infrastructure. And it just might.

See the full press release for more details of this news. See PuneTech wiki’s AirTight page for a quick overview of AirTight.