Black Hat Convention vs. Hackers

How do you secure a wireless network for a convention of hackers?

That’s the question that wireless networking vendor Aruba Networks has been answering for the last four years as the wireless service provider for the Black Hat security conference.

Black Hat takes place this week in Las Vegas, and Aruba is providing the wireless network. And that means it has its work cut out for it: Aruba’s Wi-Fi network is under constant assault during the event, with users attempting denial of service (DoS) attacks, scanning for open ports and deploying rogue access points.

Aruba isn’t intimidated by the Black Hat crowd — on the contrary, Aruba execs note that they learn from the event in order to make wireless access more secure.

“The posture that we take at Black Hat is much more defensive than it is for a regular public conference,” Mike Tennefoss, Aruba’s head of strategic marketing, told InternetNews.com. “The way we set up wireless in the early years was to have an open Wi-Fi network and we saw all sorts of attacks take place.”

“A lot of these people have gone to Black Hat training [sessions] first, and there are wireless hacking classes that are taught,” he added. “So a lot of the stuff we saw last year happened during the training where people tried to try out new attacks.”

Tennefoss said that last year, Aruba took the step of turning on WPA (define) encryption by default for the Black Hat network.

“What we saw as a result of turning on WPA was a drastic reduction in the amount of ‘screwing around’ that people did on the network,” Tennefoss said. “Most of the other conferences that we do, like Interop, they don’t want to turn on WPA. For usability reasons, they want an open network.”

With an open network, data is sent unencrypted in the clear. Even though it’s less secure, organizers of some conferences see a benefit in that it’s easier to log on to, since a WPA password is not required.

But Tennefoss noted that there is also a misconception in the marketplace that works against WPA — that it causes an impact on wireless performance. According to Tennefoss, Aruba’s wireless gear does not suffer from a performance hit as a result of turning the encryption.

One security feature that the Black Hat Wi-Fi network will not have is network access control (NAC). Tennefoss explained that Aruba has a NAC endpoint compliance system that validates the health of an endpoint — that is, it ensures it has working security software. According to Tennefoss, the Black Hat organizers have chosen not to take advantage of that capability.

Tennefoss said endpoint compliance is more popular with corporate deployments, and trade shows don’t tend to use the technology. The chief concern is that if NAC is turned on, it will decrease the network’s ease of usability, as users may or may not be able to comply with the network policy.

Going rogue

One of the most common types of attacks seen at Black Hat is when attackers set up their own access points with the name “Black Hat”. Such a rogue access point could potentially trick users into connecting to it, and then the attacker could see all of the users’ traffic.

But Aruba is striking back, courtesy of a technology called RFprotect. Integrated into Aruba’s controller and management software, RFprotect seeks out and helps to identify rogues on the network, Tennefoss said.

Aruba can also physically locate where potential rogue access points might be set up, enabling staffers to confront the hackers responsible.

“We set our access points up in such a way that every room is covered by at least three access points,” Tennefoss said. “So we can triangulate location based on signal strength.”

Tennefoss explained that all three access points would see any rogue signal. The data is fed into Aruba’s management system, which then enables the company to pinpoint a rogue’s location in a room.

Aruba also keeps the access point logs from the event and analyzes all the traffic after Black Hat to see if any new types of attacks are emerging.

But is it safe?

Users of the Black Hat Wi-Fi network have traditionally been first greeted by a terse warning that the network is hostile — that is, if you use it, you might be prone to hacking.

But to Aruba, that doesn’t mean that the Wi-Fi network isn’t safe for most users.

“Given the level of protection we have in place, it’s relatively safe,” Tennefoss said. “The larger point for the warning is that the entire conference should be considered hostile overall. So don’t do your online banking or transmit passwords in the clear over the network because someone could potentially intercept you.”

The Black Hat event runs an effort called the Wall of Sheep, which anonymously posts on a wall users that are connecting to services without the appropriate security — for instance, transmitting data in the clear.

Tennefoss noted that the Wall of Sheep is about education and not specifically about the insecurity of the Black Hat Wi-Fi network.

“I think it’s a safe network to use,” Tennefoss said. “You’re not going to turn on your notebook and suddenly be infected. It’s more about being conscious of what sort of things you’re doing on the network.”

Article courtesy of InternetNews.com.

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020