A Policy-based Approach to Wireless LAN Security Management George Lapiotis, Byungsuk Kim, Subir Das, Farooq Anjum Speaker: George Lapiotis

Slides:

Advertisements

Similar presentations

Presented by Nikita Shah 5th IT ( )

Advertisements

Chapter 1: Introduction to Scaling Networks

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

System and Network Security Practices COEN 351 E-Commerce Security.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

Network Security Testing Techniques Presented By:- Sachin Vador.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.

Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.

A Survey on Interfaces to Network Security

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

Configuring Routing and Remote Access(RRAS) and Wireless Networking

Hosted by IDS for WLANs The Mansfield Group, LLC Security for Enterprise Networks Wireless LAN Security Workshop Wash DC Honolulu.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

GrIDS -- A Graph Based Intrusion Detection System For Large Networks Paper by S. Staniford-Chen et. al.

WIRELESS INTRUSION DETECTION SYTEMS Namratha Vemuri Balasubramanian Kandaswamy.

Mobile Agents For Personalized Information Retrieval: When are they a good idea? Telcordia Technologies Proprietary – Internal Use Only This document contains.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Presented by: Chaitanya K. Sambhara Paper by: Karl Mayer and Wolfgang Fritsche IABG mbH Germany - Instructor : Dr Yingshu Li.

GROUP INVOLVED IN A WEB APPLICATION DEVELOPMENT Continue.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

Presented by: Dr. Munam Ali Shah

Module 11: Remote Access Fundamentals

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.

An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Management for IP-based Applications Mike Fisher BTexaCT Research

Network Security Technologies CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.

Note1 (Admi1) Overview of administering security.

1.1 1 Purpose of firewall : –Control access to or from a protected network; –Implements network access policy connections pass through firewall and are.

Wireless Intrusion Prevention System

Lecture 24 Wireless Network Security

INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.

SDN Management Layer DESIGN REQUIREMENTS AND FUTURE DIRECTION NO OF SLIDES : 26 1.

Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.

Security fundamentals Topic 10 Securing the network perimeter.

Chapter 6: Securing the Local Area Network

Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.

Improving Network Management with Software Defined Network Group 5 : z Xuling Wu z Haipeng Jiang z Sichen Wu z Aparna Sanil.

COS 420 Day 15. Agenda Finish Individualized Project Presentations on Thrusday Have Grading sheets to me by Friday Group Project Discussion Goals & Timelines.

Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.

1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.

PART1: NETWORK COMPONENTS AND TRANSMISSION MEDIUM Wired and Wireless network management 1.

E-commerce Architecture Ayşe Başar Bener. Client Server Architecture E-commerce is based on client/ server architecture –Client processes requesting service.

Model: DS-600 5x 10/100/1000Mbps Ethernet Port Centralized WLAN management and Access Point Discovery Manages up to 50 APs with access setting control.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.

Port Based Network Access Control

Security fundamentals

© 2002, Cisco Systems, Inc. All rights reserved.

Martin Casado, Nate Foster, and Arjun Guha CACM, October 2014

Securing the Network Perimeter with ISA 2004

Chapter 2: Basic Switching Concepts and Configuration

IS4680 Security Auditing for Compliance

Goals Introduce the Windows Server 2003 family of operating systems

Enabling Innovation Inside the Network

Chapter 3 VLANs Chaffee County Academy

Virtual LAN VLAN Trunking Protocol and Inter-VLAN Routing

Intrusion Detection system

Presentation transcript:

A Policy-based Approach to Wireless LAN Security Management George Lapiotis, Byungsuk Kim, Subir Das, Farooq Anjum Speaker: George Lapiotis Athens/Greece, September 9, 2005 Telcordia Technologies Proprietary – Internal Use Only This document contains proprietary information that shall be distributed, routed or made available only within Telcordia Technologies, except with written permission of Telcordia Technologies.

Policy-based WLAN Security Management - 2 Telcordia Technologies Proprietary - Internal use only. See proprietary restrictions on title page. WLAN Security Management Challenges  WLANs are an open shared medium  Broken security mechanisms  Large installed base of a/b/g  Known WPA vulnerabilities  Untested new standards  TKIP  IEEE i  Mitigating the Insider Threat  E.g., Unauthorized access to internal network resources/services  Traditional security based on manual static configuration –In Policy-based tools administrators define high-level policies –Need to account for user mobility, rapidly changing configuration environment  Unified and consistent wireline-wireless security policy enforcement

Policy-based WLAN Security Management - 3 Telcordia Technologies Proprietary - Internal use only. See proprietary restrictions on title page. The Smart Firewalls Technology  Objective: “hands-free” management of multi-layer network security policies in dynamic network environments – Given a network, verify that the desired access is enabled and every undesired access is verifiably denied  Simple language to express network security policies –in terms of access to applications and network services  Policy engine populated by declarative models of network elements and services –validates policies –computes new configuration settings for network elements when policies are violated  Network monitoring and instrumentation layer –reports network changes as they occur –implements configuration changes computed by the policy engine

Policy-based WLAN Security Management - 4 Telcordia Technologies Proprietary - Internal use only. See proprietary restrictions on title page. Policy Engine State Diagram

Policy-based WLAN Security Management - 5 Telcordia Technologies Proprietary - Internal use only. See proprietary restrictions on title page. Policy Engine Topology High-level Policy Configuration Summarized Configuration Access Points Control & Monitor Wireless Domain Policy Manager Low-level Policy Configuration Detailed Configuration Wireless Domain Policy Manager Wireless Domain Policy Managers Policy-based Security Architecture

Policy-based WLAN Security Management - 6 Telcordia Technologies Proprietary - Internal use only. See proprietary restrictions on title page. Wireless Policy Domain A Multi-Domain Wireless Access Policy Control Policy Engine Wireless Policy Domain B Wireless Policy Domain Controller Access Point Wireless Policy Domain Controller Local Monitor Mobile Host Wireless Subnet AP and Host Info Access Point Access Router Local Monitor Mobile Host Wireless Subnet … WLAN Security Architecture

Policy-based WLAN Security Management - 7 Telcordia Technologies Proprietary - Internal use only. See proprietary restrictions on title page. Wireless Domain Policy Manager  Introduced to scale up the system for mobility and rapid configuration changes –Centralized depository might become a bottleneck in a volatile network  Operates as a Global Policy Adaptor –Forwards abstracted snapshots of wireless network host connectivity status to the policy engine  Access point connectivity abstracted –Translates and pushes low-level vendor-specific AP configurations when engine uncovers inconsistencies  Operates as a WLAN Policy Controller with some local autonomy –Security Monitoring configuration to Local Monitors –May independently block hosts if necessary

Policy-based WLAN Security Management - 8 Telcordia Technologies Proprietary - Internal use only. See proprietary restrictions on title page. Database Module Host Table AP Interface Definition Table AP Table Execution Module PE Messaging System Interface XML Message Handler Policy Execution Multi-type Access Points Policy Engine Local MonitorWireless Domain Policy Manager Adaptation Module SNMP Adaptor HTTP Adaptor CLI Adaptor Wireless Traffic Sniffer & Attack Detection Module Global Monitor Module Local Monitor Correlator Local Monitor Configuration Alarming and Logging Attack 1 Attack n Attack 2 … Wireless Domain Policy Manager and Local Monitor

Policy-based WLAN Security Management - 9 Telcordia Technologies Proprietary - Internal use only. See proprietary restrictions on title page. Supported Attack Detection Modules  Denial of Service  Rogue Access Point  Main in The Middle  Mobility-based Attacks  Obviously not all-inclusive!

Policy-based WLAN Security Management - 10 Telcordia Technologies Proprietary - Internal use only. See proprietary restrictions on title page. Wireline Network WLAN Access Network WLAN Access Network Mobile Host attack Report 3 Action 4 Recover 5 Detect 2 1 Policy Engine 2 WDPMan AP Local policy & Configuration LM Global policy Topology Update Local policy & Configuration LM Deployment Scenario

Policy-based WLAN Security Management - 11 Telcordia Technologies Proprietary - Internal use only. See proprietary restrictions on title page. Future Work  Current implementation supports Wi-Fi networks, extend to WiMAX  Extend to more types of intrusion attacks using additional detection modules  Extend to cover more access point types, vendors, and interfaces  Use the engine for intruder redirection to honeypots  Further scalability limits with multiple policy engines – tradeoff is global security policy consistency