Thursday, October 6, 2016

Threats to wireless security : Rogue access point

Of all of the threats faced by your network security, few are as potentially dangerous as the rogue Access Point (AP). A rogue AP is a WiFi Access Point that is set up by an attacker for the purpose of sniffing wireless network traffic in an effort to gain unauthorized access to your network environment. Ironically, though, this breach in security typically isn't implemented by a malicious hacker or other malcontent. Instead, it's usually installed by someone who is simply looking for the same convenience and flexibility at work that they've grown accustomed to using on their own home wireless network.
To prevent the installation of rogue access points, organizations can install wireless intrusion prevention systems to monitor the radio spectrum for unauthorized access points. Presence of a large number of wireless access points can be sensed in airspace of a typical enterprise facility. These include managed access points in the secure network plus access points in the neighborhood. A wireless intrusion prevention system facilitates the job of auditing these access points on a continuous basis to learn whether there are any rogue access points among them.
In order to detect rogue access points, two conditions need to be tested:
  • whether or not the access point is in the managed access point list
  • whether or not it is connected to the secure network
The first of the above two conditions is easy to test - compare wireless MAC address (also called as BSSID) of the access point against the managed access point BSSID list. However, automated testing of the second condition can become challenging in the light of following factors: a) Need to cover different types of access point devices such as bridging, NAT (router), unencrypted wireless links, encrypted wireless links, different types of relations between wired and wireless MAC addresses of access points, and soft access points, b) necessity to determine access point connectivity with acceptable response time in large networks, and c) requirement to avoid both false positives and negatives.

Tuesday, October 4, 2016

Puppet on the AWS Cloud

Puppet is a declarative, model-based configuration management solution from Puppet Labs that lets you define the state of your IT infrastructure, and automatically enforces that desired state on your systems. This Quick Start automates the deployment of a Puppet master and Puppet agents from scratch, using AWS CloudFormation templates.
Puppet Enterprise, comprises a commercially supported version of its open-source configuration management tool, Puppet. Puppet IT automation software uses Puppet's declarative language to manage various stages of the IT infrastructure lifecycle, including the provisioning, patching, configuration, and management of operating system and application components across enterprise data centers and cloud infrastructures.
Built as cross-platform software, Puppet and Puppet Enterprise operate on Linux distributions, including RHEL (and clones such as CentOS and Oracle Linux), Fedora, Debian, Mandriva, Ubuntu, and SUSE, as well as on multiple Unix systems (Solaris, BSD, Mac OS X, AIX, HP-UX), and has Microsoft Windows support. It is a model-driven solution that requires limited programming knowledge to use.
Puppet is a server management application that can use ServiceNow configuration item (CI) data to bring computers into a desired state by managing files, services, or packages installed on physical or virtual machines. ServiceNow can interact with Puppet systems that run Linux. ServiceNow identifies a Puppet Master, which controls Puppet nodes, and uses a standalone utility to discover the components in the Puppet environment. ServiceNow uses information about server CIs from the Puppet Master to classify those servers as Puppet nodes. Puppet then evaluates a node's current state and modifies the node to achieve the desired state.
Note: A group of configuration items is called a configuration template in ServiceNow Provider and a node definition in Puppet.