Modernizing Authentication — What It Takes to Transform Secure Access
LAS VEGAS. With over 6,000 attendees, the Black Hat Wi-Fi network is one of the most hostile networks on Earth. Attendees routinely test the network and attempt to exploit both the show as well as other attendees.
The job of provisioning and defending the Wi-Fi network at Black Hat falls to Aruba Networks. It's a job that Aruba has been doing at Black Hat both officially and un-officially for the last seven years. For this year at Black Hat, Aruba deployed more than 35 access points across multiple session rooms to deliver seamless connectivity.
Aruba engineer Robbie Gill explained to eSecurity Planet that approximately 15 of those access points are connected in a mesh topology. In a mesh, each access point can connect to another access point in order to provide backhaul connectivity. The others can be directly connected to the main controller.
Rogue access points is one of the challenges faced by Aruba. Clogging the available spectrum, these rogue access points often turn out to be mobile handsets with Wi-Fi sharing capability turned on.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Donald Meyer, senior manager of product marketing at Aruba, explained that his company has a technology called Adaptive Radio Management (ARM) that will automatically move across different channels in order to find one that is less congested. For end users, there is no disruption as the Aruba network continuously adjusts to conditions in the air.
Aside from rogue access points, Gill faces other type of challenges as well -- including denial of service and spoofed access points with Karma.
At this year's event, Aruba is only providing WPA-PSK security, as opposed to the more robust EAP/TLS (Extensible Authentication Protocol – Transport Layer Security). With EAP/TLS each user has their own key, whereas with PSK the key is known.
As such, WPA-PSK is not as secure as the EAP/TLS option that was available in 2011 at Black Hat. Gill noted that as long as users maintain proper security best practices -- not sending data over clear text and stick to HTTPS/SSL secured sites when submitting sensitive information -- there shouldn't be much risk.
Watch the full video: