1 Wireless Network Monitoring Plan B Project Sandeep P Karanth Advisor: Prof. Anand Tripathi.

Slides:



Advertisements
Similar presentations
Wireless LAN Security Understanding and Preventing Network Attacks.
Advertisements

IEEE Overview Mustafa Ergen UC Berkeley
“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.
WIRELESS NETWORKS - A.HARIKA Y5CSO28. INTRODUCTION It refer to a telecommunication networks whose interconnections between nodes is implemented without.
© Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS591 – Wireless & Network Security.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
1 MD5 Cracking One way hash. Used in online passwords and file verification.
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
20 – Collision Avoidance, : Wireless and Mobile Networks6-1.
802.11b Vulnerabilities, Ad-Hoc Mode, RF Jamming and Receiver Design Ritesh H Shukla Graduate Student ECE Dept Under the Guidance of Prof. William R Michalson.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Technologies Networking for Home and Small Businesses – Chapter 7.
Handoff Delay for b Wireless LANs Masters Project defense Anshul Jain Committee: Dr. Henning Schulzrinne, Columbia University Dr. Zongming Fei, University.
Networks Olga Agnew Bryant Likes Daewon Seo.
IEEE Wireless LAN Standard
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Troubleshooting methods. Module contents  Avaya Wireless tools  Avaya Wireless Client Manager  Avaya Wireless AP Manager  Hardware indicators  Non.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,
Wi-Fi Wireless LANs Dr. Adil Yousif. What is a Wireless LAN  A wireless local area network(LAN) is a flexible data communications system implemented.
Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 50 – The Wireless LAN.
Overview of Wireless LANs Use wireless transmission medium Issues of high prices, low data rates, occupational safety concerns, & licensing requirements.
Wireless and Security CSCI 5857: Encoding and Encryption.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.
ECE 424 Embedded Systems Design Networking Connectivity Chapter 12 Ning Weng.
Wireless Networking.
Version Slide 1 Format of lecture Introduction to Wireless Wireless standards Applications Hardware devices Performance issues Security issues.
Wireless Network Security. What is a Wireless Network Wireless networks serve as the transport mechanism between devices and among devices and the traditional.
Wireless Network Security Dr. John P. Abraham Professor UTPA.
CWNA Guide to Wireless LANs, Second Edition
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
Implementing Wireless and WLAN Chapter 19 powered by DJ 1.
MAANAS GODUGUNUR SHASHANK PARAB SAMPADA KARANDIKAR.
The University of Bolton School of Business & Creative Technologies Wireless Networks Introduction 1.
Presented by: Dr. Munam Ali Shah
Wireless Encryption: WEP and cracking it. Eric Shea.
WEP Protocol Weaknesses and Vulnerabilities
Wireless Network Security Presented by: Prabhakaran Theertharaman.
Protecting Privacy in WLAN with DoS Resistance using Client Puzzle Team 7 Yanisa Akkarawichai Rohan Shah CSC 774 – Advanced Network Security Prof. Peng.
An Empirical Analysis of the IEEE MAC Layer Handoff Process Arunesh Mishra Minho Shin William Arbaugh University of Maryland,College Park,MD.
Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.
The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.
Lecture 24 Wireless Network Security
Solving the Security Risks of WLAN Tuukka Karvonen
WLAN. Networks: Wireless LANs2 Distribute Coordination Function (DCF) Distributed access protocol Contention-Based Uses CSMA/ CA – Uses both physical.
August 27, 2003 Evaluation of WiNc Manager A Wireless Network Management Software from Cirond Technologies Inc. by Kassim Olawale Radio Science Laboratory.
CSE 5/7349 – April 5 th 2006 Wireless Networking.
Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.
EEC-484/584 Computer Networks Lecture 14 Wenbing Zhao
CO5023 Wireless Networks. Varieties of wireless network Wireless LANs: the main topic for this week. Consists of making a single-hop connection to an.
Wireless Network Security CSIS 5857: Encoding and Encryption.
802.11: Introduction Reference: “IEEE : moving closer to practical wireless LANs”; Stallings, W.; IT Professional, Volume: 3 Issue: 3, May- June.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
COMP2322 Lab 1 Introduction to Wireless LAN Weichao Li Apr. 8, 2016.
By Billy Ripple.  Security requirements  Authentication  Integrity  Privacy  Security concerns  Security techniques  WEP  WPA/WPA2  Conclusion.
Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.
Wireless Network Monitoring
Wireless Local Area Network (WLAN)
Wireless Networking Chapter 23.
Wireless LAN Security 4.3 Wireless LAN Security.
EEC-484/584 Computer Networks
Basic processes in IEEE networks Configuration parameters
WLAN Security Antti Miettinen.
EEC-484/584 Computer Networks
Antti Miettinen (modified by JJ)
Presentation transcript:

1 Wireless Network Monitoring Plan B Project Sandeep P Karanth Advisor: Prof. Anand Tripathi

2 Outline Introduction Overview of Konark IEEE Wireless LANs Potential Threats to a Wireless LAN Modes of Operation Detection Logic Conclusions and Future work

3 Introduction Network Monitoring issues: Large Networks Heterogeneous components Distributed monitoring Centralized event-viewing and control Quick Response to alerts Response against attackers/intruders Response against misconfigurations/failures Robust and Secure system

4 Konark: Overview Mobile-Agent based network monitoring Object capable of migration first-class objects – altered remotely Programming framework – Ajanta Script based detection techniques tedious to install, debug and modify coarse-grained protection

5 Konark: Overview (Contd..) Goals: Dynamically Extensible Addition of new monitoring components Modification of existing monitoring policies Integration of tools Active Monitoring Modification of policies in response to events Online Monitoring Event monitoring in real-time

6 Konark: Overview (Contd..) Goals (contd..): Resilience by diverse monitoring sources Secure System itself has to be secure Robust Automated recovery of failed system components Scalable Acceptable System Performance

7 Konark: Overview (Contd..) Publish-Subscribe network monitoring system Monitoring agents equipped with detectors Publisher-subscriber relationship is dynamic Event model for information flow Automated agent and detector recovery Uses self-monitoring schemes Authenticated inter-agent communication (RMI) Challenge-response protocol

8 Konark: Overview (Contd..)

9 IEEE Wireless LAN IEEE operates at PHY and MAC Operating modes: Infrastructure Ad hoc Carrier Sense Multiple Access (CSMA) Collision Avoidance (CA) Binary Exponential Back-off algorithm

10 IEEE Wireless LAN (contd..) Terminology: Access Point (AP) Service Set Identifier (SSID) Basic Service Set (BSS) Independent BSS (IBSS) – Adhoc network Extended Service Set (ESS) – APs having same SSID Distribution System (DS) – connects APs Wired Equivalent Privacy (WEP)

11 IEEE Wireless LAN (contd..) Generic frame format

12 IEEE Wireless LAN (contd..) Generic Management frame

13 IEEE Wireless LAN (contd..) Association Process

14 IEEE Wireless LAN (contd..) Frame types: Beacon Frame – AP advertisement Probe Request / Response Reassociation Request / Response Authentication: Open Authentication (MAC ACLs used) Shared Key authentication

15 Potential Threats and Management Issues MAC Address Spoofing: Attacker impersonates a legitimate client Attacker fakes as a legitimate AP (Fake AP) Attacker sends spoofed deauthenticate/disassociate frames Denial-Of-Service Attacks: Authenticate/Associate message floods on AP RTS frame floods

16 Potential Threats and Management issues (contd..) Network Misconfigurations / Failures AP failure Unauthorized or Rogue APs May not conform to security policies Policy Conformance Acceptable signal strengths Acceptable data rate Correct SSIDs Attack Tools: macchanger, FakeAP, LibRadiate

17 Design Goals Monitoring Objectives Attack Detection and response Unauthorized use detection and response Component failure detection Service Provisioning Objectives: User tracking service – Pervasive applications

18 Modes of Monitoring System Operation: Mode 1: Notebooks/PCs executing a monitoring daemon Statically placed Strategically placed to get entire network coverage Mode 2: A PDA/handheld running a monitoring daemon

19 Modes of Monitoring System Operation(Contd…) Mode 2: (contd..) Campus walk taken by wireless security auditor Mode 3: Access Points log information to a syslog file Syslog file analyzed for event generation

20 Modes of Monitoring System Operation(Contd…)

21 Detection Logic and Response Sequence number Analysis: Each frame has a 12-bit sequence number Put in by the firmware Range of sequence numbers: Sequence numbers of 2 stations are not likely to be the same Fake and legitimate station will have out-of- order sequence numbers

22 Detection Logic and Response (contd..) Sequence number analysis (contd..): Packet capturing software and dump analyzer used to analyze Dump analyzer slower than capturing software (packets captured are dropped) Only 1 in 10 beacon frames analyzed to account for slow analysis Threshold of 20 chosen for difference in seq. no. for the same source

23 Detection Logic and Response (contd..) Sequence number analysis (contd..): Detection Capabilities: Faking client detection Fake AP detection Forced disassociation/deauthentication Fails if unauthorized user connects in a disjoint time frame Likely time policy Inform users when they connect

24 Detection Logic and Response (contd..) Sequence number analysis (contd..): Fails if unauthorized user connects to another BSS in an ESS Konark monitoring agents perform distributed correlations to detect this Correlation of events among AP logs helps us detect this

25 Detection Logic and Response (contd..) Packet counting and analysis Packets sent to an AP are recorded Many packets in a small adjustable interval indicate a DOS attack AP logs also examined to detect such attacks

26 Detection Logic and Response (contd..) Misconfiguration/Failure detection Missing beacons imply AP failure Beacons may be disabled in an AP (policy) Ping every AP with a probe request Extraneous beacons/ frames with unknown BSSID implies Rogue APs Network baseline fed to the daemon at startup Repeated associations, DHCP denials or unknown frame transmittals imply brute force attacks or client misconfiguration

27 Detection Logic and Response (contd..)

28 Experimental Setup Experiments conducted on the EECS building wireless LAN (802.11b) Cisco Access Points (Aironet 340/350 series) Notebook PCs running Linux used to conduct experiments Cisco 340/350 wireless cards used for wireless connectivity

29 Experimental Setup (contd..) Packet capturing software used Kismet (Development version 2.8.1) Dump analyzer – Ethereal KismetEthereal Monitoring Daemon Named pipePipe Capture packetsDecode packetsAnalyze decoded packets

30 Experimental Setup About 90-95% of the frames observed are IEEE management frames Beacon frames form 90% of the management frames Beacon interval is seconds

31 Experimental Setup Mon May 26 15:31: Deauthentication SrcAddr:00:40:96:47:99:13 DestAddr:00:40:96:33:4c:8c BSSID:00:40:96:47:99:13 Mon May 26 15:31: Authentication SrcAddr:00:40:96:33:4c:8c DestAddr:00:40:96:47:e6:ec BSSID:00:40:96:47:e6:ec Mon May 26 15:31: Sequence number mismatch: SrcAddr:00:40:96:41:d4:01 Details:Unauthorized Client suspected Mon May 26 15:31: Reassociation Request SrcAddr:00:40:96:33:4c:8c DestAddr:00:40:96:47:e6:ec BSSID:00:40:96:47:e6:ec Mon May 26 15:31: Sequence number mismatch: SrcAddr: 00:40:96:41:d4:01 Details:Unauthorized Client suspected

32 Conclusions A MAC layer monitoring tool is required A proof-of-concept monitoring tool is implemented Such tools can be easily integrated with existing monitoring systems (Konark)

33 Future Directions Cost efficient ways of monitoring MAC layer need to be determined Efficient methodologies for building intrusion detection systems for thin clients are required Ajanta agents need to be customized to run on handhelds and wearable computers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.