Published on the 07/11/2012 | Written by Motorola Solutions
Over the last decade the land of traditional retail has been overrun by the internet and broadband revolution. Now, instead of resisting, savvy retailers are turning the invasion to their advantage…
Many of the recently publicised data breaches in the retail industry have been caused by the exploitation of wireless vulnerabilities. Although retailers have been using wireless technology to drive business efficiencies for over twenty years, it’s only recently that sophisticated thieves have recognised the potential of an unprotected network.
These kinds of wireless deployments offer malefactors the perfect entry point into the network from which they can access and steal valuable customer information. Many retailers continue to rely only on traditional security systems such as firewalls, VPNs, and/or network segmentation to secure their networks but these defenses are no longer enough. Wireless intrusion prevention technologies are needed to prevent wireless attacks that can include the following:
Rogue access points
A rogue access point (AP) is an unauthorised wireless device physically connected to the wired network. A rogue AP can be installed by a careless employee/contractor or a malicious attacker. It is important to realise that rogues can show up on any network segment. Even if POS devices are on a separate network segment, rogue APs can be connected to these networks.
A hacker can masquerade as an authorised wireless device and connect to an authorised AP. Once on the network, all the rogue AP scenarios previously discussed are applicable.
Non-compliant access points
Wireless APs are frequently misconfigured. According to Gartner, a majority of all wireless security incidents will happen as a result of misconfigured devices.
Misconfigurations happen for a variety of reasons including human error and bugs in AP management software.
Denial of service
Hackers can easily perform wireless denial of service (DoS) attacks preventing devices from operating properly and stopping critical business operations.