The mark of a good system administrator is laziness. I mean this in the sense that laziness in the computing world fuels automation and thereby lower costs. In this quest for automation it is my belief that we have opened ourselves to a real danger in the air.
Most computers by default have running applications. Wether they be in the taskbar or a Linux daemon, our machines are set to take care of their users. The biggest offenders are communication based services. Programs that login to our Lotus Smarttime, Windows Messenger, or Jabber corporate servers transmit userid and password information upon recognizing network connections. Email programs set to auto-check for mail ping into the ether in search of new messages to delight the warm body clicking away on its keyboard.
This is where airborne comes into play. As I sit typing this at 35,000 feet I am reminded that this red eye flight is sparsely populated. On a flight with a few more laptops I would be given the opportunity to take over their laptops. Most laptops are programmed to auto-connect to the strongest wifi access point accessible. Even my Windows Mobile phone and iPhone perform this similar function.
Here is where someone with a not so perfect ethical background could create an attack. Linux and MacOS X offer the option to setup AD-HOC networks that can appear as infrastructure WAP. If these networks were given names like DELTA or Free WIFI, there is a good chance the user would allow the automatic question without thinking twice. That is of course if the user was even queried (remember our lazy system administrators.) What we are left with is a group of laptops assuming there connection to the internet is active and thereby sending login information hoping for responses. A user running a packet capture program could then deconstruct these packets and extract useful information. Even a machine that utilized encryption for authentication such as Kerboes would fall prey as it sent the FQDN of the server in your enterprise.
What is a security professional to do? Disable automatic wifi connections. Or better yet, add a list of approved wifi access points. The technology exists to lock down a corporate laptop while still allowing your road warriors the ability to connect in various hotel rooms around the world. Only allowing corporate assets to be accessed through concentrators such as VPN endpoints or firewalls would add a further layer of security. Use of application and desktop virutalization products such as VMware ACE or XenDesktop could ensure rigid security practices are in place before allowing access.
Laziness is a hallmark of good system administration. What we must remember in today’s highly connected, overly communicated world is that automation can breed great exploits. Lock down those wifi cards.