You are here: IT-Observer » Articles » Mobile and Wireless RSS | White Papers |   

New Wireless “Zero-Day” Attack Discovered





The security threat of wireless networks to the enterprise keeps growing, this time with the discovery of a new wireless attack. Dubbed “phlooding”, this new exploit targets businesses central authentication server with the goal of overloading it and cause a denial-of-service attack.

The “phlooding” attack, discovered by AirMagnet, describes a group of simultaneous but geographically distributed attacks that targets wireless access points with login requests using multiple password combination in what are known as dictionary attacks.

The multiple requests create a flood of authentication requests to the company’s authentication server, which could slow down logins and potentially interfere with broader network operations, since many different users and applications often validate themselves against the same identity management system.

Phlooding could effectively block broadband VPN or firewall connections that use a common authentication server to verify an incoming user's identity, making it temporarily impossible for employees to access their corporate network.

"As our counterparts in wired security have discovered, it is no longer acceptable to wait for a vulnerability to be published, or worse, exploited, before taking action to protect against it," said Dean Au, AirMagnet president and CEO. "By identifying new wireless attacks and providing pre-emptive protection against them, we're able to guarantee that the integrity of our users' networks isn't compromised."

Businesses with multiple office locations served by a single identity management server could be particularly vulnerable to phlooding attacks.



Prevent data theft & viruses through network connected USB sticks, PDAs & media players. Control user access to endpoint connections with GFI EndPointSecurity - Free trial!

Visit GFI Security Software page for more information.

 

FREE IP PBX: 3CX VOIP Phone System for Windows. No timeouts or limitations

 

Latest News

Essential Bluetooth hacking tools
25.05.07  Bluetooth provides an easy way for a wide range of mobile devices to communicate with each other without the need for cables or wires.

DEP for IE7 in Vista
22.05.07  Security tips blog, security-hacks, has posted details on how to enable DEP for Internet Explorer 7 in Vista.

SMB over SSH: Secure File Sharing
18.05.07  Security tips blog, security-hacks, has published an simple guide to share files securely in heterogeneous networks.

Avoid data leaks by clearing the page file
14.05.07  Security-Hacks publishes a useful tip to avoid potential data leaks when you run out of memory.

How to set Master Password in Firefox
11.05.07  Nowadays many web sites require you to type a user name and password before you can enter the site.

How to test your firewall?
10.05.07  Security tips blog, Security-Hacks, has published a compilation of tools to test your firewall: "We’ve compiled a list of tools we believe will be of value to both home users and advance users.

eEye released integer overflow auditing tool
16.02.07  Vulnerability research company eEye Security has released a free security vulnerability auditing tool that helps spotting possible integer overflow vulnerabilities.

Copyright © IT-Observer Online Publication 2000 - 2007 Top | RSS Feeds | About Us   
Site Meter