CWNA Guide to Wireless LANs, Third Edition Chapter 11: Managing a Wireless LAN.

Slides:



Advertisements
Similar presentations
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Chapter 19: Network Management Business Data Communications, 5e.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 14 Security Policies and Training.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Lecture 1: Overview modified from slides of Lawrie Brown.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Security Controls – What Works
Chapter 19: Network Management Business Data Communications, 4e.
Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals
Security+ Guide to Network Security Fundamentals, Fourth Edition
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 6 Enterprise Security.
Chapter 15 Chapter 15: Network Monitoring and Tuning.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
CWNA Guide to Wireless LANs, Second Edition
Computer Security: Principles and Practice
Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.
Guide to TCP/IP, Third Edition Chapter 11: Monitoring and Managing IP Networks.
Computer Networks IGCSE ICT Section 4.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.
SEC835 Database and Web application security Information Security Architecture.
Storage Security and Management: Security Framework
CSCI 1101 Intro to Computers 6. Local Area Networks.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
What does “secure” mean? Protecting Valuables
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 19 PCs on the Internet.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Oppenheimer.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Computer and Information Science Ch1.3 Computer Networking Ch1.3 Computer Networking Chapter 1.
Fundamentals of Information Systems, Third Edition1 Systems Design Answers the question “How will the information system do what it must do to solve a.
1 Network Management: SNMP The roots of education are bitter, but the fruit is sweet. - Aristotle.
Information Systems Security
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Business Data Communications, Fourth Edition Chapter 11: Network Management.
.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Topic 5: Basic Security.
IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.
Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.
Chapter 13: LAN Maintenance. Documentation Document your LAN so that you have a record of equipment location and configuration. Documentation should include.
NETWORK INFRASTRUCTURE SECURITY Domain 5. Computer Security “in short, the average computer is about as secure as a wet paper bag, and it is one of the.
Chap1: Is there a Security Problem in Computing?.
Policies and Procedures Security+ Guide to Network Security Fundamentals Chapter 11.
1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.
August 27, 2003 Evaluation of WiNc Manager A Wireless Network Management Software from Cirond Technologies Inc. by Kassim Olawale Radio Science Laboratory.
Computer Security By Duncan Hall.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.
Anytime, Anywhere Access Benefits Functionality Work Order Administration Dispatch Work Order Work Order Details New Work Order Additional Functionality.
Getting Ready for the NOCTI test April 30, Study checklist #1 Analyze Programming Problems and Flowchart Solutions Study Checklist.
Information Systems Security
Chapter 6: Securing the Cloud
I have many checklists: how do I get started with cyber security?
Presentation transcript:

CWNA Guide to Wireless LANs, Third Edition Chapter 11: Managing a Wireless LAN

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition2 Objectives Describe security defenses for WLANs List the tools used for monitoring a wireless network Explain how to maintain a WLAN

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition3 Procedural Security Defenses Security defenses go beyond technical solutions Involve implementing correct security procedures Procedural security defenses: –Managing risk –Creating defenses against attacks

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition4 Managing Risk Determine nature of risks to organization’s assets –First step in creating security policy Asset: Any item that has value –Cannot easily be replaced without a significant investment in expense, time, worker skill, and/or resources –Can form part of the organization’s corporate identity Threat: type of action that has the potential to cause harm

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition5 Managing Risk Threat agent: person or element that has the power to carry out a threat –In information security, could be a person attempting to break into a secure network Vulnerability: flaw or weakness that allows a threat agent to bypass security Exploiting: taking advantage of a vulnerability Risk: the likelihood that a threat agent will exploit a vulnerability –Most risks should be diminished if possible

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition6 Figure 11-1 Information security components analogy

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition7 Managing Risk Social engineering attacks: Relies on tricking or deceiving someone to access a system –Impersonation: create a fictitious character and then play out the role of that person on a victim –Phishing: sending an or displaying a Web announcement that falsely claims to be from a legitimate sender in order to trick the user into surrendering private information

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition8 Figure 11-2 Phishing Message

© 2013 Cengage Learning Defenses Against Attacks Defenses against attacks include: –Using security policies –Conducting effective security training for users –Implementing physical security procedures CWNA Guide to Wireless LANs,Third Edition9

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition10 Security Policy Security policy: Document that states how an organization plans to protect the company’s information technology assets Can serve several functions: –Describe an overall intention and direction –Details specific risks and explains how to address them –Help to install security awareness in the organization’s culture –Help ensure that employee behavior is directed and monitored to ensure compliance with security requirements

© 2013 Cengage Learning Security Policy Security policy cycle: –First phase involves a vulnerability assessment (an evaluation of exposure of assets to attackers, forces of nature, or any other harmful entity) –Five key elements: Asset identification Threat evaluation Vulnerability appraisal Risk assessment Risk mitigation CWNA Guide to Wireless LANs,Third Edition11

© 2013 Cengage Learning Security Policy Security policy cycle (continued): –Second phase: use the information from the vulnerability assessment study to create the policy –Final Phase: review the policy for compliance When new assets that need protection are identified or new risks need to be addressed, the cycle begins over again CWNA Guide to Wireless LANs,Third Edition12

© 2013 Cengage Learning Security Policies Types of security policies: –Acceptable use policy (AUP): defines the actions users may perform while accessing systems and networking equipment –Password policy: addresses how passwords are created and managed –Wireless policy: specifies the conditions that wireless devices must satisfy in order to connect to the organization’s network CWNA Guide to Wireless LANs,Third Edition13

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition14 Figure 11-3 Security policy cycle

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition15 Figure 11-4 Weak password information

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition16 Figure 11-5 Strong password information

© 2013 Cengage Learning Security Policies Effective security policy must balance trust and control Too much trust may lead to security problems Too little trust may make it difficult to find and keep good employees Control must also be balanced –If policies are too restrictive or too hard to comply with, employees will either ignore them or find ways to circumvent the controls CWNA Guide to Wireless LANs,Third Edition17

© 2013 Cengage Learning Awareness and Training Opportunities for security education and training: –When a new employee is hired –After a computer attack has occurred –When an employee is promoted or given new responsibilities –During an annual departmental retreat –When new user software is installed –When user hardware is upgraded CWNA Guide to Wireless LANs,Third Edition18

© 2013 Cengage Learning Physical Security Door locks: consider using a deadbolt lock for rooms that require enhanced security Video surveillance: closed circuit television (CCTV) is frequently used for surveillance in areas that require security monitoring Fencing: securing an area by erecting a barrier Cable locks: inserted into the security slot of a portable device and the cable connected to the lock that is secured to a desk or chair CWNA Guide to Wireless LANs,Third Edition19

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition20 Figure 11-6 Residential keyed entry lock Figure 11-7 Deadbolt lock

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition21 Figure 11-8 Cable lock

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition22 Monitoring the Wireless Network Network monitoring provides valuable data regarding current state of a network –Generate network baseline –Detect emerging problems Monitoring a wireless network can be performed with two sets of tools: –Utilities designed specifically for WLANs –Standard networking monitoring tools

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition23 WLAN Monitoring Tools Two classifications of tools: –Operate on wireless device itself –Function on AP Mobile Device Utilities: –Most OSs provide basic utilities for monitoring the WLAN –Some vendors provide more detailed utilities

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition24 Figure 11-9 Windows 7 Wireless Network Connection Status

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition25 WLAN Monitoring Tools Access Point Utilities –All APs have WLAN reporting utilities –Many enterprise-level APs provide utilities that offer three types of information: Event logs Statistics on wireless transmissions Information regarding connection to wired network

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition26 Figure Transmit and receive statistics displayed in AirConnect

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition27 Figure AP wireless statistics on Cisco AP

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition28 Standard Network Monitoring Tools Drawbacks to relying solely on info from AP and wireless devices: –Data collection can be labor- and time-intensive –Timeliness : data sometimes can only be used after a problem occurs –Retention of data can be difficult “Standard” network monitoring tools: –Simple Network Management Protocol (SNMP) –Remote Monitoring (RMON)

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition29 Simple Network Management Protocol (SNMP) Protocol allowing computers and network equipment to gather data about network performance –Part of TCP/IP protocol suite Software agent loaded onto each network device that will be managed using SNMP –Monitors network traffic and stores info in management information base (MIB) –SNMP management station: Computer with the SNMP management software

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition30 Figure Simple Network Management Protocol (SNMP)

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition31 Simple Network Management Protocol SNMP management station communicates with software agents on network devices –Collects data stored in MIBs –Combines and produces statistics about network Whenever network exceeds predefined limit, triggers an SNMP trap –Sent to management station

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition32 Figure SNMP trap on Cisco AP

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition33 Remote Monitoring (RMON) SNMP-based tool used to monitor networks using dedicated hardware devices Allows remote network node to gather network data at almost any point on a LAN or WAN –Uses SNMP and incorporates special database for remote monitoring WLAN AP can be monitored using RMON –Gathers data regarding wireless and wired interfaces

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition34 Maintaining the Wireless Network Wireless networks are not static –Must continually be modified, adjusted, and tweaked Modifications often made in response to data gathered during network monitoring Two of most common functions are to: –Upgrade AP firmware –Perform RF site tuning

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition35 Upgrade Firmware Firmware: Software embedded into hardware to control the device –Electronic “heart” of a hardware device –Resides on EEPROM Nonvolatile storage chip Most APs use a browser-based management system Keep APs current with latest changes by downloading the changes to the APs

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition36 Upgrade Firmware General steps to update AP firmware: –Download firmware from vendor’s Web site –Select “Upgrade Firmware” or similar option from AP –Launching the update Enterprise-level APs often have enhanced firmware update capabilities –e.g., may be able to update System firmware, Web Page firmware, and radio firmware separately

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition37 Figure Firmware upgrade with separate file download

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition38 Figure Separate firmware upgrades

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition39 Upgrade Firmware With many enterprise-level APs, once a single AP has been upgraded to the latest firmware, can distribute to all other APs on the WLAN –Receiving AP must be able to hear IP multicast issued by Distribution AP –Receiving AP must be set to allow access through a Web browser –If Receiving AP has specific security capabilities enabled, must contain in its approved user lists a user with the same user name, password, and capabilities as user logged into Distribution AP

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition40 RF Site Tuning RF site tuning: Adjustments to a WLAN performed as part of routine maintenance –Adjust radio power levels on all access points Firmware upgrades may increase RF coverage areas –Adjust channel settings –Validate coverage area –Modify integrity and throughput –Document changes

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition41 Summary One of the first steps in implementing procedural security defenses is to manage risk One of the greatest risk that organizations face today are social engineering which involve manipulating human nature in order to persuade the victim to provide information or take actions A security policy is a document that states how an organization plans to protect the company’s information technology assets

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition42 Summary There are several types of security policies: an acceptable use policy, a password policy, and a wireless policy are all examples Another defense is to provide training that encourages users to be aware of security issues and procedures Securing the devices so that unauthorized users are prohibited from gaining physical access to the equipment is an important security procedure

© 2013 Cengage Learning CWNA Guide to Wireless LANs,Third Edition43 Summary Monitoring a wireless network can be performed with two different tools: –Specific WLAN utilities for the access point or wireless device –Standard networking tools such as Simple Network Management Protocol (SNMP) and Remote Monitoring (RMON) One function of maintaining a wireless LAN is to upgrade the firmware on the access point Once an AP’s firmware has been upgraded several settings may need to be adjusted as part of routine maintenance (RF site tuning)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.