Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Slides:

Advertisements

Similar presentations

Wireless LAN Security Understanding and Preventing Network Attacks.

Advertisements

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.

Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

Wireless Security. Objective: Understand the benefits of a wireless network Understand security risks Examples of vulnerabilities Methods to protect your.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Wireless Network Security

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.

Hosted by IDS for WLANs The Mansfield Group, LLC Security for Enterprise Networks Wireless LAN Security Workshop Wash DC Honolulu.

WIRELESS INTRUSION DETECTION SYTEMS Namratha Vemuri Balasubramanian Kandaswamy.

– Chapter 5 – Secure LAN Switching

Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.

Enhancing the Security of Corporate Wi-Fi Networks using DAIR PRESENTED BY SRAVANI KAMBAM 1.

Wireless Network Security Dr. John P. Abraham Professor UTPA.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

Presented by: Dr. Munam Ali Shah

Doc.: IEEE ai Submission Paul Lambert, Marvell Security Review and Recommendations for IEEE802.11ai Fast Initial Link Setup Author:

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

Chapter 4 Application Level Security in Cellular Networks.

Wi-Fi Technology. Agenda Introduction Introduction History History Wi-Fi Technologies Wi-Fi Technologies Wi-Fi Network Elements Wi-Fi Network Elements.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

20 November 2015 RE Meyers, Ms.Ed., CCAI CCNA Discovery Curriculum Review Networking for Home and Small Businesses Chapter 7: Wireless Technologies.

Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.

Wireless Intrusion Prevention System

The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

Lecture 24 Wireless Network Security

Lesson 10: Configuring Network Settings MOAC : Configuring Windows 8.1.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 24 “Wireless Network Security”.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

Role Of Network IDS in Network Perimeter Defense.

1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.

By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.

Network System Security - Task 2. Russell Johnston.

SOHO Security Recommendations. Change default user/password Of the AP/router Typical  admin – admin  root – root  root – 1234  Admin - There are web.

WIRELESS INTRUSION DETECTION SYTEMS

Instructor Materials Chapter 5: Network Security and Monitoring

Wireless Network Security

Chapter 5: Network Security and Monitoring

Wireless Security.

Wireless LAN Security 4.3 Wireless LAN Security.

September 2011 April 2009 doc.: IEEE /xxxxr0

WLAN Security Antti Miettinen.

Antti Miettinen (modified by JJ)

Network hardening Chapter 14.

Security Issues with Wireless Protocols

What’s New In WatchGuard Wi-Fi Cloud v8.6

Presentation transcript:

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy 802.11 Security Basics Legacy 802.11 security Robust Security Segmentation Infrastructure Security VPN wireless Security

Exam Essentials Understand the risk of the rogue access point. Be able to explain why the rogue AP provides a portal into network resources. Understand that employees are often the source of rogue APs. Define peer-to-peer attacks. Understand that peer-to-peer attacks can happen via an access point or through an ad hoc network. Explain how to defend against this type of attack. Know the risks of eavesdropping. Explain the difference between casual and malicious eavesdropping. Explain why encryption is needed for protection. Define authentication and hijacking attacks. Explain the risks behind these types of attacks. Understand that a strong 802.1X/EAP solution is needed to mitigate them.

Exam Essentials Explain wireless denial-of-service attacks. Know the difference between layer 1 and layer 2 DoS attacks. Explain why these attacks cannot be mitigated and can only be monitored. Understand the types of wireless intrusion solutions. Explain the difference between a WIDS and a WIPS. Understand that most solutions are distributed client/server models. Know the various components of an intrusion monitoring solution as well as the various models. Understand which attacks can be monitored and which can be prevented. Understand the need for a wireless security policy. Explain the difference between general and functional policies.

Wireless Attacks Portal to the wired network must be protected Limit unauthorized access Limit access to management consoles Don’t want someone changing settings or passwords Peer to peer Watch out for unsecured netwroks Pg 470

Rogue Wireless Devices Non-Authorized on the network Not controlled by admin Set up by hacker To get access or passwords Set up by user Ease of use Open an unsecured portal to wired network 802.1x can also help here Pg 471

Peer to Peer Client attacking client on a WiFi network Ad-hoc or infrastructure On infrastructure network, you can disable client to client communications Public Secure Packet Forwarding Beware of push to talk Pg 472

Eavesdropping Easy to do Casual Malicious Wardriving Looking for wireless networks Netstumbler Malicious Protocol analyzers and collection of data Passive, cannot be detected by WIDS/WIPS Use encryption to protect network Pg 472

Cracking!! WEP has been cracked TKIP/CCMP are still secure Authentication Attacks Some systems are less secure than others Dictionary attacks PSK is weak as well Will let hackers onto AP Longer passphrases help Pg 475

MAC Spoofing MAC Filtering is weak security Better than nothing Pg 477

Management Interface Don’t let hackers configure your devices Disable unused interfaces SNMP, Telnet, HTTP, Use more secure interface SSH, HTTPS General policy is that management should be done from wired interface Pg 478

Wireless Hijacking Attacker configures AP to mimic enterprise AP Same SSID Attacker can then capture traffic Can then either set up for man in the middle Send “real” traffic on and capture details Bridging the fake AP to real AP Also can use WiFi phishing Setting up a false captive portal Pg 479

Denial Of Service Prevent legitimate users from getting access Hard to prevent Need to remove device generating noise/traffic Layer 1 jamming Layer 2 Deauthentication or deassociation packets Flooding the AP with requests Spectrum Analyzer can help with layer 1 Protocol Analyzer will help with Layer 2 Pg 479

Other Attacks Vendor Specific Social Engineering Buffer overflow that attacks OS Social Engineering Tricking someone into giving away information PSK!!! Pg 481

Intrusion Monitoring Wireless Intrusion Detection Systems (WIDs) Wireless Intrusion Prevention Systems (WIPS) Can mitigate or respond Pg 481

WIDS Wired ports must be controlled WIDS often go up before network Prevent rogue APs WIDS often go up before network Check for rogue APs and usage WIDS server Management Console Sensors Pg 482

WIDS Sensors Dedicated AP like devices that listen and report back to the management console/server Can also be APs set into sensor mode Or APs that scan as well as process traffic Pg 482

WIDS Sensors Pg 482

WIDS Best at watching for layer 2 attacks Can set alarms for “risky” traffic Set thresholds Different alert types Overlay Integrated Integration enabled Pg 482

WIPS Infrastructure device Unknown device Known device This classification refers to any client station or access point that is an authorized member of the company’s wireless network. A network administrator can manually label each radio as an infrastructure device after detection from the WIPS or can import a list of all the company’s radio card MAC addresses into the system. Unknown device The unknown device classification is assigned automatically to any new 802.11 radios that have been detected but not classified as rogues. Unknown devices are considered interfering devices and are usually investigated further to determine whether they are a neighbor’s devices or a potential future threat. Known device This classification refers to any client station or access point that is detected by the WIPS and whose identity is known. A known device is initially considered an interfering device. The known device label is typically manually assigned by an administrator to radio devices of neighboring businesses that are not considered a threat. Pg 485

WIPS Rogue device The rogue classification refers to any client station or access point that is considered an interfering device and a potential threat. Most WIPS define rogue access points as devices that are actually plugged into the network backbone and are not known or managed by the organization. Most of the WIPS vendors use a variety of proprietary methods of determining whether a rogue access point is actually plugged into the wired infrastructure. If a client is classified as a rogue, the WIPs can mitigate attack Deauthenticate, deassociate Spoof MAC of Rogue Pg 485

WIPS Rogue device The rogue classification refers to any client station or access point that is considered an interfering device and a potential threat. Most WIPS define rogue access points as devices that are actually plugged into the network backbone and are not known or managed by the organization. Most of the WIPS vendors use a variety of proprietary methods of determining whether a rogue access point is actually plugged into the wired infrastructure. If a client is classified as a rogue, the WIPs can mitigate attack Deauthenticate, deassociate Spoof MAC of Rogue Use SNMP to disable the wired port it is connected to Pg 485

Mobile WIDS Laptop Version of the products Mobile capabilities Radio Card is sensor Use to physically track down a Rogue AP Some layer 1 functionality built in Pg 485

Spectrum Analyzer Use for security as well as surveys Many can look at the RF signature and tell you what kind of device it is Mobile and distributed Like WIDs Pg 487

Wireless Security Policy How and what are you monitoring How often should PSKs change Pg 487

Wireless Security Policy General Security Policy Functional Security Policy Legislative Compliance Pg 487

Policy Recommendations General Security Policy Functional Security Policy Legislative Compliance Pg 490

Exam Essentials Understand the risk of the rogue access point. Be able to explain why the rogue AP provides a portal into network resources. Understand that employees are often the source of rogue APs. Define peer-to-peer attacks. Understand that peer-to-peer attacks can happen via an access point or through an ad hoc network. Explain how to defend against this type of attack. Know the risks of eavesdropping. Explain the difference between casual and malicious eavesdropping. Explain why encryption is needed for protection. Define authentication and hijacking attacks. Explain the risks behind these types of attacks. Understand that a strong 802.1X/EAP solution is needed to mitigate them.

Exam Essentials Explain wireless denial-of-service attacks. Know the difference between layer 1 and layer 2 DoS attacks. Explain why these attacks cannot be mitigated and can only be monitored. Understand the types of wireless intrusion solutions. Explain the difference between a WIDS and a WIPS. Understand that most solutions are distributed client/server models. Know the various components of an intrusion monitoring solution as well as the various models. Understand which attacks can be monitored and which can be prevented. Understand the need for a wireless security policy. Explain the difference between general and functional policies.