Locking down Linux.conf.au

Powered by SC Magazine
 

Conference organisers zero in on rogue wireless access points.

Give five hundred very technically proficient Linux enthusiasts unfettered access to the same Wi-Fi network and you might be asking for trouble.

Nearly every year, network administrators at Linux.conf.au, Australia’s premiere open source conference, have to deal with some sort of shenanigans on the network.

Chief among the concerns for conference network admin Steve Walsh has been the appearance of mysterious rogue wireless access points with the same or similar names to the official network.

Usually it’s an accident, Walsh explained. "People set up their Android phone as a hotspot, get lazy and use the same network name. But that's really obvious because the connection is so slow."

But things aren't always that innocent, as the enthusiast crowd have the skills - and often the anti-authority motivation - to attack the wireless network.

"We had someone in 2009 with a unit that did a Denial of Service attack, stopping anyone else from using the network while they got to use all the bandwidth,” Walsh told iTnews at this year’s event.

“And in 2005 there was someone in [conference founder] Rusty Russell's talk that rebroadcast the network, intercepting everyone's traffic."

Those Man-in-the-Middle attacks are serious, potentially leading to data or identity theft. Secure websites and services will display an error when this happens, but many users ignore the warnings.

Fortunately, most Linux.conf.au attendees are highly security-conscious.

"Rusty just saw the warning and immediately powered off his laptop,” Walsh said.

It's not easy to prevent wireless attacks.

Once a perpetrator knows that conference organisers are on their tail, they simply close their laptop or turn off their device, and become effectively undetectable. It's a cat and mouse game where the mouse can turn invisible on demand.

But for the past few events, the admins have had a secret weapon: some advanced Linux-based wireless arrays contributed by the conference’s in-kind sponsor Xirrus.

These arrays come armed with an “intrusion prevention and detection system", says Matt Sutherland, Wi-Fi Engineer at Xirrus, such that if there is "any anomaly on the network, we can spot it and attack it".

That is to say, rather than waiting around for attacks to happen, the conference's access points actively search for unauthorised networks and pre-emptively strike before they can do any damage.

They can also passively locate attackers, and even intercept their communication, without it being obvious that anything different is happening.

More importantly, because it's a wireless array rather than a single unit, these monitoring and security activities can occur independently of providing a continuous wireless connection to all conference-goers.

Last week's conference saw the return of a mysterious rogue access point, but Walsh wasn’t too worried.

"There's always someone,” he said. “We give them three hours, and if they haven't come forward by then we just start tweeting their location and it tends to go away by itself."

Copyright © iTnews.com.au . All rights reserved.


Locking down Linux.conf.au
 
 
 
Top Stories
Matching databases to Linux distros
Reviewed: OS-repository DBMSs, MariaDB vs MySQL.
 
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  71%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 743

Vote