IBM Research Demonstrates Industry's First Auditing Tool For Wireless Network Security

[aleph1 () securityfocus com]

The IBM page is at http://www.research.ibm.com/gsal/wsa/

http://biz.yahoo.com/bw/010712/2135.html

IBM Research Demonstrates Industry's First Auditing Tool For Wireless
Network Security
Linux-based tool helps security experts protect wireless networks from
hackers
HAWTHORNE, N.Y.--(BUSINESS WIRE)--July 12, 2001-- IBM Research has
demonstrated the industry's first automated auditing tool that can
monitor 802.11 wireless networks and collect security-related
information, allowing system administrators to take proper actions to
improve network security. The Wireless Security Auditor, a prototype
application running on Linux, enables network administrators to find
vulnerable access points by monitoring and analyzing them in real time,
and ensuring they are either corrected or removed so they no longer pose
a security threat to the company network. 

The security auditor runs on a small wireless PDA. This small form
factor will give security consultants the mobility needed to assess
companies' wireless network security. For ease of use, the audit
information is presented on a color coded user interface, with properly
configured access points shown in green, and vulnerable ones shown in
red. Detailed information is also available for all access points,
including station and network name, address, location, and security
state. 

``Today's wireless networks are facing big security challenges,'' says
Dave Safford, manager of Network Security at IBM Research. ``As 802.11
wireless networks become more common, companies' intranets are
increasingly being exposed to drive-by hacking. Our Wireless Security
Auditor will be an essential tool for security experts to maintain
wireless network security.'' 

Existing security for 802.11 wireless consists of two subsystems: a data
encryption technique called Wired Equivalent Privacy (WEP) and an
authentication algorithm called Shared Key Authentication. WEP and
Shared Key are optional, and wireless access points are typically
shipped with both turned off. Wireless network security needs to be
checked very frequently as employees often add new wireless devices,
which may become easy access points for hackers. This tool will allow
security consultants to find what access points exist and examine their
configuration so that they can take proper steps to keep the wireless
network secure. 

IBM Research, with almost 3,000 researchers worldwide, operates
facilities in eight locations around the globe, including Yorktown
Heights, N.Y., San Jose, Calif., Ruschlikon, Switzerland, Yamato, Japan,
Haifa, Israel, Beijing, China, Austin, Texas and Delhi, India. Major
areas of research include computer systems, computer applications and
solutions, systems technology, physical sciences, mathematical sciences,
storage and communications. More details about the technological
achievements of IBM Research scientists can be found at:
www.ibm.com/research. 


------------------------------------------------------------------------
--------
Contact: 

     IBM Corporation
     Takako Yamakura, 914/945-2334
     yamakura () us ibm com

----- End forwarded message -----

-- 
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/