Insert presenter logo here on slide master. See hidden slide 2 for directions Deepak Gupta AirTight Networks Wireless Vulnerabilities in the Wild: View.

Slides:



Advertisements
Similar presentations
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective.
Advertisements

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
WiFi VS Cellular “Bringing Secure Payment to the Point Of Service”
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
The Way to Protect The Smartest Way to Protect Websites and Web Apps from Attacks.
Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Wireless Network Security
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Wireless Vulnerability Management  2008 AirTight Networks, Inc. Wireless Vulnerability Assessment – Airport Scanning Report Part - II A study conducted.
Lecture 11 Intrusion Detection (cont)
Building a Campus Dshield Randy Marchany IT Security Lab VA Tech Blacksburg, VA 24060
 2009 AirTight Networks. Financial Districts Wireless Vulnerability Study A study conducted by AirTight Networks, Inc.
Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.
Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,
Hosted by IDS for WLANs The Mansfield Group, LLC Security for Enterprise Networks Wireless LAN Security Workshop Wash DC Honolulu.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
ECE 578: COMPUTER NETWORK AND SECURITY
Dartmouth’s Wireless Network May 16, 2005 David W. Bourque.
FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.
AirDefense’s Role in Wireless Security
Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
Dell Connected Security Solutions Simplify & unify.
Enhancing the Security of Corporate Wi-Fi Networks using DAIR PRESENTED BY SRAVANI KAMBAM 1.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
EEye Digital Security    On the Frontline of the Threat Landscape: Simple configuration goes a long way.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Presented by: Dr. Munam Ali Shah
Doc.: IEEE ai Submission Paul Lambert, Marvell Security Review and Recommendations for IEEE802.11ai Fast Initial Link Setup Author:
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Wireless Tools Training materials for wireless trainers.
Who Is Peeping at Your Passwords at Starbucks? To Catch an Evil Twin Access Point DSN 2010 Yimin Song, Texas A&M University Chao Yang, Texas A&M University.
TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES Lesson №18 Telecommunication software design for analyzing and control packets on the networks by using.
Wireless Intrusion Prevention System
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
PwC Making Wireless Networks Secure Computerworld 30 Nov 2004 Mark Vos.
Frontline Enterprise Security
Lesson 10: Configuring Network Settings MOAC : Configuring Windows 8.1.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
Resolve today’s IT management dilemma Enable generalist operators to localize user perceptible connectivity problems Raise alerts prioritized by the amount.
Denial of Convenience Attack to Smartphones Using a Fake Wi-Fi Access Point Erich Dondyk, Cliff C. Zou University of Central Florida.
Simon Prasad. Introduction  Smartphone and other mobile devices have made it so easy to stay connected.  But this easy availability may lead to personal.
IS3220 Information Technology Infrastructure Security
BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.
©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.
Computer Security Sample security policy Dr Alexei Vernitski.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
Logging and Monitoring. Motivation Attacks are common (see David's talk) – Sophisticated – hard to reveal, (still) quite limited in our environment –
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.
Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.
1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.
Advanced Endpoint Security Data Connectors-Charlotte January 2016
3 Do you monitor for unauthorized intrusion activity?
Munix for Education Content Filter, Bandwidth Control, Location Mapping, Movement Analysis, User Self Management Portal, Time Analysis, and much more ….
HP ProCurve Alliance + Dr Carl Windsor CISSP Major Account Manager
Do you know who your employees are sharing their credentials with
Real-time protection for web sites and web apps against ATTACKS
Wireless Network Security
Click to edit Master subtitle style
Wireless Network Security
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Wireless Network Security
In the attack index…what number is your Company?
Make it real: Help your customers comply with the GDPR
Presentation transcript:

Insert presenter logo here on slide master. See hidden slide 2 for directions Deepak Gupta AirTight Networks Wireless Vulnerabilities in the Wild: View From the Trenches Acknowledgement: Based on work presented by K N Gopinath at RSA 2011

Agenda 2 Why care about Wireless Vulnerabilities? (Motivation) What’s new in this talk and what are its implications? Wireless Vulnerability Analysis (Measurements) Threat/Vulnerability Mitigation

Era of Wireless Consumerization

Real Life Breaches due to Insecure Use of Wi-Fi  Marshalls store hacked via wireless  Hackers accessed TJX network & multiple servers for 18+ months  45.7 million payment credit accounts compromised  Estimated liabilities > 4.5B USD

5 Are today’s enterprises secure enough to prevent the recurrence of such attacks?

Enter War Driving 6 WPA/WPA2 AP (%) NYLondonParis Not all APs are WPA/WPA2. How many of these are actually connected to my network?

War Driving Insufficient for Enterprise Threat Classification Our Study Authorized External Rogue

Sensor Based Statistical Sampling Data collected over last two years 8 Total Number ofCount Sites/Locations2,155 Organizations156 Sensors4501 Total Access Points268,383 Enterprise Clients427,308 Threat Instances Analyzed82,681

Enterprises Deal With Lot of Non-Enterprise Devices 268,383 APs 80, ,868 Authorized External/ Unmanaged 70% APs do NOT belong to the studied Organizations! Similarly, About 87% Clients are Unmanaged/External!

 Rogue APs  AP mis- configurations  Soft/Client Based APs Wireless Threat Space AP Based Threats AP

Adhoc Network Wireless Threat Space Client based threats  Client extrusions Connections to neighbors, evil twins  Adhoc networks  Client bridging  Banned devices

T 3 (T-Cube) Parameters Threat Presence Threat Duration Threat Frequency Presence of an instance of a threat (%) Likelihood of presence of a threat instance Window of opportunity for an attacker

Real-life data & Accurate picture of Threats How does this information help you? Get an idea of Wi-Fi threat scenario in enterprises that may be like yours Which wireless threats you should worry about first? Plan your enterprise mitigation strategy

14 Threat Presence Threat Duration Threat Frequency Threat Frequency Simple (Yes/No) metric based on the presence of an instance of a threat (%)

Results From Our Survey Randomly Chosen set of IT Security Professionals Rogue APMisconf. APAdhocClient ExtrusionOther % Response

Results Based on Our Data Key Observations -Prominent Threats -Client extrusions -Rogue APs -AP mis-configurations -Adhoc clients Key Implications -Organization data is potentially at risk via Wi-Fi

Let’s Dive Deeper into Nature of Threats Rogue APs Client Extrusions Adhoc Clients

Enterprise Wireless Consumerization: Rogue APs 1521 Rogue APs seen in our study 163 Different type of Consumer Grade OUIs seen

Rogue AP Details About 1 in 10 Rogue APs have Default SSIDsAbout Half of Rogue APs Wide Open

Rogue AP Details An open Rogue AP is Virtually THIS!

Client Consumerization: Client Extrusion Client (Smartphones & laptops both) probes for these SSIDs.

Topic of Hot Discussion Today!

23

Client Probing For Vulnerable SSIDs Retail/SMB Organizations 118,981 Clients 12, ,979 AuthorizedUnmanaged 21,777 (20.4%) 636 (5.3%) Power of Accurate threat classification. 5.3% Vs 20.4%

“Known” Vulnerable SSIDs Probed For 103 distinct SSIDs recorded Certain (8%) Authorized Clients Probing for 5 or more SSIDs

Adhoc Authorized Clients! 565 distinct Adhoc SSIDs found, About half of them Vulnerable 15% of these are default SSIDs. 26,443 (7%) clients in adhoc mode.

VIDEO DEMO: Smartpot MITM Attack So What? Illustrative Exploit via Client Extrusion Smartphone as an Attacker App1: Mobile Hotspot App2: SSLStrip Attack Tool

VIDEO DEMO: Smartpot MITM Attack 28

29 Threat Presence Threat Duration Threat Frequency Threat Frequency How long (time interval) a threat is active before removal?

AP Threats live “longer” than Client Threats 15% client threats & 30 % AP threats live for > hr Threat Duration % Threat Instances with Given Threat Duration Histogram indicating that AP threats live longer AP Misconf. Rogue AP Client Extrusion Adhoc networks Some AP based threats are active for a day or more! Data from SMB/Retail (PCI) Segment

31 Threat Presence Threat Duration Threat Frequency Threat Frequency Threat instances per Sensor per month

Threat Frequency Large Enterprise Segment: Threats Per Month Per Sensor (Approx. 10,000 sq feet area) Bigger your organization, higher the likelihood of finding the threats Threat Category Threat Frequency

Key Takeaways Summarized  Wireless threats due to unmanaged devices are present  Enterprise wireless environment influenced by consumerization  Certain threats more common than others  Client extrusions  Rogue AP  AP Mis-configurations  Adhoc clients  Common threats affect large enterprise and SMB organizations  Wireless threats persist regardless of sophistication of wired network security

34 Threat Mitigation

Let’s Ban Wi-Fi!

Use WPA2 For Your Authorized WLAN! But, WPA2 does not protect against threats due to unmanaged devices

Threat Mitigation Intrusions (AP Based Threats)  Wire side controls as a first line of defense (e.g., 802.1X port control)  Wireless IPS to automatically detect & block intrusions Extrusions (Client Based Threats)  Educate users: clean up profiles, Use VPNs & connect to secure Wi-Fi  Deploy end point agents to automatically block connections to insecure Wi-Fi  Wireless IPS to automatically detect & block extrusions in enterprise perimeter Regular wireless scans to understand your security posture - Cloud based solutions are available to automate wireless scans Defense-In-Depth Mitigation

Apply Slide: Recommended Best Practices  Self Assessment Test  Scan your network to find out how vulnerable you are  Good chance that you will find a Rogue AP, higher chance that you will find client extrusion  Follow best practices  Educate your users to connect to secure Wi-Fi  Use VPN for remote connections  Clean up the Connection profiles of Wi-Fi clients periodically  Deploy end point agents to automate some of the above  Adopt a “defense in depth” security approach  Employ wire side defenses against Rogue APs (first line of defense)  Regularly scan your wireless perimeter  If risk assessment is high and/or you store super sensitive data  Threat containment via wireless IPS should be considered

Apply Slide: Recommended Best Practices Go Wi-Fi, But, The Safe Way!

40 Questions? Thank You

A1: Location/Site Wise Distribution Key Observations Prominent threats are distributed across multiple sites. Key Implications You need an ability to monitor the entire organization, not just 1 or 2 sites

A2: Enterprise Vs PCI (SMB/Retail) Key Observations Similar pattern with respect to prominent threats Some difference w.r.t other threats Increased adhoc connections in PCI

A3: North America, Asia (Overall Threat Occurrence)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.