The newest installment for "Threat Thursday" involves the security of your wireless LAN and may apply not only to your business, but your home as well. I just finished reading a great post by George Ou at ZDNet's blog regarding the disastrous security breach at TJ Maxx (TJX) that was disclosed last January where hackers obtained at least 45.7 million credit/debit-card numbers over an eighteen-month period and that number could possibly be as high as 200 million.
This breach may cost TJX over $4 billion dollars at $100 per lost record, but some sources report a more accurate cost of $182 per lost record, or well over $8.6 billion dollars! It appears that the attackers gained access through a wireless regional hub for the company's store controllers that handle the point-of-sale system.
George Ou counted the following key factors in the breach:
- TJX ran a wireless LAN with the kind of weak security measures you seem to think were okay. It ran insufficient authentication and encryption on its wireless LAN.
- TJX failed in basic access control by allowing hackers to access its network via wireless.
- TJX failed in basic host hardening by allowing hackers to own its POS and transaction stations.
Many organizations provide wireless access points (WAPs or just APs) into their network for convenience of their employees, customers and other 3rd parties. In the case of TJX, it was a necessity for their POS systems. Many people have installed an AP in their home to accommodate the networking needs of their families or for their home office. Unfortunately, if you haven't taken the trouble to lock the AP down, you could be putting your personal data at risk and if you're accessing your company's network through a VPN connection while at home, you could wind up compromising corporate data.
Linksys has nice little checklist that while more applicable to a personal AP, I find to be a good primer for the type of wireless LAN security required for an organization. Making sure you've changed some of the default or factory settings is a good start and ensuring you're not using a weak form of Wired Equivalency Privacy (WEP) encryption or switching to Wi-Fi Protected Access (WPA) encryption is even better.
Comment Preview