COPYRIGHT © 2003 – 2004 AIRDEFENSE, INC. ALL RIGHTS RESERVED. Put Wireless LAN Security Monitoring in your budget. - Gartner AirDefense Market Leader in.

Slides:



Advertisements
Similar presentations
Wi-Fi Technology.
Advertisements

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective.
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
December 17, Wi-Fi Mark Faggiano GBA 576. December 17, Purpose of the Project  I hear Wi-Fi, WLAN, everywhere  What does it all.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Virtual Private Network
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Securing a Wireless Network
Wireless Networking 102.
Agenda 10:00 11:00 Securing wireless networks 11:00 11:15 Break 11:15 12:00Patch Management in the Enterprise 12:00 1:00 Lunch 1:00 2:30 Network Isolation.
Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,
Hosted by IDS for WLANs The Mansfield Group, LLC Security for Enterprise Networks Wireless LAN Security Workshop Wash DC Honolulu.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
ECE 578: COMPUTER NETWORK AND SECURITY
Computer Network Forensics Lecture 5 - Wireless © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering, WVU.
1 Chapter Overview Wireless Technologies Wireless Security.
Computer Networks. Network Connections Ethernet Networks Single wire (or bus) runs to all machines Any computer can send info to another computer Header.
WIRELESS LAN SECURITY Using
Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 50 – The Wireless LAN.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.
Wireless Networking.
WIRELESS INTRUSION DETECTION SYTEMS Namratha Vemuri Balasubramanian Kandaswamy.
Version Slide 1 Format of lecture Introduction to Wireless Wireless standards Applications Hardware devices Performance issues Security issues.
AirDefense’s Role in Wireless Security
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
1. Outlines Introduction What is Wi-Fi ? Wi-Fi Standards Hotspots Wi-Fi Network Elements How a Wi-Fi Network Works Advantages and Limitations of Wi-Fi.
Computers Are Your Future Eleventh Edition
Wireless Network Security Presented by: Prabhakaran Theertharaman.
SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
WLAN Auditing Tools and Techniques Todd Kendall, Principal Security Consultant September 2007.
Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.
ENABLING companies to DEPLOY wireless data solutions Application Development Tools Remote Deployment and Management LAN/WAN environments.
.  TJX used WEP security  They lost 45 million customer records  They settled the lawsuits for $40.9 million.
The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Lecture 24 Wireless Network Security
Lesson 10: Configuring Network Settings MOAC : Configuring Windows 8.1.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Simon Prasad. Introduction  Smartphone and other mobile devices have made it so easy to stay connected.  But this easy availability may lead to personal.
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Wireless Security.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Chapter-7 Basic Wireless Concepts and Configuration.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Wireless LANs.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0— © 2003, Cisco Systems, Inc. All rights reserved.
Module Overview Overview of Wireless Networks Configure a Wireless Network.
Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.
Understand Wireless Security LESSON Security Fundamentals.
Wireless Local Area Network (WLAN)
Chapter 4: Wireless LANs
Wireless LAN Security 4.3 Wireless LAN Security.
LM 5. Wireless Network Security
Presentation transcript:

COPYRIGHT © 2003 – 2004 AIRDEFENSE, INC. ALL RIGHTS RESERVED. Put Wireless LAN Security Monitoring in your budget. - Gartner AirDefense Market Leader in Enabling Risk-Free Wireless LANs Wireless Monitoring & Intrusion Protection

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. About AirDefense BENEFITS  Enterprise Class Distributed Monitoring Architecture – 13 Patents Pending  Wireless Intrusion Detection & Protection System with Multiple Correlation & Analysis Engines  Control over air space  Auto-Discovery of all Wireless Assets & Threats  Risk-free Wireless Deployments WHAT WE DOOUR TECHNOLOGY  250+ Govt. Organizations & Blue-Chip Enterprises (over 80% market share)  Proven solution monitoring:  Tens of thousands of Access Points  Hundreds of thousands of Devices CUSTOMER PROFILE  Proactive 24 x 7 Monitoring of Enterprise Airwaves against Rogues, Intruders, Hackers, Interference & Network Abuses  Ensures Regulatory & Enterprise Policy Compliances  Any Vendor, Any Protocol, Any Device

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Wireless LAN Risks: Hype or Reality

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Understanding SSID & Mac Address  SSID helps stations find APs around - 32 byte unique Service Set Identifier of AP - Like your company name on the building - Sent when AP receives a probe request from station - Can be seen in the air SSID  To deliver traffic, a unique Identifier must be available for each device – Media Access Control (MAC) Address  Example: a-03-3c-0f VendorOUI Cisco (Aironet) Agere (Orinoco) D Nokia00-e0-03 Linksys a OUI (Organizationally Unique Identifier, first 3 characters) Serial Number  Mac Address

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Understanding Probes & Beacons PROBES:  A Station sends a probe request frame when it needs to obtain information from another station. (For example, a station would send a probe request to determine which access points are within range.) Probes User Station BEACONS:  The Access point (AP ) periodically sends a beacon frame to announce its presence and relay information, such as timestamp, SSID, and other parameters regarding the access point Access Point Beacons

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Problem: Uncontrolled Medium Wireless LAN is extension of Wired LAN e ak tr 2 The walls of the facility provide a solid line of defense against intruders Intruder RF in the AIR is uncontrolled… The walls of the facility provide a solid line of defense against intruders  With a single access point, walls come tumbling down  Ethernet now extends to the parking lot! AIR Vs. Intruder Server Computer

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Self-Deploying & Transient Networks PARKING LOT CONFERENCE ROOM SHIPPING DEPARTMENT CORPORATE NETWORK NEIGHBOR A PROBES 1. User Station transmits PROBES 2. APs transmit BEACONS 3. User Station connects to BEST ACCESS POINT We Don’t Control who we connect to… Accidental Association Malicious Association Ad Hoc Network

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Increasing Sophistication of Attacks Low High Attack Sophistication Knowledge Required by Intruder WiGLE.net New & Easier Attack Tools Easier to Attack: Growing Security Threats New & Easier Tools make it very easy to attack the Network

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. WLAN – Real World Risks 46 % Of Companies Have Been Victim Of A Security Breach - PwC 61% Of Attacks Were From Hackers 10% Of Attacks Were From Former Employees/ Contractors 83% Of Companies Reported A Monetary Loss Downtime Averaged 1.33 Days Per Employee WLAN Facts: Top 8 Companies That Found A Rogue Device 90% Found Devices With No Security 80% $416K Average Cost Of Loss Per Attack (UK Study) $220K 2M/Qtr Current Growth of Stations 10M/Qtr Average Cost Of Loss Per Attack (US Study) Current Growth Of Access Points 60% 100 Companies That Have Deployed Insecure WLANs Avg. # Of Serious Attacks Per Month

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Best Practices for Wireless LAN Security & Monitoring

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Layered Approach to Security Control the Uncontrollable

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Gartner on WLAN Security Risks 3 “Must Have” WLAN Security  Install a centrally managed personal firewall on laptops that are issued wireless NICs  Perform wireless intrusion detection to discover rogue access points, foreign devices connecting to corporate access points and accidental associations to nearby access points in use by other companies.  Turn on some form of encryption and authentication for supported WLAN use. July 31, “Must Have” WLAN Security  Install a centrally managed personal firewall on laptops that are issued wireless NICs  Perform wireless intrusion detection to discover rogue access points, foreign devices connecting to corporate access points and accidental associations to nearby access points in use by other companies.  Turn on some form of encryption and authentication for supported WLAN use. July 31, 2003

© Giga Research, a wholly owned subsidiary of Forrester Research, Inc. Best Practices for Securing Enterprise WLANs Monitor & Root out Rogue WLANs WLAN POLICY Use Strong Encryption & Authentication & Authorization Monitor your Air Space Securing the perimeter  No WLANs  Sanctioned WLANs Lock down APs & User Stations

Copyright © 2003 AirDefense Proprietary and Confidential Security Standards WEP: Wired Equivalent Privacy, a wireless encryption standard, which was developed by the IEEE standards committee X: IEEE standard for authentication, which supports multiple authentication modes, including RADIUS, that can be used in wireline and wireless networks. LEAP: Lightweight Extensible Authentication Protocol, which includes Cisco’s proprietary extensions to 802.1X to share authentication data between Cisco WLAN access points and the Cisco Secure Access Control Server. TKIP: Temporal Key Integrity Protocol, which was developed by the IEEE i standards committee as a WEP improvement. TTLS: Tunneled Transport Layered Security, which was developed by Funk Software and Certicom, now is an IETF draft standard. It is an alternative to PEAP. PEAP: Protected Extensible Authentication Protocol, which was developed by Microsoft, Cisco and RSA Security, is now an IETF draft standard. PEAP encrypts authentication data using a tunneling method. WPA: Wi-Fi Protected Access – Announced by the Wi-Fi Alliance to describe 802.1x with TKIP and MIC. Subset of the i security standard expected in Q4 ‘ i: IEEE standards group effort that involves fixing perceived weaknesses in 802.1X and WEP and creating an umbrella standard for security

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. AirDefense Solution: Plug & Protect  Real-time Monitoring  Multiple Correlation, Analysis & IDS Engines  Integrated Reporting Appliance Smart Sensor Access Points Wireless Stations Hacker Rogue Access Point Remote Secure Browser Smart Sensor  Smart Sensors scanning a/ b/ g  Selective processing, Encryption Centralized Management Designed for Enterprise Scalability & Central Management

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. AirDefense Functionality SECURITY  Rogue Detection, Analysis & Mitigation  Intrusion Detection System  Forensics & Incident Analysis Active Defenses 1 COMPLIANCE  Enterprise Policy Monitoring  Regulatory Compliance  DoD, HIPAA  SOX, FDIC, OCC, GLBA 2 TROUBLESHOOTING  Remote Troubleshooting  Availability  Network Usage & Performance 3

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. 26-STORY 20-STORY 11-STORY 3-STORY ATRIUM AIRPORT BRAZIL ARGENTINA IRELAND MEXICO JAPAN HONG KONG SOUTH AFRICA HEADQUARTERS, USA Centralized Management Console Experience: Fortune 500 Consumer Goods Company

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Customer Examples

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Southeastern Hospital - Background Main driver: point of care access to computerized care systems at the bedside: Recent contract with McKesson and Siemens for wireless application deployment Reduction of errors on medications and physician’s orders Reduction of paper in all medical records Improved care through access to information at point of diagnosis and treatment

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Southeastern Hospital - Background Physical plant was saturated with cable, no room for real growth Additional devices required additional equipment in the closets More personnel resources are needed to support additional lines Wireless access will speed up application deployment

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Southeastern Hospital Issues With Rogue Devices Columbus is saturated with wireless deployments Local universities are moving to wireless deployments in their classrooms All students are now outfitted with laptops with WLAN cards for their class work Two largest competitors share a property line with our campus Fear of unauthorized access and HIPAA’s implications Physicians and clinicians bringing in unauthorized devices with wireless access cards

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Southeastern Hospital Rogue Incident #1 – Physician Unauthorized Access / Use New PACS systems was installed in radiology Contract radiologist connected WLAN device to viewing station Was pulling images from other hospitals via this device to be manipulated by 3-D imaging system HIPAA concerns, ownership of data, patient confidentiality Solution – identified rogue device via air defense, removed device, contract was terminated

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Southeastern Hospital Rogue Incident #2 – Vendor With Hacking Software An unauthorized vendor came to sell to a department in hospital Obtained temporary access to WLAN from ED nodes for and internet Intercepted s from materials management staff in a matter of minutes Solution – identified rogue vendor as they passed through the hospital with AirDefense, had security meet them, and escorted off the building

Large Systems Integrator Case #1: Probing Vendor Vendor probing for WLAN within LM Aero controlled facility AirDefense alerted security officer via . Security resolved situation before any damage was done.

Large Systems Integrator Case #2: Mis-configured WLAN Approved WLAN with several configurations out of security specs AirDefense alerted security and network services Security and network services resolved problem.

Large Systems Integrator Case #3: Default Configuration Approved AP accidentally reset to factory defaults during construction in area of building AirDefense alerted security of default configuration. Security was able to shut AP down before any intrusions.

 As an educational institution we provide an open flexible network infrastructure  Many departments with network admins who want to install their own APs  Must maintain a standard configuration policy regardless of hardware used  Employees bringing in access points  Difficulty identifying WLAN performance issues A Large University Issues:

 Communication to staff, faculty, students – difficult at best  Create policy not allowing WLAN outside of ITS control – not good, people usually want and push for what they can’t have  War-walking – time consuming, doesn’t monitor 24-7 A Large University How Can the Issues Be Addressed?

 24/7 monitoring of airwaves  Security policy enforcement  A better view of our WLAN than EVER before  Time savings  Network management  Security  Product was purchased by security for security purposes – but the reality is that it’s been as much a WLAN performance & management tool A Large University 24 X 7 Monitoring with AirDefense

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Summary 1.WLAN risks made severe by:  We don’t control the medium  We don’t control who we connect to 2.Every organization has WLANs (rogue or sanctioned)  Check out wigle.net 3.Detect and root out rogue WLANs  NetStumbler > Kismet > 24 X 7 monitoring  Lock down laptops (Probing, ad hoc) 4.WLAN policy is critical (Deployed or prohibited)  Define > Monitor > Enforce 5.When deploying, use layered security approach  Encryption > Authentication > 24 X 7 RF Monitoring 6.Have Control over your Air Space  Assets > Relationships > Behavior

Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Contact us  Web:  HQs Phone:  More info or demo?  Darren Hamrick   Phone:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.