62656 FSS - 8pp No. 55 27/8/08 10:38 Page 1 NNumberNumberNumberNumber 51 51 5551 J July JulJulyuly - - - S - SS eptSepteptept 2 200820 200700707 ISSIISSSSISSNNN1N133153159539-082095-08-08209-082020 TTTHEHEHEFFFOOORENRENRENSICSICSICSSSCCCIENCEIENCEIENCESSSOOOCIETYCIETYCIETY interinterinterAAAA forum forum forum forum for forfor for forensic forensicforensic forensic scientists scientistsscientists scientistsfff and andand and a associatedacesa saacesssoacesssosociaciaciatedtedted pro professionalspro professifessifessionaonaonalslsls A forum for forensic scientists and associated professionals WWirierelelessssnneetwtwoorkrkiningg--aannininvvisisibibleleththrereaat?t? SSoommeeththoouugghhtstsaannddrereccoommmmeennddaatitoionnss bybyAngusAngusMarshall Marshall As this article was being written, news broke that the American retail network within a few seconds and once an infected machine is re- As this article was being written, news broke that the American retail network within a few seconds and once an infected machine is re- group, TJX Corporation – owner of TJ Maxx, Barnes & Noble and introduced to a corporate or other secure network, the infestation may group, TJX Corporation – owner of TJ Maxx, Barnes & Noble and introduced to a corporate or other secure network, the infestation may several others, had been the victim of an international gang's efforts to continue to spread. several others, had been the victim of an international gang's efforts to continue to spread. acquire personal data held on its computer systems. The gang acquired acquire personal data held on its computer systems. The gang acquired In TJX's case, the attackers managed to gain access to the corporation's credit and debit card details of some 40 million consumers by abusing In TJX's case, the attackers managed to gain access to the corporation's credit and debit card details of some 40 million consumers by abusing wireless network and then implanted software which logged transaction the company's wireless network systems. wireless network and then implanted software which logged transaction the company's wireless network systems. details before passing them back, across the Internet, to the gang. If the details before passing them back, across the Internet, to the gang. If the Even though wireless networking (aka WiFi) has been around for nearly wireless network had not been available, the gang would have had to Even though wireless networking (aka WiFi) has been around for nearly wireless network had not been available, the gang would have had to 10 years now, it seems that many still have not considered the security gain physical access to the company's premises to perform this kind of 10 years now, it seems that many still have not considered the security gain physical access to the company's premises to perform this kind of implications of using wireless technology to allow access to critical parts attack, but with WiFi they could sit in the car park around the corner and implications of using wireless technology to allow access to critical parts attack, but with WiFi they could sit in the car park around the corner and of their organisations infrastructure. attack at leisure. of their organisations infrastructure. attack at leisure. By its very nature, a wireless network relies on radio frequency broadcast TheThe rules. rules. By its very nature, a wireless network relies on radio frequency broadcast - WiFi is not secure. It should be enabled only when absolutely necessary mechanisms, propagating a signal in all directions at once. The main - WiFi is not secure. It should be enabled only when absolutely necessary mechanisms, propagating a signal in all directions at once. The main and never left running 24 hours a day, 7 days a week. standards suggest that the signal can be received up to 100 metres from and never left running 24 hours a day, 7 days a week. standards suggest that the signal can be received up to 100 metres from - Secure transactions should always take place over a wired physical the station generating it. This is great for casual Internet users who want - Secure transactions should always take place over a wired physical the station generating it. This is great for casual Internet users who want network connection, which is hard to monitor without physical access. to enjoy a cup of coffee while they check e-mail, but should sound alarm network connection, which is hard to monitor without physical access. to enjoy a cup of coffee while they check e-mail, but should sound alarm - If WiFi must be used, it should be set to the highest security levels bells for anyone who keeps sensitive data on a network which is about to - If WiFi must be used, it should be set to the highest security levels bells for anyone who keeps sensitive data on a network which is about to possible and encryption keys should be changed regularly (i.e. every become wireless enabled. possible and encryption keys should be changed regularly (i.e. every become wireless enabled. time it is switched on) to reduce the risks of eavesdropping and attacks. time it is switched on) to reduce the risks of eavesdropping and attacks. By adding a wireless access point to any network, it becomes possible for - If a wireless access point is connected to a network, a filter should be By adding a wireless access point to any network, it becomes possible for - If a wireless access point is connected to a network, a filter should be any passer by to detect the presence of the network using freely available placed between the access point and the network to control the material any passer by to detect the presence of the network using freely available placed between the access point and the network to control the material tools such as NetStumbler or Kismet. Even if the access point is which goes both in and out. Critical and/or sensitive applications should tools such as NetStumbler or Kismet. Even if the access point is which goes both in and out. Critical and/or sensitive applications should configured to provide some degree of security using WEP (Wired not be accessible across the wireless part of the network. configured to provide some degree of security using WEP (Wired not be accessible across the wireless part of the network. Equivalent Privacy) or WPA/WPA2(WiFi Protected Access), which use - Systems which have been connected to public networks should be Equivalent Privacy) or WPA/WPA2(WiFi Protected Access), which use - Systems which have been connected to public networks should be encryption to scramble data in transit between wireless stations and the quarantined and thoroughly checked for viruses etc. before being encryption to scramble data in transit between wireless stations and the quarantined and thoroughly checked for viruses etc. before being network, the network itself remains detectable. The encryption in these reconnected to any other network. network, the network itself remains detectable. The encryption in these reconnected to any other network. systems is not perfect. Tools exist to monitor encrypted traffic and systems is not perfect. Tools exist to monitor encrypted traffic and calculate the decryption keys. The more data that passes through the Similar issues and rules apply to personal area network (PAN) calculate the decryption keys. The more data that passes through the Similar issues and rules apply to personal area network (PAN) wireless network, the easier the decryption becomes. technology, such as bluetooth. wireless network, the easier the decryption becomes. technology, such as bluetooth. Even if the access point has been configured not to broadcast its identity Finally, it is becoming acknowledged that wireless devices should not be Even if the access point has been configured not to broadcast its identity Finally, it is becoming acknowledged that wireless devices should not be and to restrict access only to authorised machines, based on the hardware taken into crime scenes in case they are detected by or contaminate and to restrict access only to authorised machines, based on the hardware taken into crime scenes in case they are detected by or contaminate identity of those machines, it is possible for an attacker to monitor the digital evidence sources at the scene. At an extreme, it is possible to identity of those machines, it is possible for an attacker to monitor the digital evidence sources at the scene. At an extreme, it is possible to network while it is in use and obtain details of the authorised machines create a trigger for an explosive device which counts the number of network while it is in use and obtain details of the authorised machines create a trigger for an explosive device which counts the number of & network identity. Once these details are known, the attacker's system mobile phones in its vicinity in order to maximise the loss of life. & network identity. Once these details are known, the attacker's system mobile phones in its vicinity in order to maximise the loss of life. can be modified, again using free software, to mimic a legitimate can be modified, again using free software, to mimic a legitimate network user's system. network user's system. PricePrice Fr Freeze!eeze! Public wireless networks, such as those found in coffee shops are, Public wireless networks, such as those found in coffee shops are, Most Forensic Science Society Membership Fees have been frozen for perhaps, an even bigger problem. As soon as a machine joins the public Most Forensic Science Society Membership Fees have been frozen for perhaps, an even bigger problem. As soon as a machine joins the public next year and even reduced for many retired members. network, it becomes part of a shared network used by every other next year and even reduced for many retired members. network, it becomes part of a shared network used by every other 2008/09 Fees machine in the area. Although that machine may have been clean and 2008/09 Fees machine in the area.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages8 Page
-
File Size-