Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Security Policy Gagan Jain Bommaiah Satish Shyam Sundar Vivekananda.

Published byRosalyn Fisher Modified over 8 years ago

Similar presentations

Presentation on theme: "Wireless Security Policy Gagan Jain Bommaiah Satish Shyam Sundar Vivekananda."— Presentation transcript:

1 Wireless Security Policy Gagan Jain Bommaiah Satish Shyam Sundar Vivekananda

2 What is a WLAN Security Policy?  It is a policy that specifies rules and procedures as to how to the WLAN should be used.  It contains Information as what not to be used using the WLAN in the organisation  It also conveys what would be the action taken upon the improper usage of the WLAN.

3 Why is it so important?  Today all organisation provide WLAN for the employees for the easy access and faster data transfers.  The attacker can easily crack the network and gain important data.  The experts say that a written policy that governs how to network should be used and for what purposes and how it should be connected to a network as well as what happens when somebody tries not to follow the rules and what action to be taken.

4 Why is it so important?  If there is no written policy the any verbal rules or regulations and the cost spent on securing the network would be of no use if there is a security breach on the WLAN.  If so then no action or any laws cant be forced on the attacker who can be sued for breaking into the network.

5 How to develop a WLAN security policy?  There is no point in creating a WLAN security policy by IT department within two to three days span and write a big document and place it in a shelf in the organisation.  The Security policy should be created by assessing and planning the working and importance of the WLAN to the organisation.  The creation of network security policy should be part of the overall network design.

6 How to create a WLAN security policy?  To create a WLAN security policy a policy cycle must be followed: - Risk Identification - Security policy development - Implementation and governing  WLAN security, such as WIPS monitoring solutions, are often deployed in response to a breach in WLAN security. Likewise, security policies are often applied after the WLAN has been deployed in response to an industry concern. Creating documented security policies in advance during the design phase of a WLAN is a much better strategy.

7 Who all should be used in designing Security policy?  The Security policy creation team must include all departments team members to get necessary information as to how important is It and how to department is using the WLAN.  The first task in policy development must be to assemble a team that will begin the construction of a relevant and usable policy. This group should include representatives from each group of stakeholders within the organization.  A "C"-level executive is needed to get the ball rolling. The CEO, CIO, CTO, or CSO usually champions the cause so that the policy has the energy to move forward

8 What all departments to be included? The departments that should be represented in policy creation:  Security  Legal  Human Resources  Management  Networking  Desktop Support  Finance  Users  Research and Development  Any group using the technology covered by the policy

9 What is in the WLAN security policy?  Statement of Authority Defines who put the WLAN policy in place and the executive management that backs the policy.  Applicable Audience Defines the audience to whom the policy applies, such as employees, visitors, and contractors.  Risk Assessment and Threat Analysis Defines the potential wireless security risks and threats and what the financial impact will be on the company if a successful attack occurs.  Security Auditing Defines internal auditing procedures as well as the need for independent outside audits.  Violation Reporting Procedures Defines how the WLAN security policy will be enforced, including what actions should be taken and who is in charge of enforcement

10 What's in the WLAN security policy?  Acceptable usage policy (AUP) - Protect management, employees, suppliers, and guests. -Adhere to all applicable laws and regulations - Exist within the global community as a responsible citizen - Maintain the integrity and quality of technical services  Password protection policy (PPP) - Maintain the secrecy of the WLAN passwords - Keep the employee ID and passwords safe from external exposure - Follow the password policy as the passwords must be minimum of 8 Characters and must include uppercase letter with a symbol.  Enterprise WLAN protection policy - The network should be encrypted with minimum of TKIP - Network should be running at least WPA protocol  BYOD policy - BYOD must be only connected to guest networks - BYOD devices must be malware or Virus free

11 What's in the WLAN policy?  VPN policy - VPNs must be connected using a Secure networks only - All connections must be secure and used only in known networks.  Ad-Hoc Networks - Ad hoc networks can pose a security threat. Ad hoc networks are defined as peer-to-peer networks between wireless computers that do not have an access point in between them. While these types of networks usually have little protection, encryption methods can be used to provide security.  MAC address policy - MAC filtering is a foolish way of securing a network it should be avoided. - Many programs are available to spoof MAC address  WIDPS policy

12 How to implement the WLAN security policy?  Increasingly, organizations of all sizes and types have started amending their network usage policies to include a wireless policy section. If you have not done so already, a WLAN section should be added to your organization's security policy.  Adopt the policy and train the employees and make them adopt themselves to the terms of the policy  Make the employees sign the agreement as to acceptable usage policy and other agreements in the policy.

13 How to implement WLAN security policy?  Secure enterprise WLAN Authenticate users Encrypt over-the-air data  Isolate Guest Wi-Fi  Wi-Fi endpoints Secure remote enterprise access  Secure the enterprise airspace from unmanaged Wi-Fi  Manage risks from Bring Your Own Device (BYOD)

14 Bring your own device!! Biggest risk? The BYOD trend is causing new security concerns for enterprise network and data security. Corporate users (e.g. employees, contractors) are accessing enterprise network and data, and bypassing corporate security controls using their personal Wi-Fi devices. This uncontrolled access can open wireless backdoors into the enterprise network, malicious activity, leakage of sensitive data, and exposure to malware BYOD can be a tense risk as the senior management can connect to primary network instead of using the guest network for the usage of their own devices.

15 BYOD Biggest Security risk? 2011 Smartphones 2012 Smartphones 2013 Smartphones + Tablets

16 BYOD Survey Results 11% 20% 69% 16% 34% 50% Do you see an increasing trend of employees bringing Rogue Wi-Fi APs? Are you concerned about employees using mobile hotspots to bypass corporate policies? Source: 316 respondents, April 2012 Network, A. (n.d.). WLAN BYOD. Retrieved December 1, 2014, from http://www.airtightnetworks.com/home/solutions/bring- your-own-device.html

17 What to do for this Unmanaged WLAN Security problem?  Answer is Mobile device management (MDM) - No visibility into Rogue APs, Soft Rogues, Mobile Wi-Fi Hotspots Network access control (NAC) - Scope limited to BYOD on “managed” WLAN Wireless intrusion prevention system (WIPS) WIPS does not exist as a ready designed solution to implement as a software package. A WIPS is typically implemented as an overlay to an existing Wireless LAN infrastructure, although it may be deployed standalone to enforce no-wireless policies within an organization.

18 What is Rouge AP? Is it a risk?  Unmanaged (unauthorized) AP attached to enterprise wired network  ŠIt has been estimated that almost 20% of corporations have Rogue APs in their networks at some time  Why are they so bad? - Rogue AP on network = (logically) LAN jack of your network hanging out of the premises - RF signal spillage of Rogue AP provides access to wired enterprise network from outside of the premises

19 What all attacks can be done using rouge AP?  Attacks on wired network infrastructure ARP poisoning, DHCP attacks, STP attacks, DoS attacks etc.  ŠMapping the network for targeted attacks  ŠScanning hosts on network for targeted attacks  ŠMIM (Man-In-Middle) and data sniffing on wired network

20 How to stop Rouge AP from causing breach?  Using Firewall? - No  Using WPA2? - No  Using Antivirus? - No  Using WIDPS? - No  So What can be done to stop it? Sensor based wireless intrusion prevention system (WIPS) which Watches for Rogue APs 24x7 Performs wired/wireless correlation for AP network connectivity testing to detect Rogue AP Provides for automatic blocking of Rogue AP Locates Rogue AP for easy searching and removal from the network

21 Best practises of WLAN  Strong authentication is often overlooked  Well established secure authentication methods all use SSL or TLS tunnels TLS is the successor of SSL  SSL has been used for nearly a decade in E- Commerce SSL or TLS requires Digital Certificates  Digital Certificates usually involves some form of PKI and Certificate management  Good cryptography allows secure communications over unsecured medium  Follow best practice cryptographic principles  Strong authentication  Strong encryption  WPA and WPA2 standards

22 Best practises of WLAN Enterprise security  Minimum encryption should be TKIP  Run AES encryption if possible  EAP-TLS authentication recommended  PEAP or EAP-TTLS authentication at a minimum  Multiple Virtual SSID and VLAN support  VLAN assignment based on group membership  Guest Wireless LANs that are isolated  Mitigating WEP security risks for WEP only devices using Firewall or Router ACLs (Access Control Lists)  Can be done with single device such as the Cisco 851W which is a Firewall, Router, Managed Switch, and Access Point all-in-one

23 References  Kaminski, K. (n.d.). BYOD Wave. Retrieved December 5, 2014, from http://www.dhses.ny.gov/ocs/awareness-training- events/conference/2013/documents/presentations/ Ken-Kaminski.pdf http://www.dhses.ny.gov/ocs/awareness-training- events/conference/2013/documents/presentations/ Ken-Kaminski.pdf  Network, A. (n.d.). Understanding WPA-PSK and WPA2-PSK Authentication. Retrieved December 5, 2014, from http://www.airtightnetworks.com/home/products/Air Tight-WIPS.html http://www.airtightnetworks.com/home/products/Air Tight-WIPS.html  Network, A. (n.d.). AirTight Secure Guest Wi-Fi. Retrieved December 5, 2014, from http://www.airtightnetworks.com/home/solutions/se cure-guest-wi-fi.html http://www.airtightnetworks.com/home/solutions/se cure-guest-wi-fi.html

24 THANK YOU

Download ppt "Wireless Security Policy Gagan Jain Bommaiah Satish Shyam Sundar Vivekananda."

Similar presentations

Security Policy. TOPICS Objectives WLAN Security Policy General Security Policy Functional Security Policy Conclusion.

Security Policy. TOPICS Objectives WLAN Security Policy General Security Policy Functional Security Policy Conclusion.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.

Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.
Secure Computing Network

Secure Computing Network
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Wireless Network Security

Wireless Network Security
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
SAM for Mobile Device Management Presenter Name. of employees spend at least some portion of their time working outside their office. Mobility is the.

SAM for Mobile Device Management Presenter Name. of employees spend at least some portion of their time working outside their office. Mobility is the.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Similar presentations

Ads by Google