Hosted by The Mansfield Group, LLC 802. 11 Security for Enterprise Networks www. itvshop. com Wireless LAN Security Workshop Wash DC Honolulu IDS for WLANs Is your WIRED network really protected? Is your WLAN really protected? Brian Mansfield Chief Security Consultant The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by Should you care? The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by The number of frequent WLAN users in North America will grow from 4. 2 million in 2003 to. . . more than 31 million by 2007 Gartner Symposium/ITxpo 2003 The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by Enterprise Market Drivers: WLAN “Switch” technology • Vendor neutral deployment options • Effective network security & mgmt solutions • Range of infrastructure investment options Wi-Fi client ubiquity • Centrino market penetration • 95% of new laptops include Wi-Fi by 2004 Wi-Fi’s “Secret Weapon” - Vo. WLAN • Voice & data through single device • One-number connectivity on campus The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by Worldwide WLAN Hardware Forecast Infonetics Research - www. infonetics. com
Hosted by “…but our company has no plans to deploy a WLAN…” Guess what? You still need a WIDS strategy! The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by Why? Malicious associations Air. Snarf Host. AP ROGUE AP’s Kismet Airjack Knoppix YOUR EMPLOYEES! Soft APs File 2 air Airsnort Netstumbler cqure AP Wallenreiter Accidental associations The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by Risk Points within the Enterprise l Employees install unauthorized APs l Employees carry Wi-Fi enabled clients l Employees share files via Ad-Hoc mode l Employees are vulnerable to attack APs l Employees connect to WAN via home WLAN l Employees connect to WAN via public Hotspots The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by Likely Sources of Attack CSI/FBI 2003 Computer Security Survey
Hosted by Security Stragegy for Companies with NO WLAN Conduct WLAN Security Assessment Draft WLAN Security Policy Monitor Your Airspace Enforce Security Policy, Update & Refine The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by RF BROADCAST OVERFLOW
Hosted by 1. Conduct WLAN Security Assessment • Survey airspace inside your organization What devices are broadcasting in your environment? What protocols/data is being transmitted? Where are they located? Are any connected to your LAN? • Sweep airspace around perimeter What external sources are penetrating environment? Where are they located? What protocols/data is being transmitted? How are they configured? The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by 2. Draft WLAN Security Policy • Extension to Existing IT Security Policy Protect assets that need confidentiality (payroll, HIPPA) Protect assets that need high availability (order, transact) Protect assets that require integrity (financial, medical) • Configuration, Systems Use & IRP Policy Configuration standards - Wi-Fi enabled? XP, WEP, SSID Prohibit unsanctioned APs / ad-hoc networking? Policy for public Hotspot & home WLAN use Incident response procedure (IRP) The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by 3. Monitor Your Airspace - Verify policy adherence • Internal monitoring Unsanctioned APs / rogue AP detection Machine/device configuration violations Use violations - ad hoc networking • Perimeter monitoring External systems broadcasting availability? Network intrusions or attacks The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by 4. Enforce Policy, Update & Refine • Active response: Reset device Reconfigure device Disconnect device • Passive response: SNMP Syslog • Audit trail / forensic database The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by Security Technologies Used CSI/FBI 2003 Computer Security Survey The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by WIDS Product Mix MANAGED INTEGRATED DISTRIBUTED MANUAL The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by MANUAL l Handheld/laptop scanner l “Snapshot” view l Rogue AP & client detection l Performance statistics l Security alarms l RF analysis & site survey l GPS logging The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by DISTRIBUTED User Security Violation Sensor Unauthorized AP Sensor l Radio sensors Sensor l 24 x 7 monitoring Chicago l Policy enforcement Boston l Stateful analysis l Centrally managed l Email & paging alerts Sensor l IPS capabilities (SNMP) Rogue AP Do. S Attack Management Server Sensor HQ - Washington DC The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by INTEGRATED Rogue AP AP l “Wireless-aware” switch l IDS module in AP l Rogue AP location ID AP AP l Dynamic site surveys l Security policy monitoring l Radio resource mgmt l Enhanced IPS L 2/L 3 Switch or Mgmt Server The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by MANAGED Dedicated team of IDS experts Maintain system access & control while outsourcing daily monitoring tasks Customization of services - rogue AP, reporting, custom signature sets, forensics, etc. Escalation procedure management - incident response, notification and mitigation actions Integrate & correlated w/wired IDS or IPS Long-term TCO benefits - Lease vs. buy option The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by WLAN Attack Scenarios Layer 1 - Denial of Service Layer 2 - Rogue AP Layer 3 - IP Hi-jack The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by
Hosted by Airsnort SAME SSID CH 1 & CH 3 The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by Kismet DIFFERENT SUBNETS The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by CRC Do. S ALARM The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by Airo. Peek Rogue AP The Mansfield Group, LLC • http: //www. itvshop. com
Hosted by NEW IP SUBNET
Do you telecommute or connect to your company network from home? 1. Yes 2. No Hosted by
Hosted by Do you use a Wi-Fi network at home? 1. Yes 2. No
Hosted by The Mansfield Group, LLC 802. 11 Security for Enterprise Networks www. itvshop. com Wireless LAN Security Workshop Wash DC Honolulu IDS for WLANs Is your WIRED network really protected? Brian Mansfield Chief Security Consultant The Mansfield Group, LLC • http: //www. itvshop. com
Скачать презентацию Hosted by The Mansfield Group LLC 802 11
5852b2ec1b00a828c2b245dfc558945d.ppt