This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Guide to Network Defense and Countermeasures Second Edition
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Intrusion Detection Systems and Practices
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Intrusion Detection MIS ALTER 0A234 Lecture 3.
By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Host Intrusion Prevention Systems & Beyond
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Installing Samba Vicki Insixiengmay Jonathan Krieger.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.
COEN 252 Computer Forensics
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
WIRELESS INTRUSION DETECTION SYTEMS Namratha Vemuri Balasubramanian Kandaswamy.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
COEN 252 Computer Forensics Collecting Network-based Evidence.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Guide to Network Defense and Countermeasures
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Linux Networking and Security
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Chapter 2 Securing Network Server and User Workstations.
Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
Cryptography and Network Security Sixth Edition by William Stallings.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Role Of Network IDS in Network Perimeter Defense.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.
Kevin Watson and Ammar Ammar IT Asset Visibility.
Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
WIRELESS INTRUSION DETECTION SYTEMS
Working at a Small-to-Medium Business or ISP – Chapter 8
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Firewalls.
TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.
Intrusion Detection system
Network hardening Chapter 14.
Presentation transcript:

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. NETW 05A: APPLIED WIRELESS SECURITY Additional Security Solutions By Mohammad Shanehsaz Spring 2005

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Objectives Describe the following types of intrusion detection methods and tools for WLANs: 24x7 centralized, skilled monitoring Honey pots Professional security audits Accurate, timely reporting Distributed agent software Security spot checking Available wireless LAN intrusion detection software and hardware tools

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Intrusion Detection Systems An IDS inspects inbound and outbound traffic and attempts to identify suspicious activity An IDS is different from firewall in that a firewall monitors for intrusion to stop them while an IDS signals an alarm Wireless IDS can search a WLAN for vulnerabilities, detect and respond to intruders, and help manage it Wireless IDS use sensors that monitor all wireless traffic and report them to the central server The sensors provide 24x7 real-time monitoring

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Features of IDS Network-based vs. host-based monitoring Passive vs. Reactive monitoring Misuse detection Anomaly detection Vulnerability detection Performance monitoring

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Network-based vs. Host-based Network-based IDS listen on the wireless segment through wireless sensors To monitor all wireless traffic, sensors must be placed at, in, or near every access point Host-based IDS, examine data on each host computer, require that IDS agents be running on each node in order to report suspicious activity back to the central server They are able to monitor attacks against an individual computer more thoroughly

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Passive vs. Reactive IDS in passive mode - if any attacks occur, will raise various alarms to inform the appropriate security personnel to take action IDS in reactive mode, IDS react to attacks and eliminate them by shutting down services, restrict access to services or disconnecting them altogether Active vs. reactive settings configured through policy settings in the IDS

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Misuse Detection To detect misuse, the IDS must monitor business rules for WLAN, some of which are: Limit access points to only operate on specific channels Require all wireless LAN traffic to be encrypted Prohibit SSIDs from being broadcast unmasked Limit traffic on the wireless LAN to occur only within certain hours of the day

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Anomaly Detection Monitors network segments to compare their current status to the normal baseline Baselines should be established for typical network load, protocols, and packet size Appropriate personnel should be alerted to any anomalies

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Vulnerability Detection Vulnerabilities to wireless LANs can be detected in real-time Locating any ad-hoc networks that are actively transmitting traffic, is one way to keep peer-to-peer attacks from occurring Locating an open rogue access point that has hi-jacked an authorized user is another one

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Performance Monitoring Since WLAN has limited bandwidth we need to determine who is using the bandwidth and when We don’t need performance monitoring if IDS has built-in rate Limiter functionality, but we can use it to report on usage statistics, for future growth

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Monitoring and Maintenance Monitoring must be active 24x7 to be effective The security policy must define contact personnel, and what steps to take to respond properly The reports that are generated from an IDS must be treated with utmost importance Periodic upgrades and ongoing training for the IDS specialist ensure continued success in effective use of the IDS Periodic spot-checking of the IDS should be considered mandatory

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Thin Clients Based on a hybrid of the mainframe-terminal and the client-server model Clients run an OS of their own, but all processing is done at the server Come in the form of thin client software running on a notebook computer or an actual machine Low Total Cost of Ownership Peer-to-peer attacks yield no useful info They pass screenshots, mouse clicks, and screen updates which use minimal bandwidth Client authentication is required SSH2 can be used to authenticate and tunnel encrypted traffic

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Authenticated DHCP Services IETF RFC 3118 adds authentication to DHCP DHCP clients and server are able to authenticate one another IP connectivity is given only to authorized clients Prevents rogue and malicious DHCP clients and servers from unauthorized access, DoS, theft of services or hijacking attacks To implement it, administrators must deploy RFC 3118 compatible software on all PCs, and upgrade existing DHCP servers to support DHCP authentication Users must also devise an authentication key scheme and distribute it to all authenticated DHCP clients

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Traffic Baselining Analyze the performance of a selected network segment over a period of time (represent network normalcy) Provides reference points for current use, and for required modifications when adding new services or users (baselining for performance) Identify performance issues and provide info for security (min, max, or average values from baseline data can be used for setting alarm thresholds in IDS)