Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.

Slides:



Advertisements
Similar presentations
Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.
Advertisements

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
1 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public. Ransome 1208 Dr. Jim Ransome, CISSP, CISM Senior Director, Secure Unified Wireless and Mobility.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Barracuda Web Application Firewall
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE Intercontinental Group 1.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
Wireless Security. Objective: Understand the benefits of a wireless network Understand security risks Examples of vulnerabilities Methods to protect your.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
Wireless Network Security
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
 2009 AirTight Networks. Financial Districts Wireless Vulnerability Study A study conducted by AirTight Networks, Inc.
Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Wireless Security Policy Gagan Jain Bommaiah Satish Shyam Sundar Vivekananda.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
000000_1 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.
Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Dartmouth’s Wireless Network May 16, 2005 David W. Bourque.
Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
Enhancing the Security of Corporate Wi-Fi Networks using DAIR PRESENTED BY SRAVANI KAMBAM 1.
Insert presenter logo here on slide master. See hidden slide 2 for directions Deepak Gupta AirTight Networks Wireless Vulnerabilities in the Wild: View.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.
Presented by: Dr. Munam Ali Shah
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Doc.: IEEE ai Submission Paul Lambert, Marvell Security Review and Recommendations for IEEE802.11ai Fast Initial Link Setup Author:
WLAN Security Issues, technologies, and alternative solutions Hosam M. Badreldin Western Illinois University December 2011 Hosam Badreldin – Fall 2011.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Wireless Network Security Presented by: Prabhakaran Theertharaman.
Data Communications and Networks Chapter 10 – Network Hardware and Software ICT-BVF8.1- Data Communications and Network Trainer: Dr. Abbes Sebihi.
Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.
Wireless Intrusion Prevention System
Lecture 24 Wireless Network Security
Chapter 6: Securing the Local Area Network
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Security in Wireless Networks 458 Security Offense Debate: Wireless Security by Cisco Group DoubleDeuce Jibran Ilyas Frank LaSota Paul Lowder Juan Mendez.
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
Copyright © 2008 Juniper Networks, Inc. 1 Juniper Networks Access Control Solutions Delivering Comprehensive and Manageable Network Access Control Solutions.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
IS3220 Information Technology Infrastructure Security
So how to identify exactly who and what is on your network at any point in time? Andrew Noonan, SE ForeScout February 2015.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.
IAUWS Implementing Advanced Cisco Unified Wireless Security (IAUWS) v CCNP Wireless It-Dumps.
Instructor Materials Chapter 6 Building a Home Network
HP ProCurve Alliance + Dr Carl Windsor CISSP Major Account Manager
Implementing Network Access Protection
Wireless Network Security
Wireless Network Security
Security of a Local Area Network
Wireless Security.
Wireless LAN Security 4.3 Wireless LAN Security.
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Check Point Connectra NGX R60
Wireless Network Security
The MobileIron® Threat Detection difference:
LM 5. Wireless Network Security
Presentation transcript:

Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security

Why wireless? Wifi, which is short for wireless fi … something, allows your computer to connect to the Internet using magic. -Motel 6 commercial 2

… but it comes at a price Wireless networks present security risks far above and beyond traditional wired networks Rogue access points Evil twins Packet-based DoS Spectrum DoS Eavesdropping Traffic cracking Compromised clients MAC spoofing Ad-hoc networks Man-in-the-middle Grizzly bears ARP poisoning DHCP spoofing War driving IP leakage Wired/wireless bridging 3

Cisco Wireless Network Solution The Cisco Wireless Solution Architecture integrates existing Cisco networks with a robust, secure suite of wireless products. Agenda: The Cisco Wireless Network Architecture Cisco Unified Wireless Network, CSA, Cisco NAC, firewalls, Cisco IPS, and CS-MARS Common wireless threats How Cisco Wireless Security protects against them 4

Today’s wireless network 5

Cisco Unified Wireless Network CUWN extends the Cisco network portfolio with wireless-specific solutions for Security Deployment Management Control issues 6

CUWN Architecture Centralized operation and management with Wireless LAN Controller (WLC) Simplified lightweight wireless access point operation (LWAP) Traffic tunneled from LWAP to WLC Consistent policy configuration and enforcement 7

CUWN Security Integrated and extended solutions Wireless intrusion prevention Rogue access point detection & mitigation Access control Traffic encryption User authentication RF interference & DoS protection Wireless vulnerability monitoring Infrastructure hardening 8

CSA – Cisco Security Agent Full featured agent-based endpoint protection Two components: Managed client - Cisco Security Agent Single point of configuration - Cisco Management Center 9

CSA - Purpose 10

CSA – Wireless Perspective 11

CSA – Combined Wireless Features General CSA features Zero-day virus protection Control of sensitive data Provide integrity checking before allowing full network access Policy management and activity reporting CSA Mobility features Able to block access to unauthorized or ad-hoc networks Can force VPN in unsecured environments Stop unauthorized wireless-to-wired network bridging 12

Cisco Network Admission Control (NAC) Determines the users, their machines, and their roles Grant access to network based on level of security compliance Interrogation and remediation of noncompliant devices Audits for security compliance 13

Cisco NAC Architecture 14

Cisco NAC Features Client identification Access via Active Directory, Clean Access Agent, or even web form Compliance auditing Non-compliant or vulnerable devices through network scans or Clean Access Agent Policy enforcement Quarantine access and provide notification to users of vulnerabilities Wireless integration Both in-band and out-of-band between VLAN and WLAN 15

Cisco Firewall Purpose Common first level of defense in the network & security infrastructure Compare corporate policies about user network access rights with the connection information surrounding each access attempt WLAN separation with firewall to limit access to sensitive data and protect from data loss Firewall segmentation is often required for regulatory compliance PCI SOX HIPAA GLBA 16

Cisco Firewall Features Integrated approach WLC with Firewall Services Modules Adaptive Security Appliance Layer 3 routed Mode Layer 2 bridged Mode Support for virtual contexts to expand FWSM/ASA capabilities and further segment traffic Multiple contexts are similar to having multiple standalone devices. Most features are supported in multiple context mode 17

Cisco IPS Designed to accurately identify, classify and stop malicious traffic Worms, spyware, adware, network viruses which is achieved through detailed traffic inspection Collaboration of IPS & WLC simplifies and automates threat detection & mitigation Institute a host block upon detection of malicious traffic WLC enforcement to the AP to curtail traffic at the source 18

CS-MARS Simplified, centralized management plane Native support for CUWN components SNMP based integration into WLC & WCS 19

Wireless Security Threats 20

Rogue Access Points Rogue Access Points refer to unauthorized access points setup in a corporate network Two varieties: Added for intentionally malicious behavior Added by an employee not following policy Either case needs to be prevented 21

Rogue Access Points - Protection Cisco Wireless Unified Network security can: Detect Rogue AP’s Determine if they are on the network Quarantine and report CS-MARS notification and reporting Locate rogue AP’s 22

Cisco Rogue AP Mapping 23

Evil Twins Evil Twins, also known as Hacker Access Points, are malicious AP’s setup to disguise as legitimate ones Users will likely not realize they are not connecting to the intended AP Once connected, they can fall victim to multiple exploits, such as man-in-the- middle attacks. 24

Evil Twins - Protection The Cisco Security Agent (CSA) can protect against Evil Twins. It can ensure it is connecting to a company- owned access point. If off-premise, it can force the user to use VPN. Additionally, rogue AP’s on campus can be detected. The network can even bring down the rogue AP using wireless de-auth packets (a loose form of DoS). 25

Wireless DoS Wireless networks are subject to two forms of DoS: Traditional (packet-based) RF-based (“Jamming”) Cisco uses Management Frame Protection to guard against certain packet- based attacks Cisco WIPS uses dynamic radio resource management to help guard against jamming attacks 26

Traffic Cracking But we’re secure…. MAC Authentication WEP WPA Close but not even on the network Cisco WCS Layer 1/2/3 protection Cisco MARS Detection 27

Cracking the protection 28

Compromised Clients Wifi ThreatSecurity ConcernCSA Feature Ad-hoc ConnectionsWide-open connections Unencrypted Unauthenticated Insecure Pre-defined ad-hoc policy Concurrent wired/wifi connection Contamenating secure wired environment Concurrent wired/wifi pre-defined policy Disable wifi traffic if wired detected Access to unsecured wifiMay lack authentication / encryption Risk of traffic cracking, rogue network devices Location based policies Restrict allowed SSIDs Enforce stronger security policies 29

Guest Wireless Let them on but don’t let them on… Cisco WCS 30

Guest Wifi with Benefits Network segmentation Policy management Guest traffic monitoring Customizable access portals 31

Conclusion 32 Present unparalleled threats The Cisco Unified Wireless Network Solution provides the best defense against these threats

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.