1 / 43

Best Practices in WLAN Security

Best Practices in WLAN Security. presented by: Wayne Armour, CISSP CTO, BITHGROUP Technologies. BITHGROUP Who We Are. Founded in 1992 Headquarters in Columbia, MD – Offices in: Baltimore, MD Philadelphia, PA Huntsville, AL Atlanta, GA MBE Certification Maryland Georgia (pending)

mildredg
Télécharger la présentation

Best Practices in WLAN Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Best Practices in WLAN Security presented by:Wayne Armour, CISSP CTO, BITHGROUP Technologies

  2. BITHGROUP Who We Are • Founded in 1992 • Headquarters in Columbia, MD – Offices in: • Baltimore, MD • Philadelphia, PA • Huntsville, AL • Atlanta, GA • MBE Certification • Maryland • Georgia (pending) • Pennsylvania (pending) • PANYNJ • National Minority Supplier Development Council (NMSDC) • MDOT Certification (SDB)

  3. Executive Management • Robert L. Wallace(President and CEO) • 27 years experience in management, engineering, systems development, & application development • DuPont, Procter & Gamble, IBM, ECS Technologies • B.S. Mechanical Engineering & Applied Mechanics, University of Pennsylvania, Towne School of Engineering • M.B.A. Amos Tuck School of Business at Dartmouth College • Doctorate of Humane Letters, Sojourner-Douglass College • Author of 5 Best Selling Books

  4. Executive Management • Wayne W. Armour, CISSP (Chief Technology Officer) • 26 Years experience, computer engineering, software development, information security, wireless engineering, and wireless security • IBM, AT&T Bell Labs Research, OFO Technologies, Inc. • B.S. Electrical Engineering (Computer Science Minor) University of Pennsylvania, Moore School of Electrical Engineering

  5. Executive Management • Jerome Sanders(Chief Financial Officer) • 27 years experience, engineering, consulting, manufacturing, finance, investment banking • DuPont, Cresap & McCormick, Carrier, SDGG Holding Company, The Broadview Group, Inc. • B.S. Mechanical Engineering, University of Akron • M.B.A. Wharton School of Business, University of Pennsylvania

  6. Executive Management • Carolyn W. Green(Chief Administration Officer) • 26 years experience, engineering, research & development, operations management, high performance team development, human resources management • DuPont, General Motors, Procter & Gamble • B.S. Mechanical/Biomedical Engineering, University of Delaware

  7. BITHGROUP Technologies • Core Services include: • Management Consulting • Information Security • Network Engineering & Security • Wireless Engineering & Security • Secure Wireless Immersion Methodology (S.W.I.M.) • Compliance • CityWise • Systems Design & Development • Information Technology Consulting • Software Development

  8. InfoSec Technology Partners

  9. CoB MOIT Defense Information Systems Agency National Nuclear Security Administration U.S. Department of Agriculture NAVAIR The Pentagon Customers Pace University University of Maryland SIAC State of MD – MVA State of MD – MTA DoE (Oak Ridge)

  10. Background • IBM/IBM Research • Prodigy • SNA 3rd level support • Bell Labs/BL Research • GSM • MM Research (VMR) • Video Technology (Hobby) • Too Late for Goya – F. Torres (Guggenheim) • Repository of Absent Flesh – F. Torres (List) • X10/PIr => “A Lot of Wires!!”

  11. Secure Wireless Architecture Design • WPA2 • Perimeter Protection • Wireless Backhaul • WIDS/IPS • Asset Management • SOX • STM

  12. Secure Wireless Immersion Methodology S.W.I.M. • Secure Wireless Arch. Design/Implementation • Wireless Intrusion Detection/Protection • Wireless Mesh Networks • Wireless Perimeter Protection • Wireless Asset Management (RFID) • Federated Wireless Security Policy (FedWiSP) • Secure Wireless VoIP (VoFi) • Wireless Security Training

  13. Educational WLAN Requirements • Ubiquitous Access • Students • Faculty • Guests and Visitors • Mobility

  14. Educational WLAN Requirements • Campus Security • Students • Faculty • Visitors

  15. Educational WLAN Requirements • Location-based Services • Collaboration • Voice, Video, Data • IM with Location Component • VoFi • Access Policies • Access to real-time Dept. Portal info while in class • “Instant” augmentation to Campus-WLAN • Events

  16. Educational WLAN Requirements • Remote Access • Campus WLAN that travels with you • One profile for traveling executives and remote workers • On-site registration during school visit (Admissions Office)

  17. Educational WLAN Requirements • Converged Mobile Media • Voice, video, data while mobile • Campus police responding to incident • WLAN/VoFi access while on University Transportation

  18. Security as an Enabling Technology • Granular Security Policies • Mapping of Internal Resources • Separate Networks Logically • Faculty, Student, Guest Policies • Visitors (http/pop3/dns) • Faculty/Students get access wrt internal network mapping • Multiple Auth/Az Schemes • 802.1X (EAP) • Captive Portal

  19. Central Security Services (Wired/Wireless) Anti-virus WLAN Switch Remediation Content filtering IDS WLAN and WiredDeployment

  20. Mesh - Security & Surveillance • Instant Mesh Network • Portable Wireless Infrastructure • Extends Network Reach • PoE Security Cameras

  21. Wireless Mesh Networks • “Instant” Wireless Networks • Access to back-end databases • Self Configuring • Self Healing • AES Encryption between nodes • “First Responder Mobility”

  22. Security as an Enabling Technology • 802.1X Extensible Authentication Protocol (EAP) • Protocol • Addition of Location to Auth Scheme

  23. EAP Conversation • Phase 0: Discovery • Phase 1: Authentication • Phase 1a: EAP Authentication • Phase 1b: AAA-Key Transport • Phase 2: Secure Association Establishment • Unicast Secure Association • Multicast Secure Association

  24. EAP Phase 0: Discovery

  25. EAP Phase 1: Authentication

  26. EAP Phase 2: Secure Association (Unicast)

  27. Location-based Security (Auth/Az) • Location-based security • Proximity to resource • Dorm camera • Closest health-care professional to respond • Security classification of data • While “outside” higher level of encryption is necessary

  28. Location-based Security (Asset Mgmt.)

  29. WLAN Security Protocol-based Attacks

  30. WLAN Security – Protocol-based Attacks • Before 802.11i • MAC-layer Disassociation Frames did not need to be authenticated and associated • MAC Spoofing and MITM attacks were easy • AirJack • MonkeyJack • …

  31. WLAN Security (802.11i State Machine)

  32. 802.11i Frame Classes (cont.) • Class 1 Frames (Unauthenticated/Unassociated): • Control Frames (RTS/CTS/ACK/CF-ACK/CF-END) • Mgmt Frames (Probe Req/Resp; Beacon; Authentication; Deauthentication; Ad-hoc Data; Announcement Traffic Indication Message (ATIM) ) • Class 2 Frames (Authenticated/Unassociated): • Mgmt Frames (Association Req/Resp within RSN; Reassociation Req/Resp; Disassociation) Note: Association/Reassociation req/resp messages must be authenticated and integrity protected using key material derived during 802.1x authentication. • Class 3 Frames (Authenticated/Associated): • Data Frames (“To DS” or “From DS” FC bits set to “TRUE”; WEP bit set) • Management Frames (Deauthentication; implies Disassociation as well, changing the STA’s state from 3 to 1) • Control Frames (PS-Poll)

  33. WLAN Protocol-based Attacks • Clear Channel Assessment (CCA) Attacks • Assoc. Prof. Mark Looi (Queensland University of Australia) • Exploits the CSMA/CA CCA function at the physical layer • Causes all WLAN nodes within range (clients and APs) to defer transmission of data for the duration of the attack • Channel seen as “busy”

  34. WLAN Protocol-based Attacks (cont.) • Announcement Traffic Indicator Mode (ATIM) • Class 1 (Unauthenticated/Unassociated) 802.11 Management Frame • Sends “Busy” message to cause other devices on network to wait for media to become available

  35. WLAN Protocol-based Attacks WLAN Dos Detection

  36. WLAN Protocol-based Attacks • WLAN DoS Detection • Thresholds on Protocol-based attacks • Filters for known probes (Netstumbler, Kismet, etc.) • Correlation across enterprise to ensure sophisticated attacks are detected • MAC spoofing across subnets

  37. WLAN Protocol-based Attacks Detection without Mitigation is half the battle

  38. Wireless Intrusion Detection/Protection • DoS Attack Detection/Mitigation • Mgmt Frame Floods • RF Jamming • Auth/De-auth Floods • Probe Req. Floods • Fake AP Floods • EAPOL Floods • Rogue AP Containment • Misconfigured AP Reporting AM

  39. Wired DoS Detection/Mitigation Security Threat Management • Mitigation of attacks to wired network • Core Appliance (Processes <= 20K Events/sec) • Firewalls, IDS, Routers, Switches, etc • Network Discovery with real-time “Hot Spots” • Data Reduction (e.g. 2.3MM syslog messages to 17 Actionable Events) • Optimal choke point and rule/ACL to mitigate attacks

  40. WLAN Protocol-based Attacks DoS Mitigation

  41. Services Secure WiFi Architecture Design Secure WiFi Implementation Managed WIDS/IPS WiFi Asset Management WiFi Security Training Benefits Mission-critical WiFi Infrastructure Ubiquitous WiFi Access Centralized WiFi Management CAPEX/OPEX savings Significant ROI S.W.I.M. – WLAN Security as an Enabling Technology

  42. Best Practices in WLAN Security Questions?

  43. More Information? http://wifi.bithgroup.com

More Related