Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Published byLoraine Perkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy"— Presentation transcript:

1 Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN wireless Security

2 Exam Essentials Understand the risk of the rogue access point.
Be able to explain why the rogue AP provides a portal into network resources. Understand that employees are often the source of rogue APs. Define peer-to-peer attacks. Understand that peer-to-peer attacks can happen via an access point or through an ad hoc network. Explain how to defend against this type of attack. Know the risks of eavesdropping. Explain the difference between casual and malicious eavesdropping. Explain why encryption is needed for protection. Define authentication and hijacking attacks. Explain the risks behind these types of attacks. Understand that a strong 802.1X/EAP solution is needed to mitigate them.

3 Exam Essentials Explain wireless denial-of-service attacks.
Know the difference between layer 1 and layer 2 DoS attacks. Explain why these attacks cannot be mitigated and can only be monitored. Understand the types of wireless intrusion solutions. Explain the difference between a WIDS and a WIPS. Understand that most solutions are distributed client/server models. Know the various components of an intrusion monitoring solution as well as the various models. Understand which attacks can be monitored and which can be prevented. Understand the need for a wireless security policy. Explain the difference between general and functional policies.

4 Wireless Attacks Portal to the wired network must be protected
Limit unauthorized access Limit access to management consoles Don’t want someone changing settings or passwords Peer to peer Watch out for unsecured netwroks Pg 470

5 Rogue Wireless Devices
Non-Authorized on the network Not controlled by admin Set up by hacker To get access or passwords Set up by user Ease of use Open an unsecured portal to wired network 802.1x can also help here Pg 471

6 Peer to Peer Client attacking client on a WiFi network
Ad-hoc or infrastructure On infrastructure network, you can disable client to client communications Public Secure Packet Forwarding Beware of push to talk Pg 472

7 Eavesdropping Easy to do Casual Malicious Wardriving
Looking for wireless networks Netstumbler Malicious Protocol analyzers and collection of data Passive, cannot be detected by WIDS/WIPS Use encryption to protect network Pg 472

8 Cracking!! WEP has been cracked TKIP/CCMP are still secure
Authentication Attacks Some systems are less secure than others Dictionary attacks PSK is weak as well Will let hackers onto AP Longer passphrases help Pg 475

9 MAC Spoofing MAC Filtering is weak security Better than nothing Pg 477

10 Management Interface Don’t let hackers configure your devices
Disable unused interfaces SNMP, Telnet, HTTP, Use more secure interface SSH, HTTPS General policy is that management should be done from wired interface Pg 478

11 Wireless Hijacking Attacker configures AP to mimic enterprise AP
Same SSID Attacker can then capture traffic Can then either set up for man in the middle Send “real” traffic on and capture details Bridging the fake AP to real AP Also can use WiFi phishing Setting up a false captive portal Pg 479

12 Denial Of Service Prevent legitimate users from getting access
Hard to prevent Need to remove device generating noise/traffic Layer 1 jamming Layer 2 Deauthentication or deassociation packets Flooding the AP with requests Spectrum Analyzer can help with layer 1 Protocol Analyzer will help with Layer 2 Pg 479

13 Other Attacks Vendor Specific Social Engineering
Buffer overflow that attacks OS Social Engineering Tricking someone into giving away information PSK!!! Pg 481

14 Intrusion Monitoring Wireless Intrusion Detection Systems (WIDs)
Wireless Intrusion Prevention Systems (WIPS) Can mitigate or respond Pg 481

15 WIDS Wired ports must be controlled WIDS often go up before network
Prevent rogue APs WIDS often go up before network Check for rogue APs and usage WIDS server Management Console Sensors Pg 482

16 WIDS Sensors Dedicated AP like devices that listen and report back to the management console/server Can also be APs set into sensor mode Or APs that scan as well as process traffic Pg 482

17 WIDS Sensors Pg 482

18 WIDS Best at watching for layer 2 attacks
Can set alarms for “risky” traffic Set thresholds Different alert types Overlay Integrated Integration enabled Pg 482

19 WIPS Infrastructure device Unknown device Known device
This classification refers to any client station or access point that is an authorized member of the company’s wireless network. A network administrator can manually label each radio as an infrastructure device after detection from the WIPS or can import a list of all the company’s radio card MAC addresses into the system. Unknown device The unknown device classification is assigned automatically to any new radios that have been detected but not classified as rogues. Unknown devices are considered interfering devices and are usually investigated further to determine whether they are a neighbor’s devices or a potential future threat. Known device This classification refers to any client station or access point that is detected by the WIPS and whose identity is known. A known device is initially considered an interfering device. The known device label is typically manually assigned by an administrator to radio devices of neighboring businesses that are not considered a threat. Pg 485

20 WIPS Rogue device The rogue classification refers to any client station or access point that is considered an interfering device and a potential threat. Most WIPS define rogue access points as devices that are actually plugged into the network backbone and are not known or managed by the organization. Most of the WIPS vendors use a variety of proprietary methods of determining whether a rogue access point is actually plugged into the wired infrastructure. If a client is classified as a rogue, the WIPs can mitigate attack Deauthenticate, deassociate Spoof MAC of Rogue Pg 485

21 WIPS Rogue device The rogue classification refers to any client station or access point that is considered an interfering device and a potential threat. Most WIPS define rogue access points as devices that are actually plugged into the network backbone and are not known or managed by the organization. Most of the WIPS vendors use a variety of proprietary methods of determining whether a rogue access point is actually plugged into the wired infrastructure. If a client is classified as a rogue, the WIPs can mitigate attack Deauthenticate, deassociate Spoof MAC of Rogue Use SNMP to disable the wired port it is connected to Pg 485

22 Mobile WIDS Laptop Version of the products Mobile capabilities
Radio Card is sensor Use to physically track down a Rogue AP Some layer 1 functionality built in Pg 485

23 Spectrum Analyzer Use for security as well as surveys
Many can look at the RF signature and tell you what kind of device it is Mobile and distributed Like WIDs Pg 487

24 Wireless Security Policy
How and what are you monitoring How often should PSKs change Pg 487

25 Wireless Security Policy
General Security Policy Functional Security Policy Legislative Compliance Pg 487

26 Policy Recommendations
General Security Policy Functional Security Policy Legislative Compliance Pg 490

27 Exam Essentials Understand the risk of the rogue access point.
Be able to explain why the rogue AP provides a portal into network resources. Understand that employees are often the source of rogue APs. Define peer-to-peer attacks. Understand that peer-to-peer attacks can happen via an access point or through an ad hoc network. Explain how to defend against this type of attack. Know the risks of eavesdropping. Explain the difference between casual and malicious eavesdropping. Explain why encryption is needed for protection. Define authentication and hijacking attacks. Explain the risks behind these types of attacks. Understand that a strong 802.1X/EAP solution is needed to mitigate them.

28 Exam Essentials Explain wireless denial-of-service attacks.
Know the difference between layer 1 and layer 2 DoS attacks. Explain why these attacks cannot be mitigated and can only be monitored. Understand the types of wireless intrusion solutions. Explain the difference between a WIDS and a WIPS. Understand that most solutions are distributed client/server models. Know the various components of an intrusion monitoring solution as well as the various models. Understand which attacks can be monitored and which can be prevented. Understand the need for a wireless security policy. Explain the difference between general and functional policies.

Download ppt "Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy"

Similar presentations

Wireless LAN Security Understanding and Preventing Network Attacks.

Wireless LAN Security Understanding and Preventing Network Attacks.
SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.

Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.

Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.

Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Wireless Security. Objective: Understand the benefits of a wireless network Understand security risks Examples of vulnerabilities Methods to protect your.

Wireless Security. Objective: Understand the benefits of a wireless network Understand security risks Examples of vulnerabilities Methods to protect your.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Wireless Network Security

Wireless Network Security
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

Similar presentations

Ads by Google