Enhancing the Security of Corporate Wi-Fi Networks using DAIR PRESENTED BY SRAVANI KAMBAM 1.

Slides:



Advertisements
Similar presentations
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective.
Advertisements

Enterprise Wireless LAN (WLAN) Management and Services
1 DAIR: Dense Array of Inexpensive Radios Managing Enterprise Wireless Networks Using Desktop Infrastructure Victor Bahl, Jitendra Padhye, Lenin Ravnindranath,
GRS: The Green, Reliability, and Security of Emerging Machine to Machine Communications Rongxing Lu, Xu Li, Xiaohui Liang, Xuemin (Sherman) Shen, and Xiaodong.
CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.
The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.
Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
1 DAIR: Dense Array of Inexpensive Radios Managing Enterprise Wireless Networks Using Desktop Infrastructure Victor Bahl †, Jitendra Padhye †, Lenin Ravnindranath.
1 Security and Privacy in Sensor Networks: Research Challenges Radha Poovendran University of Washington
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
Wireless Network Security
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.
Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.
Hosted by IDS for WLANs The Mansfield Group, LLC Security for Enterprise Networks Wireless LAN Security Workshop Wash DC Honolulu.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION.
WiFiProfiler: Cooperative Diagnosis in Wireless LANs Ranveer Chandra, Venkat Padmanabhan, Ming Zhang Microsoft Research.
Implementing Network Access Protection
1 Architecture and Techniques for Diagnosing Faults in IEEE Infrastructure Networks Atul Adya, Victor Bahl, Ranveer Chandra, Lili Qiu Microsoft.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
 Introduction  Components of Wi-Fi and its working  IEEE Architecture  Advantages and Limitations.
Presented by: Dr. Munam Ali Shah
EAACK—A Secure Intrusion-Detection System for MANETs
MAHARANA PRATAP COLLEGE OF TECHNOLOGY, GWALIOR
KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.
Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.
Wireless Hotspots: Current Challenges and Future Directions CNLAB at KAIST Presented by An Dong-hyeok Mobile Networks and Applications 2005.
1. Outlines Introduction What is Wi-Fi ? Wi-Fi Standards Hotspots Wi-Fi Network Elements How a Wi-Fi Network Works Advantages and Limitations of Wi-Fi.
Wireless Network Security Presented by: Prabhakaran Theertharaman.
Wi-Fi Technology. Agenda Introduction Introduction History History Wi-Fi Technologies Wi-Fi Technologies Wi-Fi Network Elements Wi-Fi Network Elements.
Enhancing the Security of Corporate Wi-Fi Networks Using DAIR Paramvir Bahl, Ranveer Chandra, Jitendra Padhye, Lenin Ravindranath, Manpreet Singh, Alec.
Wireless Intrusion Prevention System
Secure In-Network Aggregation for Wireless Sensor Networks
Lecture 24 Wireless Network Security
Network Components David Blakeley LTEC HUB A common connection point for devices in a network. Hubs are commonly used to connect segments of a LAN.
Security Vulnerabilities in A Virtual Environment
Cryptography and Network Security Sixth Edition by William Stallings.
Security Issues in Distributed Sensor Networks Yi Sun Department of Computer Science and Electrical Engineering University of Maryland, Baltimore County.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 24 “Wireless Network Security”.
Muhammad Mahmudul Islam Ronald Pose Carlo Kopp School of Computer Science & Software Engineering Monash University Australia.
Wi-Fi Technology PRESENTED BY:- PRIYA AGRAWAL.
Resolve today’s IT management dilemma Enable generalist operators to localize user perceptible connectivity problems Raise alerts prioritized by the amount.
Risk-Aware Mitigation for MANET Routing Attacks Submitted by Sk. Khajavali.
IS3220 Information Technology Infrastructure Security
Wireless security. Submitted To: Er. S.K. Soni [Dy. Head,CSE] Submitted By: Gurjeet Barar CSE Branch IV Year(VII sem) A-2 Batch JODHPUR INSTITUTE OF ENGINEERING.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Some Great Open Source Intrusion Detection Systems (IDSs)
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Presented by Edith Ngai MPhil Term 3 Presentation
Enhancing the Security of Corporate Wi-Fi Networks Using DAIR
Intrusion Detection system
Presentation transcript:

Enhancing the Security of Corporate Wi-Fi Networks using DAIR PRESENTED BY SRAVANI KAMBAM 1

Outline:  Introduction  Attacks on Wi-Fi Networks  DAIR Architecture  Detecting Attacks  Experimental Results  Channel Assignment  Limitations  Related Work  Future Work  Conclusion 2

Introduction  DAIR-Dense array of Inexpensive Radios  Framework for monitoring enterprise wireless networks  DAIR framework to detect  Rogue wireless devices  Denial of Service attacks  Prior proposals:  Combination of access points, mobile clients and dedicated sensor nodes  Dense deployment of sensors is necessary for effective monitoring  2 Observations- Plenty of desktop computers with wired connectivity and availability of inexpensive USB-based wireless adapters 3

Attacks on Wi-Fi Networks  Eavesdropping  Intrusion  Denial of Service(DoS)  Phishing 4

DAIR Architecture  Air Monitors  The Land Monitors  The Inference Engine  The Database 5

6

Detecting Attacks  Intrusion Attacks  Guarding Against False Positives  Association Test  Source/Destination Address Test  Replay Test  DHCP Signature Test  Guarding Against False Negatives  DoS Attacks  Deauthentication/Disassociation Attacks  NAV attacks 7

Experimental Results  Test Environment  Sensor Deployment Density  System scalability  Demonstrative Results  Delay Incurred by the Association Test  Effectiveness of the Replay Test  Effectiveness of DHCP Test  Threshold for Detecting Disassociation Attacks 8

Channel Assignment  Which channels the DAIR nodes should listen on??? 9

Limitations  DAIR assumes the availability of stationary Desktop computers with good wired network connectivity.  DAIR can never guarantee that a suspect device is harmless.  If all the tests fail, we still cannot say that the suspect device is not connected to the corporate network.  DAIR monitoring system is at risk, if some component of the monitoring system is compromised.  Desktop systems-False data submitted, large number of alarms, Denial of Service attacks  DAIR adds a wireless interface to desktop systems which may make them more vulnerable. 10

Related Work  Firewalls prevent unauthorized users from gaining access to the network.  IDSs detect compromised machines in the network.  They detect once the attack is launched  High false positive rate-hence not useful  IPSec secures the communication channel between two authorized machines.  VPN software uses this.  These reduces the attacks but does not secure the network against the attacks like DoS.  Does not detect rogue Wi-Fi devices  DAIR  Detects and locates the rogue Wi-Fi devices  Detects various DoS attacks  Few false positives  Minimal human intervention. 11

Related Work Cont..  Two Approaches  APs  Dedicated and expensive custom hardware sensors for RF monitoring  One prior research paper on detecting rogue devices  Mobile clients and APs  Any unknown AP is flagged as rogue AP, even if it not plugged into corporate network.  Rogue adhoc networks are not detected  DoS attacks not detected  Another research on detecting greedy and malicious behavior in IEEE neworks.  DOMINO  AP based solution for detecting greedy behavior in IEEE hotspots. 12

Future Work: Initially deployed on a small scale but can be scaled to larger deployments 1. Plan to expand initial deployment to cover entire office building. 2.Building additional performance monitoring and network management applications using the DAIR framework 3.Extending DAIR system to support accurate location determination. 13

Conclusion  DAIR ◦For monitoring enterprise wireless networks using desktop machines ◦Takes advantage of key attributes of desktop infrastructure ◦Dense deployment ◦Stationarity ◦Wired connectivity ◦Spare CPU and disk resources  DAIR monitors ◦Security breaches ◦Denial of Service attacks  DAIR reduces  False negative alarms  False positive alarms 14

Thank You! 15

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.