SlideShare a Scribd company logo

Skyjacking A Cisco WLAN - What it means and how to protect against it?

Samir Palnitkar
Samir Palnitkar

A flaw in the Cisco WLAN operation was announced in late Aug 2009 that allows a hacker to "skyjack" or take control of a Cisco lightweight access point. The vulnerability is rooted in the over-the-air-provisioning (OTAP) feature used by Cisco lightweight access points to discover and connect to a Cisco WLAN controller. This webinar presentation will deconstruct the skyjacking vulnerability - explaining why the vulnerability occurs in Cisco WLANs, which Cisco access points are affected, how skyjacking can be exploited to launch potent attacks, and what are the best practices to proactively protect your enterprise network against such zero-day vulnerabilities and attacks.

TechnologyEducation
1 of 29
Download to read offline
Webinar held on 02 Sept, 2009 *Webinar Press Release URL : http://digg.com/d3130SK ! " !
In the News Cisco wireless LAN vulnerability could open ‘back door’ Cisco wireless LANs at risk of attack, ‘skyjacking’ Newly discovered vulnerability could threaten Cisco wireless LANs
What Cisco says Severity = Mild “No risk of data loss or interception” “Could allow an attacker to cause a denial of service (DoS) condition” It’s not a big deal!
Hmm… How severe is the exploit? What exactly is skyjacking? ? ? Do I need to worry about it? ?
What you will learn today The risk from skyjacking vulnerability is much bigger than stated How to assess if you are vulnerable Countermeasures for skyjacking and other zero-day attacks
Five ways a LAP can discover WLCs Subnet-level broadcast Configured Over-the-air provisioning (OTAP) DNS DHCP
Three criteria a LAP uses to select a WLC Step 1 Primary, Secondary, Tertiary Step 2 Master mode Step 3 Maximum excess capacity
Over-the-air provisioning (OTAP)
OTAP exploited for “skyjacking”
Skyjacked LAP denies service to wireless users
Secure WLAN enterprise access Before SSID Security VLAN Comment Corp WPA2 20 Internal to corporate network AP Physically 30 Internal to corporate network Connected To
Authorized LAP skyjacked – DoS Before SSID Security VLAN Comment DoS Corp WPA2 20 Internal to corporate network AP Physically 30 Internal to corporate network Connected To
Authorized LAP turned into Open Rogue AP Before Rogue on SSID Security VLAN Comment Network Corp OPEN 30 Internal to corporate network AP Physically 30 Internal to corporate network Connected To
Camouflaged Rogue LAP: a backdoor to your enterprise network!
Wolf in Sheep Clothing Before Rogue on SSID Security VLAN Comment Network Corp WPA2 30 Internal to corporate network AP Physically 30 Internal to corporate network Connected To
Wolf in Sheep Clothing – Scenario 2 Before SSID Security VLAN Comment DoS Corp WPA2 20 Internal to corporate network Guest OPEN 30 Internal to corporate network Rogue on AP Physically 30 Internal to corporate network Network Connected To
SpectraGuard® Enterprise WLAN policy set-up Guest WLAN SSID Allowed Subnet (VLAN) for Guest SSID
Normal WLAN operation Device list displayed on SpectraGuard Enterprise console Authorized SSIDs are seen in “Green” color and are detected with VLAN identifier to which they connect
Skyjacking on guest access 1 Change in the VLAN is detected SSID marked as “misconfigured” 2 (Background changes to amber) Automatic Prevention started 3 ( Shield icon appears )
Summary AirTight’s unique wireless- Type of Skyjacking attack Only over-air wired correlation based Open rogue threat detection threat detection Authorized SSID as Open Rogue AP WPA2 rogue Authorized SSID as “Privileged” Rogue AP X (Wolf in Sheep clothing) Open guest Guest access as Open rogue Rogue AP (Wolf in Sheep clothing – X scenario 2)
AirTight’s SpectraGuard Enterprise The only WIPS that can provide zero-day protection against the most potent form of skyjacking attack Thanks to patented marker packet technology for accurate wired connectivity detection and unique VLAN Policy Mapping™ architecture
Which LAPs can be skyjacked? Type of Cisco LAP Vulnerable? LAPs using auto discovery Yes Configured with “preferred” WLCs ? (primary, secondary, tertiary) Mostly No Configured with locally significant No certificates (LSC)
Countermeasures Turn off OTAP on WLC Ineffective! Manually configure LAPs with preferred Primarily HA and load WLCs (primary, secondary, tertiary) balancing feature Manually configure LAPs with LSCs Impractical Block outgoing traffic from UDP ports Not a common 12222 and 12223 on your firewall practice
Practical difficulties: Do you know If all LAPs are configured with primary, secondary and tertiary WLC? If all LAPs are indeed connected to configured WLCs? If your outgoing UDP ports on the firewall are blocked? Did you test it today? How many VLANs do you have authorized for wireless access? Are all SSIDs mapped to the correct VLANs? When was the last time your LAPs rebooted? When was the last time your WLC taken down for maintenance? If all your APs are compliant with your security policies? How do you know?
One mistake and you could be exposed!
Adding second, independent layer of WIPS protection Zero-day attacks Misconfigurations Undesirable connections Zero-day attacks Undesirable Misconfigurations connections Designed for security Designed for WLAN access
AirTight’s SpectraGuard product family Complete Wireless Intrusion Prevention Industry’s Only Wireless Security Service Wireless Security for Mobile Users WLAN Coverage & Security Planning
About AirTight Networks For more information on wireless security risks, best practices, and solutions, visit: http://www.airtightnetworks.com The Global Leader in Wireless Security and Compliance Visit our blog to read the root cause analysis of “Skyjacking: What Went Wrong?” http://blog.airtightnetworks.com

Recommended

WPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitWPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitAirTight Networks
 
Ngfw overview
Ngfw overviewNgfw overview
Ngfw overviewMotty Ben Atia
 
CCNA Security - Chapter 7
CCNA Security - Chapter 7CCNA Security - Chapter 7
CCNA Security - Chapter 7Irsandi Hasan
 
Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Shamal Abeyrathne
 
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISECHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISEAlexander Kravchenko
 
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...Alexander Kravchenko
 
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...Alexander Kravchenko
 
CCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asaCCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asaAhmed Habib
 

Recommended

WPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitWPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitAirTight Networks
 
Ngfw overview
Ngfw overviewNgfw overview
Ngfw overviewMotty Ben Atia
 
CCNA Security - Chapter 7
CCNA Security - Chapter 7CCNA Security - Chapter 7
CCNA Security - Chapter 7Irsandi Hasan
 
Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Shamal Abeyrathne
 
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISECHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISEAlexander Kravchenko
 
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...Alexander Kravchenko
 
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...Alexander Kravchenko
 
CCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asaCCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asaAhmed Habib
 
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityFeb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityCasey Dunham
 
WIFI Hacking
WIFI HackingWIFI Hacking
WIFI HackingSuraj Bohara
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngOpen Knowledge Nepal
 
CCNA Security - Chapter 2
CCNA Security - Chapter 2CCNA Security - Chapter 2
CCNA Security - Chapter 2Irsandi Hasan
 
CCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsCCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsAhmed Habib
 
Ccna security comparison
Ccna security comparisonCcna security comparison
Ccna security comparisonthongams2000
 
Aircrack
AircrackAircrack
AircrackMuhammadHanzalah6
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityAhmad Yar
 
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testing
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration TestingMr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testing
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testingnooralmousa
 
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)ClubHack
 
CCNA Security - Chapter 5
CCNA Security - Chapter 5CCNA Security - Chapter 5
CCNA Security - Chapter 5Irsandi Hasan
 
SonicWall
SonicWallSonicWall
SonicWallNEOTD Tech Events .
 
Accelerating incident response in organizations of any size
Accelerating incident response in organizations of any sizeAccelerating incident response in organizations of any size
Accelerating incident response in organizations of any sizeCisco Canada
 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Mohamed Loey
 
Routers
RoutersRouters
RoutersGuranna Biradar
 
Wireless Security
Wireless SecurityWireless Security
Wireless SecuritysiDz
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitationbarcamp.my
 
I psec cisco
I psec ciscoI psec cisco
I psec ciscoDeepak296
 
Jatinder Singh
Jatinder SinghJatinder Singh
Jatinder SinghJatinder Virk
 
The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95
The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95
The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95Justrassity996
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresAirTight Networks
 
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentestingYunfei Yang
 

More Related Content

What's hot

Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityFeb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityCasey Dunham
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngOpen Knowledge Nepal
 
CCNA Security - Chapter 2
CCNA Security - Chapter 2CCNA Security - Chapter 2
CCNA Security - Chapter 2Irsandi Hasan
 
CCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsCCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsAhmed Habib
 
Ccna security comparison
Ccna security comparisonCcna security comparison
Ccna security comparisonthongams2000
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityAhmad Yar
 
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testing
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration TestingMr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testing
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testingnooralmousa
 
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)ClubHack
 
CCNA Security - Chapter 5
CCNA Security - Chapter 5CCNA Security - Chapter 5
CCNA Security - Chapter 5Irsandi Hasan
 
Accelerating incident response in organizations of any size
Accelerating incident response in organizations of any sizeAccelerating incident response in organizations of any size
Accelerating incident response in organizations of any sizeCisco Canada
 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Mohamed Loey
 
Wireless Security
Wireless SecurityWireless Security
Wireless SecuritysiDz
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitationbarcamp.my
 
I psec cisco
I psec ciscoI psec cisco
I psec ciscoDeepak296
 
The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95
The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95
The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95Justrassity996
 

What's hot (20)

Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityFeb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
 
WIFI Hacking
WIFI HackingWIFI Hacking
WIFI Hacking
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ng
 
CCNA Security - Chapter 2
CCNA Security - Chapter 2CCNA Security - Chapter 2
CCNA Security - Chapter 2
 
CCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsCCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ips
 
Ccna security comparison
Ccna security comparisonCcna security comparison
Ccna security comparison
 
Aircrack
AircrackAircrack
Aircrack
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
 
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testing
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration TestingMr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testing
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testing
 
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
 
CCNA Security - Chapter 5
CCNA Security - Chapter 5CCNA Security - Chapter 5
CCNA Security - Chapter 5
 
SonicWall
SonicWallSonicWall
SonicWall
 
Accelerating incident response in organizations of any size
Accelerating incident response in organizations of any sizeAccelerating incident response in organizations of any size
Accelerating incident response in organizations of any size
 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2
 
Routers
RoutersRouters
Routers
 
Wireless Security
Wireless SecurityWireless Security
Wireless Security
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
 
I psec cisco
I psec ciscoI psec cisco
I psec cisco
 
Jatinder Singh
Jatinder SinghJatinder Singh
Jatinder Singh
 
The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95
The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95
The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95
 

Similar to Skyjacking A Cisco WLAN - What it means and how to protect against it?

Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresAirTight Networks
 
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentestingYunfei Yang
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutionshemantchaskar
 
Vfm security with aruba wireless
Vfm security with aruba wirelessVfm security with aruba wireless
Vfm security with aruba wirelessvfmindia
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Yury Chemerkin
 
Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)Ryan Orsi
 
Ch20 Wireless Security
Ch20 Wireless SecurityCh20 Wireless Security
Ch20 Wireless Securityphanleson
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsAirTight Networks
 
ht-f02-inside-the-world-of-java-applets_final
ht-f02-inside-the-world-of-java-applets_finalht-f02-inside-the-world-of-java-applets_final
ht-f02-inside-the-world-of-java-applets_finalAbhishek Singh
 
Protect your guest wifi - NOW
Protect your guest wifi - NOWProtect your guest wifi - NOW
Protect your guest wifi - NOWJoshua Sibaja
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssueIshan Girdhar
 
Fudcon 2015...Wireless: From Basics to Internals
Fudcon 2015...Wireless: From Basics to InternalsFudcon 2015...Wireless: From Basics to Internals
Fudcon 2015...Wireless: From Basics to InternalsKiran Divekar
 
FAQ - Rogue AP - What is Rogue Access Point?
FAQ - Rogue AP - What is Rogue Access Point?FAQ - Rogue AP - What is Rogue Access Point?
FAQ - Rogue AP - What is Rogue Access Point?Tũi Wichets
 
physical and hardware security(http://4knet.ir)
physical and hardware security(http://4knet.ir)physical and hardware security(http://4knet.ir)
physical and hardware security(http://4knet.ir)Azad Kaki
 
[SOS 2009] D-Link: Red Segura L2 L3
[SOS 2009] D-Link: Red Segura L2 L3[SOS 2009] D-Link: Red Segura L2 L3
[SOS 2009] D-Link: Red Segura L2 L3Chema Alonso
 
Tired of rogues_-_solutions_for_detecting_and_eliminating_rogue_wireless_netw...
Tired of rogues_-_solutions_for_detecting_and_eliminating_rogue_wireless_netw...Tired of rogues_-_solutions_for_detecting_and_eliminating_rogue_wireless_netw...
Tired of rogues_-_solutions_for_detecting_and_eliminating_rogue_wireless_netw...Advantec Distribution
 

Similar to Skyjacking A Cisco WLAN - What it means and how to protect against it? (20)

Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
 
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentesting
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
 
Vfm security with aruba wireless
Vfm security with aruba wirelessVfm security with aruba wireless
Vfm security with aruba wireless
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
 
Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)
 
Ch20 Wireless Security
Ch20 Wireless SecurityCh20 Wireless Security
Ch20 Wireless Security
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
 
ht-f02-inside-the-world-of-java-applets_final
ht-f02-inside-the-world-of-java-applets_finalht-f02-inside-the-world-of-java-applets_final
ht-f02-inside-the-world-of-java-applets_final
 
Protect your guest wifi - NOW
Protect your guest wifi - NOWProtect your guest wifi - NOW
Protect your guest wifi - NOW
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
 
FIREWALL
FIREWALLFIREWALL
FIREWALL
 
Wlan security
Wlan securityWlan security
Wlan security
 
Fudcon 2015...Wireless: From Basics to Internals
Fudcon 2015...Wireless: From Basics to InternalsFudcon 2015...Wireless: From Basics to Internals
Fudcon 2015...Wireless: From Basics to Internals
 
FAQ - Rogue AP - What is Rogue Access Point?
FAQ - Rogue AP - What is Rogue Access Point?FAQ - Rogue AP - What is Rogue Access Point?
FAQ - Rogue AP - What is Rogue Access Point?
 
physical and hardware security(http://4knet.ir)
physical and hardware security(http://4knet.ir)physical and hardware security(http://4knet.ir)
physical and hardware security(http://4knet.ir)
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
 
[SOS 2009] D-Link: Red Segura L2 L3
[SOS 2009] D-Link: Red Segura L2 L3[SOS 2009] D-Link: Red Segura L2 L3
[SOS 2009] D-Link: Red Segura L2 L3
 
609 618
609 618609 618
609 618
 
Tired of rogues_-_solutions_for_detecting_and_eliminating_rogue_wireless_netw...
Tired of rogues_-_solutions_for_detecting_and_eliminating_rogue_wireless_netw...Tired of rogues_-_solutions_for_detecting_and_eliminating_rogue_wireless_netw...
Tired of rogues_-_solutions_for_detecting_and_eliminating_rogue_wireless_netw...
 

More from Samir Palnitkar

Palnitkar - JMT, 230 miles (370 km) - Aug 11-30, 2021
Palnitkar - JMT, 230 miles (370 km) - Aug 11-30, 2021Palnitkar - JMT, 230 miles (370 km) - Aug 11-30, 2021
Palnitkar - JMT, 230 miles (370 km) - Aug 11-30, 2021Samir Palnitkar
 
Order confirmation email
Order confirmation emailOrder confirmation email
Order confirmation emailSamir Palnitkar
 
Facebook shopping community_app
Facebook shopping community_appFacebook shopping community_app
Facebook shopping community_appSamir Palnitkar
 
Skyjacking A Cisco WLAN - What it means and how to protect against it?
Skyjacking A Cisco WLAN - What it means and how to protect against it?Skyjacking A Cisco WLAN - What it means and how to protect against it?
Skyjacking A Cisco WLAN - What it means and how to protect against it?Samir Palnitkar
 

More from Samir Palnitkar (7)

Palnitkar - JMT, 230 miles (370 km) - Aug 11-30, 2021
Palnitkar - JMT, 230 miles (370 km) - Aug 11-30, 2021Palnitkar - JMT, 230 miles (370 km) - Aug 11-30, 2021
Palnitkar - JMT, 230 miles (370 km) - Aug 11-30, 2021
 
Social login scenarios
Social login scenariosSocial login scenarios
Social login scenarios
 
Order confirmation page
Order confirmation pageOrder confirmation page
Order confirmation page
 
Order confirmation email
Order confirmation emailOrder confirmation email
Order confirmation email
 
Facebook shopping community_app
Facebook shopping community_appFacebook shopping community_app
Facebook shopping community_app
 
Social analytics module
Social analytics moduleSocial analytics module
Social analytics module
 
Skyjacking A Cisco WLAN - What it means and how to protect against it?
Skyjacking A Cisco WLAN - What it means and how to protect against it?Skyjacking A Cisco WLAN - What it means and how to protect against it?
Skyjacking A Cisco WLAN - What it means and how to protect against it?
 

Recently uploaded

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 

Skyjacking A Cisco WLAN - What it means and how to protect against it?

  • 1. Webinar held on 02 Sept, 2009 *Webinar Press Release URL : http://digg.com/d3130SK ! " !
  • 2. In the News Cisco wireless LAN vulnerability could open ‘back door’ Cisco wireless LANs at risk of attack, ‘skyjacking’ Newly discovered vulnerability could threaten Cisco wireless LANs
  • 3. What Cisco says Severity = Mild “No risk of data loss or interception” “Could allow an attacker to cause a denial of service (DoS) condition” It’s not a big deal!
  • 4. Hmm… How severe is the exploit? What exactly is skyjacking? ? ? Do I need to worry about it? ?
  • 5. What you will learn today The risk from skyjacking vulnerability is much bigger than stated How to assess if you are vulnerable Countermeasures for skyjacking and other zero-day attacks
  • 6. Five ways a LAP can discover WLCs Subnet-level broadcast Configured Over-the-air provisioning (OTAP) DNS DHCP
  • 7. Three criteria a LAP uses to select a WLC Step 1 Primary, Secondary, Tertiary Step 2 Master mode Step 3 Maximum excess capacity
  • 9. OTAP exploited for “skyjacking”
  • 10. Skyjacked LAP denies service to wireless users
  • 11.
  • 12. Secure WLAN enterprise access Before SSID Security VLAN Comment Corp WPA2 20 Internal to corporate network AP Physically 30 Internal to corporate network Connected To
  • 13. Authorized LAP skyjacked – DoS Before SSID Security VLAN Comment DoS Corp WPA2 20 Internal to corporate network AP Physically 30 Internal to corporate network Connected To
  • 14. Authorized LAP turned into Open Rogue AP Before Rogue on SSID Security VLAN Comment Network Corp OPEN 30 Internal to corporate network AP Physically 30 Internal to corporate network Connected To
  • 15. Camouflaged Rogue LAP: a backdoor to your enterprise network!
  • 16. Wolf in Sheep Clothing Before Rogue on SSID Security VLAN Comment Network Corp WPA2 30 Internal to corporate network AP Physically 30 Internal to corporate network Connected To
  • 17. Wolf in Sheep Clothing – Scenario 2 Before SSID Security VLAN Comment DoS Corp WPA2 20 Internal to corporate network Guest OPEN 30 Internal to corporate network Rogue on AP Physically 30 Internal to corporate network Network Connected To
  • 18. SpectraGuard® Enterprise WLAN policy set-up Guest WLAN SSID Allowed Subnet (VLAN) for Guest SSID
  • 19. Normal WLAN operation Device list displayed on SpectraGuard Enterprise console Authorized SSIDs are seen in “Green” color and are detected with VLAN identifier to which they connect
  • 20. Skyjacking on guest access 1 Change in the VLAN is detected SSID marked as “misconfigured” 2 (Background changes to amber) Automatic Prevention started 3 ( Shield icon appears )
  • 21. Summary AirTight’s unique wireless- Type of Skyjacking attack Only over-air wired correlation based Open rogue threat detection threat detection Authorized SSID as Open Rogue AP WPA2 rogue Authorized SSID as “Privileged” Rogue AP X (Wolf in Sheep clothing) Open guest Guest access as Open rogue Rogue AP (Wolf in Sheep clothing – X scenario 2)
  • 22. AirTight’s SpectraGuard Enterprise The only WIPS that can provide zero-day protection against the most potent form of skyjacking attack Thanks to patented marker packet technology for accurate wired connectivity detection and unique VLAN Policy Mapping™ architecture
  • 23. Which LAPs can be skyjacked? Type of Cisco LAP Vulnerable? LAPs using auto discovery Yes Configured with “preferred” WLCs ? (primary, secondary, tertiary) Mostly No Configured with locally significant No certificates (LSC)
  • 24. Countermeasures Turn off OTAP on WLC Ineffective! Manually configure LAPs with preferred Primarily HA and load WLCs (primary, secondary, tertiary) balancing feature Manually configure LAPs with LSCs Impractical Block outgoing traffic from UDP ports Not a common 12222 and 12223 on your firewall practice
  • 25. Practical difficulties: Do you know If all LAPs are configured with primary, secondary and tertiary WLC? If all LAPs are indeed connected to configured WLCs? If your outgoing UDP ports on the firewall are blocked? Did you test it today? How many VLANs do you have authorized for wireless access? Are all SSIDs mapped to the correct VLANs? When was the last time your LAPs rebooted? When was the last time your WLC taken down for maintenance? If all your APs are compliant with your security policies? How do you know?
  • 26. One mistake and you could be exposed!
  • 27. Adding second, independent layer of WIPS protection Zero-day attacks Misconfigurations Undesirable connections Zero-day attacks Undesirable Misconfigurations connections Designed for security Designed for WLAN access
  • 28. AirTight’s SpectraGuard product family Complete Wireless Intrusion Prevention Industry’s Only Wireless Security Service Wireless Security for Mobile Users WLAN Coverage & Security Planning
  • 29. About AirTight Networks For more information on wireless security risks, best practices, and solutions, visit: http://www.airtightnetworks.com The Global Leader in Wireless Security and Compliance Visit our blog to read the root cause analysis of “Skyjacking: What Went Wrong?” http://blog.airtightnetworks.com