Archive

Archive for the ‘Network Security’ Category

Agile Security

October 2nd, 2011 Comments off
How should we practice information security risk management? Numerous methods, models and approaches abound, one of the foremost of which is the information security governance approach. This approach in essence says that to have a successful information security risk management effort, an information security manager must plan, strategize, organize, and establish and maintain relationships not only with executive-level management, but also with other closely-related functions such as audit and physical security as well as with key stakeholders.

Read more…

Categories: Network Security Tags:

Smart Objects: The Next Pandora’s Box?

September 28th, 2011 Comments off
The world of technology is changing so fast that keeping up with it is a nearly impossible task. The same applies to the information security arena, where new technology and new ways to attack technology are being developed at an astounding rate. It is easy to overlook emerging technology developments, many of which promise to introduce numerous new vulnerabilities that ultimately lead to new risks. One such development is smart object technology.

Read more…

Categories: Network Security Tags:

The 2011 National Defense Authorization Act: Another Setback for Cybersecurity

September 24th, 2011 Comments off
The U.S. House of Representatives recently passed H.R. 6523, the latest version of the 2011 National Defense Authorization Act, which will next go to the Senate. This act, which is passed every fiscal year, defines the Department of Defense’s budget and spending level. The previous version of this bill contained several cybersecurity-related provisions such as establishing a White House Office of Cyberspace with a cyberspace director who would require Senate confirmation, requiring government agencies to perform continuous monitoring within their IT environments, and requiring software acquisition processes that would help assure that purchased software is secure. These provisions (as well as one that would remove the “no ask, no tell” policy concerning gays in the military) were deleted from the final version of the bill that the House passed because opponents of the bill argued that these riders were irrelevant to the national defense.

Read more…

Categories: Network Security Tags:

The Wikileaks Fiasco

September 20th, 2011 Comments off
To be completely candid, I have been frustrated concerning my inability to write about the Wikileaks drama until now. I felt very strongly that once I had started the series on Bluetooth security, I should finish it before moving on to something else. Besides, Bluetooth security issues are really quite interesting. At the same time, however, there is a conflagration that is still burning, and this conflagration centers around Julian Assange and Wikileaks.

Read more…

Categories: Network Security Tags:

Bluetooth Security: Part 4

September 16th, 2011 Comments off
In my last blog entry I started to cover the kinds of tools that are available in attacking Bluetooth devices. I discussed Bluescanner and Bluesnarf and said that these are only two of the surprising large number of such tools. Now I’ll cover the remaining Bluetooth attack tools of which I am aware:

  • A.I.O. Bluetooth Hacking Tools. These tools are downright scary. They allow someone to read Bluetooth messages and contacts on another phone, change another phone’s profile and/or ring volume, make someone’s phone restart, switch off or ring (even if the phone is in silent mode), play songs on another phone (imagine the shock value of this!), and more.
  • Btcrack. Btcrack allows an attacker to make phone calls on another phone with any charges billed to the owner of the other phone. This tool also cracks Bluetooth PINs and attempts to reconstruct the pass key and the link key, both of which are captured during the pairing process that was discussed in part one of this series.
  • BlueSniff. This one finds discoverable and hidden Bluetooth devices. One of the major advantages of this tool is that it has a very intuitive graphical user interface (GUI).
  • Btcrack. As its name implies, Btcrack cracks Bluetooth PINs. It also tries to reconstruct the pass and the link keys during the pairing process.
  • BlueSniff. Blue Sniff, like other, similar tools finds discoverable and hidden Bluetooth-enabled devices. It also features a very easy-to-use GUI.
  • BlueBug. This tool tries to gain unauthorized access to phone-books, call lists and other private information in remote Bluetooth devices within the discovery zone.
  • Bluediving. This one is highly useful because it consists of a Bluetooth penetration testing suite, thus making obtaining and running each tool contained within unnecessary. ¬†Instead, it provides a menu that allows users to run each tool and function whenever they want. It contains Bluebug, BlueSnarf, BlueSnarf++, and BlueSmack. It also provides additional functions such as address spoofing, packet forging, connection resetting, and many others. If I were allowed to have only one Bluetooth attack tool, there is no doubt in my mind that I would choose this one.
In short, attacking Bluetooth devices has become rather easy because of a variety of tools designed specifically for this purpose. The widespread availability of these tools and the fact that most of them are free raises the risk level in Bluetooth environments considerably. Information security professionals need not only to know how these tools work, but they also need to use them in their vulnerability assessment programs. Auditors also need to learn about these tools, which can also be very useful when audits are being conducted.

–Gene Schultz, Ph.D., CISSP, CISM, GSLC
- – - – - – - – - – - – - – - – -
Dr. Eugene Schultz is the CTO at Emagined Security, an information security consulting practice based in San Carlos, California. ¬†He is the author/co-author of five books, and has also written over 120 published papers. Gene has been the editor-in-chief of two journals and is currently on the editorial board of three journals. He is also a SANS instructor, member of the SANS NewsBites editorial board, co-author of the 2005 and 2006 CISM preparation materials, and is on the technical advisory board of three companies. Gene has previously managed an information security practice as well as a national incident response team. He has also been professor of computer science at several universities and is retired from the University of California. He has received the NASA Technical Excellence Award, the Department of Energy Excellence Award, the ISACA John Kuyers Best Speaker/Best Conference Contributor Award, the Vanguard Conference Top Gun Award (for best presenter) twice, the Vanguard Chairman’s Award, and the National Information Systems Security Conference Best Paper Award. A Distinguished Fellow of the Information Systems Security Association (ISSA), Gene has also been named to the ISSA Hall of Fame and has received ISSA’s Professional Achievement and Honor Roll Awards. He is currently a member of the accreditation board of the Institute of Information Security Professionals (IISP). Dr. Schultz has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases.
Categories: Network Security Tags:

Bluetooth Security: Part 3

September 12th, 2011 Comments off
There are more attack methods against Bluetooth devices than one might suspect. In earlier blog entries in this series I discussed attacks such as discovery and cryptanalytic attacks. One of the potential Achilles heels of Bluetooth security is PINs used in authentication. PINs are generally between four and 16 characters long. Shorter PINs can easily be guessed or brute forced if conventional bad login limit lockouts are not built into the devices, and the fact that they are only a maximum of four characters long in some Bluetooth implementations makes these devices unusually vulnerable. Furthermore, in some of these devices PINs are fixed and thus unchangeable by their users. PIN guessing can thus enable perpetrators to impersonate the identity of Bluetooth devices, enabling perpetrators to make long distance calls billed to the account of legitimate users as well as to gain unauthorized access to call lists, phone books, photos, and other information. PIN spoofing can also be used for similar purposes. And if a Bluetooth device falls into the hands of an attacker, the attacker can gain access to the same types of information, often by gleaning PINs from memory and/or the device’s hard drive.

Read more…

Categories: Network Security Tags:

Bluetooth Security: Part 2

September 8th, 2011 Comments off
As discussed in my previous posting concerning Bluetooth security, Bluetooth devices normally have numerous built-in security mechanisms. But are these mechanisms sufficiently secure to repel most Bluetooth-specific attacks? The answer is that Bluetooth can defend against some attacks well, but does not fare very well when other types of attacks are launched against it.

Read more…

Categories: Network Security Tags:

Bluetooth Security: Part 1

September 4th, 2011 Comments off
In this blog, you’ll see a six-part series on mobile computing security that I wrote some time ago. Afterwards I wrote another series on forensics with mobile computing devices. These blog entries have focused on security issues in major types of smartphones, but the mobile computing arena is not limited to smartphones. Security-related concerns in many other areas also seem to keep emerging. So this time around let’s take a look at Bluetooth security.

Read more…

Categories: Network Security Tags: