Black Hat Convention vs. Hackers

Would you like to be the wi-fi provider in charge of protecting the network at the Black Hat convention in Las Vegas?
How do you secure a wireless network for a convention of hackers?

That's the question that wireless networking vendor Aruba Networks has been answering for the last four years as the wireless service provider for the Black Hat security conference.

Black Hat takes place this week in Las Vegas, and Aruba is providing the wireless network. And that means it has its work cut out for it: Aruba's Wi-Fi network is under constant assault during the event, with users attempting denial of service (DoS) attacks, scanning for open ports and deploying rogue access points.

Aruba isn't intimidated by the Black Hat crowd -- on the contrary, Aruba execs note that they learn from the event in order to make wireless access more secure.

"The posture that we take at Black Hat is much more defensive than it is for a regular public conference," Mike Tennefoss, Aruba's head of strategic marketing, told InternetNews.com. "The way we set up wireless in the early years was to have an open Wi-Fi network and we saw all sorts of attacks take place."

"A lot of these people have gone to Black Hat training [sessions] first, and there are wireless hacking classes that are taught," he added. "So a lot of the stuff we saw last year happened during the training where people tried to try out new attacks."

Tennefoss said that last year, Aruba took the step of turning on WPA (define) encryption by default for the Black Hat network.

"What we saw as a result of turning on WPA was a drastic reduction in the amount of 'screwing around' that people did on the network," Tennefoss said. "Most of the other conferences that we do, like Interop, they don't want to turn on WPA. For usability reasons, they want an open network."

With an open network, data is sent unencrypted in the clear. Even though it's less secure, organizers of some conferences see a benefit in that it's easier to log on to, since a WPA password is not required.

But Tennefoss noted that there is also a misconception in the marketplace that works against WPA -- that it causes an impact on wireless performance. According to Tennefoss, Aruba's wireless gear does not suffer from a performance hit as a result of turning the encryption.

One security feature that the Black Hat Wi-Fi network will not have is network access control (NAC). Tennefoss explained that Aruba has a NAC endpoint compliance system that validates the health of an endpoint -- that is, it ensures it has working security software. According to Tennefoss, the Black Hat organizers have chosen not to take advantage of that capability.

Tennefoss said endpoint compliance is more popular with corporate deployments, and trade shows don't tend to use the technology. The chief concern is that if NAC is turned on, it will decrease the network's ease of usability, as users may or may not be able to comply with the network policy.

Going rogue

One of the most common types of attacks seen at Black Hat is when attackers set up their own access points with the name "Black Hat". Such a rogue access point could potentially trick users into connecting to it, and then the attacker could see all of the users' traffic.

But Aruba is striking back, courtesy of a technology called RFprotect. Integrated into Aruba's controller and management software, RFprotect seeks out and helps to identify rogues on the network, Tennefoss said.

Aruba can also physically locate where potential rogue access points might be set up, enabling staffers to confront the hackers responsible.

"We set our access points up in such a way that every room is covered by at least three access points," Tennefoss said. "So we can triangulate location based on signal strength."

Tennefoss explained that all three access points would see any rogue signal. The data is fed into Aruba's management system, which then enables the company to pinpoint a rogue's location in a room.

Aruba also keeps the access point logs from the event and analyzes all the traffic after Black Hat to see if any new types of attacks are emerging.

But is it safe?

Users of the Black Hat Wi-Fi network have traditionally been first greeted by a terse warning that the network is hostile -- that is, if you use it, you might be prone to hacking.

But to Aruba, that doesn't mean that the Wi-Fi network isn't safe for most users.

"Given the level of protection we have in place, it's relatively safe," Tennefoss said. "The larger point for the warning is that the entire conference should be considered hostile overall. So don't do your online banking or transmit passwords in the clear over the network because someone could potentially intercept you."

The Black Hat event runs an effort called the Wall of Sheep, which anonymously posts on a wall users that are connecting to services without the appropriate security -- for instance, transmitting data in the clear.

Tennefoss noted that the Wall of Sheep is about education and not specifically about the insecurity of the Black Hat Wi-Fi network.

"I think it's a safe network to use," Tennefoss said. "You're not going to turn on your notebook and suddenly be infected. It's more about being conscious of what sort of things you're doing on the network."

Article courtesy of InternetNews.com.




Tags: services, wireless, policy, NAC, Black Hat


0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.