Your SlideShare is downloading. ×
0
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Skyjacking A Cisco Wlan Attack Analysis And Countermeasures

2,417

Published on

This presentation will deconstruct the skyjacking vulnerability - explaining why the vulnerability occurs in Cisco WLANs, which Cisco access points are affected, how skyjacking can be exploited to …

This presentation will deconstruct the skyjacking vulnerability - explaining why the vulnerability occurs in Cisco WLANs, which Cisco access points are affected, how skyjacking can be exploited to launch potent attacks, and what are the best practices to proactively protect your enterprise network against such zero-day vulnerabilities and attacks.

Published in: Technology, Education
1 Comment
7 Likes
Statistics
Notes
  • its superbbbbb.....!
    i need this ppt ...... please send it to meeeeeeeeee
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
2,417
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
1
Likes
7
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • 09/23/09
  • Transcript

    • 1. Skyjacking a Cisco WLAN: Attack Analysis and Countermeasures Presenters: Dr. Pravin Bhagwat, CTO Dr. Hemant Chaskar, Director of Technology Moderator: Sri Sundaralingam, VP of Product Management
    • 2. In the News Cisco wireless LAN vulnerability could open ‘back door’ Cisco wireless LANs at risk of attack, ‘skyjacking’ Newly discovered vulnerability could threaten Cisco wireless LANs
    • 3. What Cisco says “ No risk of data loss or interception” “ Could allow an attacker to cause a denial of service (DoS) condition” It’s not a big deal! Severity = Mild
    • 4. Hmm… ? ? ? What exactly is skyjacking? Do I need to worry about it? How severe is the exploit?
    • 5. What you will learn today The risk from skyjacking vulnerability is much bigger than stated How to assess if you are vulnerable Countermeasures for skyjacking and other zero-day attacks
    • 6. Five ways a LAP can discover WLCs Subnet-level broadcast Configured DNS DHCP Over-the-air provisioning (OTAP)
    • 7. Three criteria a LAP uses to select a WLC Primary, Secondary, Tertiary Master mode Maximum excess capacity Step 1 Step 2 Step 3
    • 8. Over-the-air provisioning (OTAP)
    • 9. OTAP exploited for “skyjacking”
    • 10. Skyjacked LAP denies service to wireless users
    • 11. Is this just tip of the iceberg?
    • 12. Secure WLAN enterprise access Before Internal to corporate network 20 WPA2 Corp Comment VLAN Security SSID Internal to corporate network 30 AP Physically Connected To
    • 13. Authorized LAP skyjacked – DoS Before DoS Internal to corporate network 20 WPA2 Corp Comment VLAN Security SSID Internal to corporate network 30 AP Physically Connected To
    • 14. Authorized LAP turned into Open Rogue AP Before Rogue on Network Internal to corporate network 30 OPEN Corp Comment VLAN Security SSID Internal to corporate network 30 AP Physically Connected To
    • 15. Camouflaged Rogue LAP: a backdoor to your enterprise network!
    • 16. Wolf in Sheep Clothing Before Rogue on Network Internal to corporate network 30 WPA2 Corp Comment VLAN Security SSID Internal to corporate network 30 AP Physically Connected To
    • 17. Wolf in Sheep Clothing – Scenario 2 Before Rogue on Network Internal to corporate network 20 WPA2 Corp Internal to corporate network 30 OPEN Guest Comment VLAN Security SSID Internal to corporate network 30 AP Physically Connected To DoS
    • 18. SpectraGuard ® Enterprise WLAN policy set-up Guest WLAN SSID Allowed Subnet (VLAN) for Guest SSID
    • 19. Normal WLAN operation Authorized SSIDs are seen in “Green” color and are detected with VLAN identifier to which they connect Device list displayed on SpectraGuard Enterprise console
    • 20. Skyjacking on guest access 1 Change in the VLAN is detected 2 SSID marked as “misconfigured” (Background changes to amber) 3 Automatic Prevention started ( Shield icon appears )
    • 21. Summary Open rogue WPA2 rogue Open guest rogue Guest access as Open Rogue AP (Wolf in Sheep clothing – scenario 2) Authorized SSID as “Privileged” Rogue AP (Wolf in Sheep clothing) Authorized SSID as Open Rogue AP Type of Skyjacking attack  X  X   AirTight’s unique wireless-wired correlation based threat detection Only over-air threat detection
    • 22. AirTight’s SpectraGuard Enterprise Thanks to patented marker packet technology for accurate wired connectivity detection and unique VLAN Policy Mapping ™ architecture The only WIPS that can provide zero-day protection against the most potent form of skyjacking attack
    • 23. Which LAPs can be skyjacked? ? Vulnerable? Type of Cisco LAP No Configured with locally significant certificates (LSC) Mostly No Configured with “preferred” WLCs (primary, secondary, tertiary) Yes LAPs using auto discovery
    • 24. Countermeasures Manually configure LAPs with preferred WLCs (primary, secondary, tertiary) Manually configure LAPs with LSCs Primarily HA and load balancing feature Impractical Block outgoing traffic from UDP ports 12222 and 12223 on your firewall Not a common practice Turn off OTAP on WLC Ineffective!
    • 25. Practical difficulties: Do you know <ul><li>If your outgoing UDP ports on the firewall are blocked? Did you test it today? </li></ul><ul><li>How many VLANs do you have authorized for wireless access? </li></ul><ul><li>Are all SSIDs mapped to the correct VLANs? </li></ul><ul><li>When was the last time your LAPs rebooted? </li></ul><ul><li>When was the last time your WLC taken down for maintenance? </li></ul><ul><li>If all your APs are compliant with your security policies? How do you know? </li></ul><ul><li>If all LAPs are configured with primary, secondary and tertiary WLC? </li></ul><ul><li>If all LAPs are indeed connected to configured WLCs? </li></ul>
    • 26. One mistake and you could be exposed!
    • 27. Adding second, independent layer of WIPS protection Misconfigurations Zero-day attacks Designed for security Designed for WLAN access Undesirable connections Misconfigurations Zero-day attacks Undesirable connections
    • 28. AirTight’s SpectraGuard product family SpectraGuard SAFE Wireless Security for Mobile Users SpectraGuard Online Industry’s Only Wireless Security Service SpectraGuard Enterprise Complete Wireless Intrusion Prevention WLAN Coverage & Security Planning SpectraGuard Planner
    • 29. About AirTight Networks The Global Leader in Wireless Security and Compliance For more information on wireless security risks, best practices, and solutions, visit: www.airtightnetworks.com Visit our blog to read the root cause analysis of “ Skyjacking: What Went Wrong?” blog.airtightnetworks.com

    ×