Using WIPS to detect Windows 7 SoftAP

I put up a post today on Accuvant’s Insight blog about choosing a WIPS (Wireless Intrusion Protection System) Solution. I have discovered over the past week quite of information about a new Windows 7 feature that allows any user to in effect turn their laptop into a rogue access point. As was mentioned by Air Magnet in a recent webinar, this feature is not really out of the mainstream of where the computing industry is headed and it in fact enables for the home user functionality that is quite useful. That is to be able to easily connect various WiFi enabled devices to their laptops to share photos, videos and more.

The problem this functionality presents to the enterprise underscores the need to consider a WIPS solution when designing a wireless deployment. As it stands, it seems that what is present in the Windows 7 Soft AP is no worse than going to buy a $50 Linksys from your nearest big box store. Microsoft nicely even includes GPO functionality to turn this off, thereby enabling better control over Windows 7 in the enterprise. However, and this is key, this functionality can’t be easily detected by wired IPS/IDS systems. That is because they simply cannot see what is happening on the WLAN.

People often ask me why do they need to invest in a WIPS solution, when from their point of view, understandably, its an extra cost with not much in terms of visible work enhancing functionality. This has always been one of the problems in any type of security function in the enterprise, its a cost without an obvious direct gain for management. I think over the past few years people have become more aware of the problems with this approach, but as it relates to wireless networks they simply don’t understand why this hasn’t been solved and why it needs something outside of just buying the normal APs to get. That has more to do with the lack of knowledge out there as to how wireless works and that a basic understanding of wireless technology has not filtered up to management levels. After all if your boss has an AP at home that just seems to work and he never has problems with it, why should what he buys for work be so much more complex and demand all this extra equipment?

In fact most of the enterprise class wireless networks that are available today are very secure, and sometimes more secure than the wired side too. However, wireless hackers have turned their attention to attacking clients. Why? Because its much easier for them to obtain information needed to gain access to the corporate WLAN from a client. This means that for you, as the person responsible for making sure no one is using the wireless network who shouldn’t be, need an easy way to detect what is going on with the client and if the Soft AP functionality is being used. That is a big reason to consider a WIPS solution as integral to your WLAN design. I would venture so far as to say that WIPS should be a standard part of any enterprise class WLAN. If the mainstream of computing is heading towards functionality that enables your home user to come in, connect his laptop up to your secure internal network then turn on a wireless network so his wireless enabled camera, iPhone or whatever can connect to it and get out to the Internet, then that ease of use will also make it easy for the bad guys to also use it.

WIPS is much more than just rogue detection, even something as simple as the Windows 7 soft AP. Most of the major WIPS vendors are now incorporating spectrum analysis into their products. This has pretty major implications not only for wireless security but also for monitoring the performance of your WLAN. Spectrum analysis looks at how the wireless spectrum is actually being used at a very low level. This gives you major insight into the performance of your WLAN, insight that you would normally need to pay a person like me a large bunch of money to find out. So not only is your WIPS solution helping you to stop the bad guys and monitor your users so they don’t accidentally enable things that can hurt your security but it can also enable you to get a good grasp on the whys, wheres and hows of your wireless network performance. That must be something worth talking to your boss about, when you try to convince him of the need for a WIPS system, isn’t it? Oh and if you need to know which one to buy, I’m happy to help you figure out which one will give you the most sleep at night. That’s the fun part of my job.

One Response to “Using WIPS to detect Windows 7 SoftAP”

  1. Ajay says:

    Yes, WIPS surely has become more than it was few years back. Today’s leading WIPS solutions provide 24X7 monitoring of Airspace, 24×7 detection and prevention of all wireless threats originating inside or outside of enterprise premesis. Further, they provide features such as location tracking of Wi-Fi device and forensics.

    To know, more about the latest threat about Windows 7 Rogue AP, refer to ….
    http://www.infosecurity-us.com/view/8500/comment-security-risk-exposure-increases-due-to-windows-7-virtual-wifi-capability/

Leave a Response