W&M 2009 – Best practices for wireless network security

654 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
654
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
35
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • AirDefense provides complete wireless security solution for “Anytime, Anywhere Protection”: AirDefense Enterprise for 24/7 monitoring in remote locations AirDefense Mobile for scanning specific areas or tracking down rogue devices in remote locations. AirDefense Personal: ensures mobile workforce protection even outside the boundaries of the enterprise at hotspots, hotels, airports.
  • Termination Methods of Rogue devices: AirTermination – termination of the rogue AP or Station wirelessly. AirTermination is device-based termination. This feature enables you to terminate the connection between your wireless LAN and any associated authorized or unauthorized Access Point or Station that AirDefense detects. Port Suppression – this feature enables you to suppress the communications port for any network device. The Port Suppression feature turns off the port on the network switch through which a device is communicating. You can suppress the communications port for any network device, effectively shutting down the communication port for the device. Termination Types: Active or on-command termination Policy-Based Termination - automatic termination of devices not complying with pre-defined policy
  • W&M 2009 – Best practices for wireless network security

    1. 1. WLAN Security Peter Mackenzie MarQuest Limited www.MarQuest.com [email_address]
    2. 2. Introductions <ul><li>Peter Mackenzie [email_address] </li></ul><ul><ul><li>Head of Technical Operations (MarQuest Limited) </li></ul></ul><ul><ul><li>Wireless Certifications </li></ul></ul><ul><ul><ul><li> C ertified W ireless N etwork A dministrator </li></ul></ul></ul><ul><ul><ul><li> C ertified W ireless S ecurity P rofessional </li></ul></ul></ul><ul><ul><ul><li> C ertified W ireless A nalysis P rofessional </li></ul></ul></ul><ul><ul><ul><li> C ertified W ireless N etwork E xpert </li></ul></ul></ul><ul><ul><ul><li> C ertified W ireless N etwork T rainer </li></ul></ul></ul><ul><li>MarQuest Limited </li></ul><ul><ul><li>CWNP Education Centre </li></ul></ul><ul><ul><li>WildPackets Academy </li></ul></ul><ul><ul><li>Installation </li></ul></ul><ul><ul><li>Consultancy </li></ul></ul>
    3. 3. Itinerary <ul><li>Wireless Inherently Insecure </li></ul><ul><li>Security Solutions </li></ul><ul><ul><li>Default Security (included in 802.11) </li></ul></ul><ul><ul><li>The Security Standard (802.11i) </li></ul></ul><ul><li>WLAN Intrusion </li></ul><ul><li>Detection and Prevention </li></ul>
    4. 4. Inherently Insecure Confidentiality Authentication Denial of Service
    5. 5. Wireless Attacks
    6. 6. Default Security <ul><li>Original 802.11 Standard </li></ul><ul><ul><li>Authentication Methods </li></ul></ul><ul><ul><ul><li>Open System </li></ul></ul></ul><ul><ul><ul><li>Shared Key </li></ul></ul></ul><ul><ul><li>Encryption </li></ul></ul><ul><ul><ul><li>Shared WEP Key </li></ul></ul></ul><ul><ul><li>MAC Authentication (Device Security) </li></ul></ul>
    7. 7. WEP Cracking
    8. 8. MAC Address Filtering <ul><li>Mac Spoofing </li></ul>
    9. 9. Standards Security <ul><li>WPA (TKIP, RC4) </li></ul><ul><ul><li>Personal </li></ul></ul><ul><ul><ul><li>Pre-Shared Key (PSK) </li></ul></ul></ul><ul><ul><ul><li>SOHO, no RADIUS server) </li></ul></ul></ul><ul><ul><li>Enterprise </li></ul></ul><ul><ul><ul><li>802.1x/ EAP </li></ul></ul></ul><ul><ul><ul><li>Backend RADIUS server </li></ul></ul></ul><ul><li>802.11i & WPA v2 (CCMP, AES) </li></ul><ul><ul><li>Personal </li></ul></ul><ul><ul><ul><li>Pre-Shared Key (PSK) </li></ul></ul></ul><ul><ul><ul><li>SOHO, no RADIUS server) </li></ul></ul></ul><ul><ul><li>Enterprise </li></ul></ul><ul><ul><ul><li>802.1x/ EAP </li></ul></ul></ul><ul><ul><ul><li>Backend RADIUS server </li></ul></ul></ul>
    10. 10. EAP types comparison Client Password Authentication Client Certificate Server Certificate Dynamic Exchange Mutual Authentication EAP-MD5  LEAP    EAP-TLS     PEAP     EAP-TTLS    
    11. 11. CoWPAtty You only need to capture the 4-way handshake Dictionary attack
    12. 12. Asleap Fast dictionary attack Can not get strong password
    13. 13. A strong password policy? If users can’t remember their password what do they do?
    14. 14. EAP – Generic Method Supplicant (Client) Authenticator (AP) Authentication Server (RADIUS) Identity: Peter Challenge Response: Cipher Text Access Request: Peter Request Identity Challenge: Text Challenge: Text Challenge Response: Cipher Text Access Accept Access: Success Exchange keys
    15. 15. PEAP Supplicant (Client) Authenticator (AP) Authentication Server (RADIUS) Identity: Dummy Access Request: Dummy Request Identity Authenticate Server Certificate Authenticate Server Certificate Establish Encrypted tunnel using certificate Identity: Peter Challenge Response: Cipher Text Access Request: Peter Challenge: Text Challenge: Text Challenge Response: Cipher Text Access Accept Access: Success Exchange keys
    16. 16. Client Configuration Weakness
    17. 17. Evil Twin SSID: ABC SSID:ABC Intruder Wireless Analyser Soft Access Point DHCP Server Software Signal Generator Channel 1 Channel 11 Key:
    18. 18. No Wi-Fi Policy “ It’s ok, we have a no Wi-Fi Policy” How do you enforce that policy? How do you know you don’t have any Wi-Fi? Do you have any laptops with inbuilt Wi-Fi Clients?
    19. 19. Client Hijacking Home Work SSID: LINKSYS Probe: LINKSYS SSID: LINKSYS
    20. 20. Identification and Protection <ul><li>Wireless Analysis </li></ul><ul><li>Wireless ISP </li></ul><ul><li>Training </li></ul><ul><li>Penetration Testing </li></ul>
    21. 21. WildPackets’ OmniPeek <ul><li>Wireless LAN environment scan </li></ul><ul><li>Rogue access point and station detection </li></ul><ul><li>Intrusion detection </li></ul><ul><li>Station Location </li></ul><ul><li>Ensuring wireless LAN policy </li></ul>What does your wireless environment really look like?
    22. 22. AirDefense IDS/IPS <ul><li>Intrusion Detections/Protection System </li></ul><ul><li>Sensors report back to Server </li></ul><ul><li>Alarms and notifications </li></ul><ul><li>Countermeasures </li></ul>
    23. 23. AirDefense Protects Wireless Networks Hacker INTRANET INTERNET Desktop Muni Wi-Fi Hotspot Evil Twin Mobile User Laptop AP Server Courtesy of AirDefense 1 Identifies & Terminates Rogue APs 4 Monitors for Non- Compliant APs 5 Protects Users 3 Stops Leaked Wired Traffic & Insertion 2 Prevents Hotspot Phishing
    24. 24. Automated Policy-Based Active Defences X Managed Switch AirDefense Server <ul><li>On-command Suppression </li></ul><ul><li>Policy-Based Suppression </li></ul><ul><li>Device Reconfiguration </li></ul>Wired-side Mitigation <ul><li>On-command Disconnect </li></ul><ul><li>Policy-Based Disconnect </li></ul><ul><li>Authorization Required, Audit Trail Maintained </li></ul><ul><li>Mitigation of the right target due to accurate detection </li></ul>Wireless Mitigation Public AP Laptop: Wired-Wireless Bridge ALERT! Detected by AirDefense Accidental Association TERMINATED! By AirDefense Accidental Association ALERT! Detected by AirDefense Rogue AP on Network PORT SUPPRESSED! By Managed Switch Rogue AP on Network
    25. 25. Training Training is key to a successful security solution Which security solution should I use? What monitoring should I be doing? Do I need a security audit? What should be included in a wireless security policy? Which staff need training?
    26. 26. Penetration Testing <ul><li>Information gathering </li></ul><ul><li>Social engineering </li></ul><ul><li>Eavesdropping </li></ul><ul><li>Active attacks </li></ul><ul><li>Rogue AP placement </li></ul><ul><li>Denial of Service </li></ul>
    27. 27. Thank You! Stand Number 704 Any Questions?

    ×