1 DAIR: Dense Array of Inexpensive Radios Managing Enterprise Wireless Networks Using Desktop Infrastructure Victor Bahl †, Jitendra Padhye †, Lenin Ravnindranath.

Slides:



Advertisements
Similar presentations
Enterprise Wireless LAN (WLAN) Management and Services
Advertisements

1 DAIR: Dense Array of Inexpensive Radios Managing Enterprise Wireless Networks Using Desktop Infrastructure Victor Bahl, Jitendra Padhye, Lenin Ravnindranath,
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Wireless and Switch Security NETS David Mitchell.
How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Security Awareness: Applying Practical Security in Your World
20 – Collision Avoidance, : Wireless and Mobile Networks6-1.
Wi-Fi Structures.
A Location-Based Management System for Enterprise Wireless LANs Ranveer Chandra, Jitendra Padhye, Alec Wolman and Brian Zill Microsoft Research.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
 Any unauthorized device that provides wireless access  Implemented using software, hardware, or a combination of both  It can be intentional or unintentionally.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
67th IETF San Diego IETF BMWG WLAN Switch Benchmarking Jerry Perser, Tom Alexander, Muninder Singh Sambi,
Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Wireless LANs Presented by: Jerome Thompson Mei-Lun Huang Liu-Yin Hu Kai-Wing Sum.
195Eg Ethernet Wired LAN 195Eg. Wireless Ethernet Setting IP Address Using Utility Programs Begin Programming Definition Selection Programming Modes of.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
6: Wireless and Mobile Networks6-1 Elements of a wireless network network infrastructure wireless hosts r laptop, PDA, IP phone r run applications r may.
Windows Internet Connection Sharing Dave Eitelbach Program Manager Networking And Communications Microsoft Corporation.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.
Dartmouth’s Wireless Network May 16, 2005 David W. Bourque.
Computer Networks. Network Connections Ethernet Networks Single wire (or bus) runs to all machines Any computer can send info to another computer Header.
High Performance, Easy to Deploy Wireless. Agenda Foundry Key Differentiators Business Value Product Overview Questions.
Wi-Fi Wireless LANs Dr. Adil Yousif. What is a Wireless LAN  A wireless local area network(LAN) is a flexible data communications system implemented.
The world is going to wireless …
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.
70-411: Administering Windows Server 2012
Enhancing the Security of Corporate Wi-Fi Networks using DAIR PRESENTED BY SRAVANI KAMBAM 1.
Wireless Network Security Dr. John P. Abraham Professor UTPA.
1 Architecture and Techniques for Diagnosing Faults in IEEE Infrastructure Networks Atul Adya, Victor Bahl, Ranveer Chandra, Lili Qiu Microsoft.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Configure a Wireless Router LAN Switching and Wireless – Chapter 7.
The University of Bolton School of Business & Creative Technologies Wireless Networks Introduction 1.
Presented by: Dr. Munam Ali Shah
Wireless standards Unit objective Compare and contrast different wireless standards Install and configure a wireless network Implement appropriate wireless.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.
NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.
BZUPAGES.COM. What is a VPN VPN is an acronym for Virtual Private Network. A VPN provides an encrypted and secure connection "tunnel" path from a user's.
Wireless Hotspots: Current Challenges and Future Directions CNLAB at KAIST Presented by An Dong-hyeok Mobile Networks and Applications 2005.
Wi-Fi Technology. Agenda Introduction Introduction History History Wi-Fi Technologies Wi-Fi Technologies Wi-Fi Network Elements Wi-Fi Network Elements.
Enhancing the Security of Corporate Wi-Fi Networks Using DAIR Paramvir Bahl, Ranveer Chandra, Jitendra Padhye, Lenin Ravindranath, Manpreet Singh, Alec.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Wireless? A wireless LAN or WLAN is a wireless local area network that uses radio waves as its carrier. The last link with the users is wireless, to give.
Solving the Security Risks of WLAN Tuukka Karvonen
WIRELESS COMMUNICATION Husnain Sherazi Lecture 1.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 24 “Wireless Network Security”.
Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.
CO5023 Wireless Networks. Varieties of wireless network Wireless LANs: the main topic for this week. Consists of making a single-hop connection to an.
Wireless Security Presented by Colby Carlisle. Wireless Networking Defined A type of local-area network that uses high-frequency radio waves rather than.
Role Of Network IDS in Network Perimeter Defense.
Cisco Discovery Home and Small Business Networking Chapter 7 – Wireless Networking Jeopardy Review v1.1 Darren Shaver Kubasaki High School – Okinawa,
Resolve today’s IT management dilemma Enable generalist operators to localize user perceptible connectivity problems Raise alerts prioritized by the amount.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Chapter 1-4 Home Networking. Introduction Setting up a home network is probably one of the first networks that the student sets up. This is an exciting.
Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Module Overview Overview of Wireless Networks Configure a Wireless Network.
Wireless Ethernet Programming
Instructor Materials Chapter 6 Building a Home Network
Enhancing the Security of Corporate Wi-Fi Networks Using DAIR
Chapter 4: Wireless LANs
CSE 4905 Network Security Overview
Wireless LAN Security 4.3 Wireless LAN Security.
Presentation transcript:

1 DAIR: Dense Array of Inexpensive Radios Managing Enterprise Wireless Networks Using Desktop Infrastructure Victor Bahl †, Jitendra Padhye †, Lenin Ravnindranath †, Manpreet Singh ‡, Alec Wolman †, Brian Zill † † Microsoft Research ‡ Cornell University

2 Observations Outfitting a desktop PC with wireless is becoming very inexpensive –Wireless USB dongles are cheap –PC motherboards are starting to appear with radios built-in Desktop PC’s with good wired connectivity are ubiquitous in enterprises $6.99!

3 Key Insight Combine to provide a dense deployment of wireless “sensors” We can use this platform to realize the full potential of wireless networks –Enterprise wireless management tools –Enable new services where wireless is a key component

4 The DAIR Platform Wireless management tools –Improve security –Reduce IT ops costs –Increase “quality of service” New applications and services –Location services –Seamless roaming –Alternative data distribution channel

5 Outline Motivation DAIR architecture Management apps (& Rogue networks) Related work

6 Enterprise WLAN Management Corporations spend a lot on WLAN infrastructure –Worldwide enterprise WLAN business expected to grow from $1.1 billion this year to $3.5 billion in 2009 –MS IT dept. – 72% of costs are people Security and reliability are major concerns –Wireless networks are becoming a target for hackers –Reliability: MS IT receives ~500 WLAN helpdesk requests per month No easy way to measure cost of reliability problems

7 Advantages of the DAIR Approach –High density Wireless propagation is highly variable in enterprise environments (many obstructions) Lots of channels to cover: 11 for b/g, 13 for a Improves fidelity of many management tasks Enables accurate location (useful as a diagnosis tool) –Stationary sensing Provides predictable coverage Also helps enable location services Allows meaningful historical analysis –Desktop resources Spare CPU, disk, and memory Good connectivity to wired network Wall power

8 Outline Motivation DAIR architecture Management apps (& Rogue networks) Related work

9 DAIR Architecture

10

11 Outline Motivation DAIR architecture Management apps (& Rogue networks) Related work

12 Wireless Management Apps Performance and Reliability Performance monitoring –Site planning: AP placement, frequency selection –AP Load balancing –Isolating performance problems Helping disconnected clients –RF Holes –Misconfiguration, certificates, etc… Reliability –Recovery from malfunctioning APs –Recovery from poor association policies

13 Wireless Management: Security Apps Detecting DoS attacks: –Spoofing Disassociation –Large NAV values –Jamming Detecting Rogue Wireless Networks

14 Rogue Wireless Networks Detecting rogue APs and rogue ad-hoc networks An uninformed or careless employee who doesn’t understand (or chooses not to think about) the security implications –An employee brings in an AP from home, and attaches it to the corporate network, creating a rogue AP –It is trivial to configure a desktop PC with a wireless interface to create a rogue ad-hoc network

15 Risks Attaching unauthorized AP to a corporate network –May allow unauthorized wireless clients to gain access A wireless client unknowingly connects to unauthorized AP on unauthorized network –May expose corporate information on that network Once rogue network is installed, physical proximity is no longer needed (esp. with directional antennas)…

16 A Simple Solution? Build a database of known: – SSIDs (network names) – BSSIDs (access point MAC addresses) Use DAIR infrastructure to scan – Whenever an unknown entity appears (either SSID or BSSID), raise an alarm This is the level at which most previous work solves this problem

17 False Alarms In many enterprise environments, one can hear other legitimate APs –E.g. shared office buildings Is the unknown wireless network connected to your corporate wired network?

18 Testing for Wired Connectivity Association test –Associate with suspect AP, contact wired node Mac address tests: –First-hop router test Wireless “DEST” = known router on wired network –ARP test Wireless “DEST” = known entity on local subnet DHCP signature test –For wireless routers: Identify device type through DHCP options Packet correlation test –Use timing and packet lengths to see traffic on both wired/wireless Replay test

19 First-Hop Router Test Land MonitorAir Monitor Subnet RouterDatabase Land Monitor discovers MAC addresses of all subnet routers, submits results to the database Client AirMonitor overhears a client communicating with an unknown access point Access Point ?

20 First-Hop Router Test Unencrypted HeaderEncrypted Payload ReceiverTransmitterDestination Access PointClientSubnet Router Frame (with encryption): MAC Addresses:

21 Outline Motivation DAIR architecture Management apps (& Rogue networks) Related work

22 Current Approaches & Related Research Many commercial offerings in this space Leverage existing access points (APs) –AirWave, ManageEngine, … –AP’s primary goal is to provide service to clients, limited time listening on other channels Specialized sensors –Aruba (MS IT choice), AirDefense, AirTight … –Expensive  limited density [Adya et al. Mobicom 04] – use assistance of mobile clients –Difficult to provide predictable coverage –Less proactive due to energy constraints Other wireless monitoring

23 Wrapping Up… –Status Built much of the “plumbing”: AirMonitors, Inferencing Service, Management Console (GUI) Built set of wireless security apps, ongoing evaluation Deployed ~22 AirMonitors on one floor of our building –Next 6 months: Performance & reliability apps Provide location services Larger scale deployment –Longer Term: going beyond management tools Seamless roaming Self-configuring complete replacement for existing wireless infrastructure

24 Backup Slides

25 Doesn’t IPsec/VPN just solve the rogue AP problem? It certainly helps, but… –Doesn’t address the bootstrapping problem –Doesn’t address the AP impersonation scenario –Not all corps use IPsec and/or VPNs to secure wireless –IPsec difficult to deploy in multi-vendor installations –Multiple levels of security

26 Association Test One Air Monitor attempts to associate with suspect AP –If this step succeeds, the Air Monitor makes a TCP connection to a well known entity on CorpNet (e.g. at Microsoft) –Test fails if AP is not “open” Mac Address filtering, WEP, WPA, 802.1x, etc…

27 Details of 1 st Hop Router Test With encryption and/or MAC filtering, the MAC addresses may still tell us something –MAC addresses are not encrypted –AP acts as an Ethernet bridge Suppose we can see an associated client using the suspect AP –If the client is communicating off the local subnet, then the destinaiton MAC on the air = the MAC address of the 1 st Hop router –ARP test handles the case where the wired communication endpoint is on the local subnet

28 Details of DHCP Signature Test Wireless router != Wireless AP –MAC addresses seen on the air will not match those on the wire A router needs to get a wired IP address DHCP requests are easy to observe –Sent to the IP broadcast address DHCP protocol has many options Can create device type signatures: –Typical DHCP request from Windows looks very different from a wireless router –Initial results look good: tested these techniques on 3 major brands of wireless routers: NetGear, D-Link, and ZyWall –At IETF, observed many types of end hosts (Windows, Apple, Linux)