TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- I'll be at Networld+Interop in Las Vegas next week. Feel free to stop by our Internet Security Systems' booth and say Hello. I will be doing the introduction for our new wireless LAN security class out there as well. Wireless LAN Security Drive-by Hacking...Imagine driving in New York City with a laptop with a wireless card in it. With the proper hacking software easily obtained from the Internet, anyone can monitor the airwaves for wireless data packets and begin to see the most sensitive financial transactions emanating over the wireless traffic from nearby buildings. Billions of dollars each day are transferred electronically from one network to another by these prestigious financial institutions. The underlying infrastructure has a major exposure: wireless network access. For under $300, an employee at any company can add their own rogue wireless base station to the backbone of their company's network to enable their laptops to stay connected to get email and browse without wires. With a lack of awareness by the company that a base station has been added and a lack of proper security configuration, the newly added base station can become an intruder's dream backdoor into a company's network despite the front door firewall. For under $100, an intruder can equip their laptop with wireless technology to sit within range to monitor, access, and hijack the data flowing over the wireless network. This wireless risk has been validated as a real security issue in New York City, San Francisco, and Atlanta where companies are exposed. They do not even know they have wireless on their backbone network. This is a problem facing all companies in all cities as wireless becomes ubiquitously deployed. Internet Security Systems has developed a wireless 802.11b whitepaper that outlines many of the high-risk issues surrounding 802.11 wireless LAN deployments. It includes rogue access points, jamming, architecture, encryption issues, and misconfiguration issues. This whitepaper is available at <http://www.iss.net/wireless> ISS provides a wireless security protection solution by leveraging consulting, products, managed security services, and education to battle this wireless LAN security problem. Below are the details on: Wireless Security Consulting Wireless Security Products Wireless Security Education The ISS Consulting Solutions Group is offering a set of standard services designed to help ensure that customers design and deploy wireless networks properly guarded against the possibility of malicious attack. Wireless Network Security Evaluation (WNSE) The WNSE is a multiple-step engagement ideal for customers and prospects who need to have their wireless networks assessed with regard to their potential exposure to attack. Identification of unauthorized access points and review of component configurations are key tasks of this service. Wireless Network Penetration Testing Wireless Network Penetration Testing identifies, isolates, and confirms possible flaws in the design and implementation of wireless networks (i.e. configuration, encryption, and other security controls). Tests simulate probable malicious actions of unauthorized and authorized users. Wireless Security Design Evaluation (WSDE) The WSDE is targeted at customers and prospects who have planned to deploy wireless networks and need to have their network design evaluated for security best practices. Design concepts such as access point placement and configuration, authentication mechanisms, encryption, and vulnerability and threat management are reviewed. Wireless Security Strategy Workshop (WSSW) Planning is an essential element in ensuring the proper implementation of any strategy. The Wireless Security Strategy Workshops (WSSW) are facilitated sessions designed to help organizations plan their wireless network security strategies. The workshop provides an efficient way to develop a detailed plan and strategy and provides a forum for consensus-building among all stakeholders. Wireless Security Policy Development ISS Wireless Security Policy Development services provide a means for implementing appropriate, comprehensive protection for computing environment. As part of the ISS CSG standard Policy Development services, the Wireless Security Policy Development service is intended to provide customers with a complete policy tailored to their operational environment including philosophy of protection, appropriate use, and roles and responsibilities. Wireless Security Product Internet Scanner XPU 4.9 contains a discovery check to detect and analyze rogue 802.11 access points. Many organizations are unaware of what wireless LANs are connected to their network. Near future X-Press Updates will contain more comprehensive security analysis and monitoring for both Internet Scanner and RealSecure around wireless LAN access points and many misconfiguration issues. Wireless Security Education Scheduled to debut during Networld(tm) + Interop in Las Vegas on May 7, Internet Security Systems has recently added a wireless security seminar to its wide array of SecureU education programs. This seminar will help organizations better understand the nuances of WLAN security and valid defensive techniques that can be used to protect WLANs against these security risks. For more information, http://www.iss.net/secureu/n+i/ *********************************************************************** Christopher W. Klaus Founder and CTO Internet Security Systems (ISS) 6303 Barfield Road Atlanta, GA 30328 Phone: 404-236-4051 Fax: 404-236-2637 web http://www.iss.net NASDAQ: ISSX Internet Security Systems ~ The Power To Protect
