Identify malicious users

Organized crime (financial motivation)
These malicious users are capable, motivated, well organized, and well funded. They are intent on operations such as cloning cell phones or other wireless devices and stealing money, goods, and services. Organized crime is the most capable category of attackers. Their ability stems from having the resources available to obtain the necessary hardware, software, and knowledge to mount sophisticated attacks quickly if the potential financial benefits justify the effort.

Hackers (nonfinancial motivation)
These malicious users are also capable, motivated, and well organized and may be well funded. Although hacker interest in wireless systems may initially be sparked by the financial or proprietary information the system protects, their attacks are generally focused on achieving notoriety. Attacks that can be expected of hackers include small-scale and wide-scale disruption of operations and the collection and release of sensitive information.

Malicious programmers (financial or brand damage)
These malicious users vary in their technical ability and are usually highly motivated by personal greed, grievance, or grudge. They are usually not well organized but may possess significant knowledge of the wireless system and access to internal processes. Malicious programmers can originate from various sources: a disgruntled employee at a wireless manufacturer; an application programming contractor; operations and support personnel; a knowledgeable programmer who feels wronged by someone associated with the manufacture, distribution, or management of a wireless system or device; a programmer who feels wronged by an individual or a company using wireless systems or devices.

Also in this group we consider attackers with nonmalicious intent whose actions can incur security issues, either inadvertently or because of an interest in improving the system's security. The information and vulnerabilities generated by nonmalicious attackers are capitalized on by malicious attackers if not immediately addressed by the affected wireless component or system.

Academics and security researchers
These attackers are capable, motivated, well organized, and often well funded. Academics and security researchers can analyze the security of a wireless component or system from an intellectual standpoint to determine how the system is designed or whether and how potential vulnerabilities have been addressed. They look at both the theoretical and practical implementation of the system, focusing primarily on issues in their area of expertise for the purposes of advancing the field, or their standing in the field. Although this group does not have malicious intent, malicious attackers can use their findings before mitigation or corrections are in place. This group is more likely to inform the vendor when a vulnerability is detected, before publishing their results, although this is not guaranteed.

Inexperienced programmers and designers
Although they do not fit most standard definitions of a malicious user, inexperienced programmers and designers can inadvertently create security issues and are considered malicious for this analysis. These inexperienced personnel are motivated to perform a specific task to support a wireless system, but they do not possess the skill or experience necessary to execute the task properly. The mistakes and oversights made by these personnel affect the operation of wireless components and can adversely affect the security of the wireless system. Other attackers exploit the vulnerabilities generated by inexperienced personnel.

To read the article from which this tip is excerpted, click over to InformIT. You have to register there, but the registration is free.

Rate this Tip To rate tips, you must be a member of SearchNetworking.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Wireless Networks How to plan for 802.11n wireless LAN upgrades Deploying 802.11n access points: Best practices Rogue access points: Preventing, detecting and handling best practices Persistent, secure connections for roaming WiMAX, 3G and 802.11x Securing embedded 802.11n devices 802.11n's impact on WLAN security Set up secure wireless networks with 802.11x, access points and bridges How to use Netsh WLAN to configure Windows Server 2008 and Windows Vista wireless connections from the CLI How to avoid the WPA wireless security standard attack IEEE 802.11w protects wireless LAN management frames Wireless LAN Security 10 Common questions (and answers) on WLAN security Why distributed wireless IDS is needed Wireless handhelds need defense-in-depth Wi-Fi Security - Chapter 4 Securing wireless, part 2: WLAN best practices Securing wireless, part 1: No boundaries WLAN security checklist War driving: Who's browsing your wireless network? Ten steps to low-cost wireless LAN security Bolstering wireless LAN security Wireless LAN Implementation University tackles large-scale 802.11n wireless network management Why is my network adapter not working after a Vista Business upgrade? How many wireless base stations can connect to 802.11g access points? 802.11n wireless APs bring IP video to sprawling Illinois high school No data cable? Wireless mesh networking the answer for Wi-Fi backhaul Integrated wireless and wired LAN: Brocade-Motorola deal ups the ante 802.11n WLAN architecture strategies: The 2.4 vs. 5 GHz band debate 802.11n upgrade: College ditches legacy network for new vendor 802.11n ratification will drive down wireless LAN prices How does Wi-Fi ad-hoc mode react when 802.11n and legacy peers are present? RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary 802.11a  (SearchNetworking.com) Asynchronous Pulsed Radiated Incident Light  (SearchNetworking.com) beamforming  (SearchNetworking.com) cognitive radio  (SearchNetworking.com) direct sequence spread spectrum  (SearchNetworking.com) frequency-hopping spread spectrum  (SearchNetworking.com) patch antenna  (SearchNetworking.com) phase-locked loop  (SearchNetworking.com) radio frequency  (SearchNetworking.com) wireless mesh network  (SearchNetworking.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.