Скачать презентацию Hosted by The Mansfield Group LLC 802 11 Скачать презентацию Hosted by The Mansfield Group LLC 802 11

5852b2ec1b00a828c2b245dfc558945d.ppt

  • Количество слайдов: 32

Hosted by The Mansfield Group, LLC 802. 11 Security for Enterprise Networks www. itvshop. Hosted by The Mansfield Group, LLC 802. 11 Security for Enterprise Networks www. itvshop. com Wireless LAN Security Workshop Wash DC Honolulu IDS for WLANs Is your WIRED network really protected? Is your WLAN really protected? Brian Mansfield Chief Security Consultant The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by Should you care? The Mansfield Group, LLC • http: //www. itvshop. com Hosted by Should you care? The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by The number of frequent WLAN users in North America will grow from Hosted by The number of frequent WLAN users in North America will grow from 4. 2 million in 2003 to. . . more than 31 million by 2007 Gartner Symposium/ITxpo 2003 The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by Enterprise Market Drivers: WLAN “Switch” technology • Vendor neutral deployment options • Hosted by Enterprise Market Drivers: WLAN “Switch” technology • Vendor neutral deployment options • Effective network security & mgmt solutions • Range of infrastructure investment options Wi-Fi client ubiquity • Centrino market penetration • 95% of new laptops include Wi-Fi by 2004 Wi-Fi’s “Secret Weapon” - Vo. WLAN • Voice & data through single device • One-number connectivity on campus The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by Worldwide WLAN Hardware Forecast Infonetics Research - www. infonetics. com Hosted by Worldwide WLAN Hardware Forecast Infonetics Research - www. infonetics. com

Hosted by “…but our company has no plans to deploy a WLAN…” Guess what? Hosted by “…but our company has no plans to deploy a WLAN…” Guess what? You still need a WIDS strategy! The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by Why? Malicious associations Air. Snarf Host. AP ROGUE AP’s Kismet Airjack Knoppix Hosted by Why? Malicious associations Air. Snarf Host. AP ROGUE AP’s Kismet Airjack Knoppix YOUR EMPLOYEES! Soft APs File 2 air Airsnort Netstumbler cqure AP Wallenreiter Accidental associations The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by Risk Points within the Enterprise l Employees install unauthorized APs l Employees Hosted by Risk Points within the Enterprise l Employees install unauthorized APs l Employees carry Wi-Fi enabled clients l Employees share files via Ad-Hoc mode l Employees are vulnerable to attack APs l Employees connect to WAN via home WLAN l Employees connect to WAN via public Hotspots The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by Likely Sources of Attack CSI/FBI 2003 Computer Security Survey Hosted by Likely Sources of Attack CSI/FBI 2003 Computer Security Survey

Hosted by Security Stragegy for Companies with NO WLAN Conduct WLAN Security Assessment Draft Hosted by Security Stragegy for Companies with NO WLAN Conduct WLAN Security Assessment Draft WLAN Security Policy Monitor Your Airspace Enforce Security Policy, Update & Refine The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by RF BROADCAST OVERFLOW Hosted by RF BROADCAST OVERFLOW

Hosted by 1. Conduct WLAN Security Assessment • Survey airspace inside your organization What Hosted by 1. Conduct WLAN Security Assessment • Survey airspace inside your organization What devices are broadcasting in your environment? What protocols/data is being transmitted? Where are they located? Are any connected to your LAN? • Sweep airspace around perimeter What external sources are penetrating environment? Where are they located? What protocols/data is being transmitted? How are they configured? The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by 2. Draft WLAN Security Policy • Extension to Existing IT Security Policy Hosted by 2. Draft WLAN Security Policy • Extension to Existing IT Security Policy Protect assets that need confidentiality (payroll, HIPPA) Protect assets that need high availability (order, transact) Protect assets that require integrity (financial, medical) • Configuration, Systems Use & IRP Policy Configuration standards - Wi-Fi enabled? XP, WEP, SSID Prohibit unsanctioned APs / ad-hoc networking? Policy for public Hotspot & home WLAN use Incident response procedure (IRP) The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by 3. Monitor Your Airspace - Verify policy adherence • Internal monitoring Unsanctioned Hosted by 3. Monitor Your Airspace - Verify policy adherence • Internal monitoring Unsanctioned APs / rogue AP detection Machine/device configuration violations Use violations - ad hoc networking • Perimeter monitoring External systems broadcasting availability? Network intrusions or attacks The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by 4. Enforce Policy, Update & Refine • Active response: Reset device Reconfigure Hosted by 4. Enforce Policy, Update & Refine • Active response: Reset device Reconfigure device Disconnect device • Passive response: SNMP Syslog • Audit trail / forensic database The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by Security Technologies Used CSI/FBI 2003 Computer Security Survey The Mansfield Group, LLC Hosted by Security Technologies Used CSI/FBI 2003 Computer Security Survey The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by WIDS Product Mix MANAGED INTEGRATED DISTRIBUTED MANUAL The Mansfield Group, LLC • Hosted by WIDS Product Mix MANAGED INTEGRATED DISTRIBUTED MANUAL The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by MANUAL l Handheld/laptop scanner l “Snapshot” view l Rogue AP & client Hosted by MANUAL l Handheld/laptop scanner l “Snapshot” view l Rogue AP & client detection l Performance statistics l Security alarms l RF analysis & site survey l GPS logging The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by DISTRIBUTED User Security Violation Sensor Unauthorized AP Sensor l Radio sensors Sensor Hosted by DISTRIBUTED User Security Violation Sensor Unauthorized AP Sensor l Radio sensors Sensor l 24 x 7 monitoring Chicago l Policy enforcement Boston l Stateful analysis l Centrally managed l Email & paging alerts Sensor l IPS capabilities (SNMP) Rogue AP Do. S Attack Management Server Sensor HQ - Washington DC The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by INTEGRATED Rogue AP AP l “Wireless-aware” switch l IDS module in AP Hosted by INTEGRATED Rogue AP AP l “Wireless-aware” switch l IDS module in AP l Rogue AP location ID AP AP l Dynamic site surveys l Security policy monitoring l Radio resource mgmt l Enhanced IPS L 2/L 3 Switch or Mgmt Server The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by MANAGED Dedicated team of IDS experts Maintain system access & control while Hosted by MANAGED Dedicated team of IDS experts Maintain system access & control while outsourcing daily monitoring tasks Customization of services - rogue AP, reporting, custom signature sets, forensics, etc. Escalation procedure management - incident response, notification and mitigation actions Integrate & correlated w/wired IDS or IPS Long-term TCO benefits - Lease vs. buy option The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by WLAN Attack Scenarios Layer 1 - Denial of Service Layer 2 - Hosted by WLAN Attack Scenarios Layer 1 - Denial of Service Layer 2 - Rogue AP Layer 3 - IP Hi-jack The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by Hosted by

Hosted by Airsnort SAME SSID CH 1 & CH 3 The Mansfield Group, LLC Hosted by Airsnort SAME SSID CH 1 & CH 3 The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by Kismet DIFFERENT SUBNETS The Mansfield Group, LLC • http: //www. itvshop. com Hosted by Kismet DIFFERENT SUBNETS The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by CRC Do. S ALARM The Mansfield Group, LLC • http: //www. itvshop. Hosted by CRC Do. S ALARM The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by The Mansfield Group, LLC • http: //www. itvshop. com Hosted by The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by Airo. Peek Rogue AP The Mansfield Group, LLC • http: //www. itvshop. Hosted by Airo. Peek Rogue AP The Mansfield Group, LLC • http: //www. itvshop. com

Hosted by NEW IP SUBNET Hosted by NEW IP SUBNET

Do you telecommute or connect to your company network from home? 1. Yes 2. Do you telecommute or connect to your company network from home? 1. Yes 2. No Hosted by

Hosted by Do you use a Wi-Fi network at home? 1. Yes 2. No Hosted by Do you use a Wi-Fi network at home? 1. Yes 2. No

Hosted by The Mansfield Group, LLC 802. 11 Security for Enterprise Networks www. itvshop. Hosted by The Mansfield Group, LLC 802. 11 Security for Enterprise Networks www. itvshop. com Wireless LAN Security Workshop Wash DC Honolulu IDS for WLANs Is your WIRED network really protected? Brian Mansfield Chief Security Consultant The Mansfield Group, LLC • http: //www. itvshop. com