CWSP Guide to Wireless Security

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

Submission Page 1 August 2002 doc.: IEEE /503r0 Daryl Kaiser, Cisco Systems Radio Measurement: A Candidate Approach Daryl Kaiser (Cisco Systems)
CWSP Guide to Wireless Security Enterprise Wireless Hardware Security.
CWSP Guide to Wireless Security
CWSP Guide to Wireless Security
CWSP Guide to Wireless Security
CWSP Guide to Wireless Security Operational Support and Wireless Convergence.
CWSP Guide to Wireless Security
CWSP Guide to Wireless Security Secure Wireless Authentication.
Wireless Monitoring and Protection. Topics Objectives Protocol Analyzers WIPS Common WIDS/WIPS Features Conclusion.
CWSP Guide to Wireless Security
Wireless LAN Security Understanding and Preventing Network Attacks.
Secure Time Synchronization Service for Sensor Networks S. Ganeriwal, R. Kumar, M. B. Sirvastava Presented by: Kaiqi Xiong 11/28/2005 Computer Science.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Net Security1 Chapter 8 Network Management Security Henric Johnson Blekinge Institute of Technology, Sweden Revised by Andrew Yang.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Chapter 19: Network Management Business Data Communications, 4e.
Guide to Network Defense and Countermeasures Second Edition
Intrusion Detection Systems and Practices
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
seminar on Intrusion detection system
Maintaining and Updating Windows Server 2008
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering
EC4019PA Intrusion & Access Control Technology (IACT) Chapter 4- CAMS Prepared by Sandy Tay.
10-Conducting Security Audits. Privilege Auditing Person’s access level over an object – User should be given minimal amount of privilege necessary to.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.
Penetration Testing Security Analysis and Advanced Tools: Snort.
Intrusion Detection Presentation : 1 OF n by Manish Mehta 01/24/03.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
WIRELESS INTRUSION DETECTION SYTEMS Namratha Vemuri Balasubramanian Kandaswamy.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Oppenheimer.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.
1 Network Management: SNMP The roots of education are bitter, but the fruit is sweet. - Aristotle.
Linux Networking and Security
Chapter 5: Implementing Intrusion Prevention
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Troubleshooting Your Network Networking for Home and Small Businesses – Chapter.
Wireless Intrusion Prevention System
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
Cryptography and Network Security Sixth Edition by William Stallings.
1 Company Confidential Fluke Networks OptiView Wireless Network Analyzer Bringing the power of OptiView to Wireless LANS.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Network management Network management refers to the activities, methods, procedures, and tools that pertain to the operation, administration, maintenance,
Wireless Network Management SANDEEP. Network Management Network management is a service that employs a variety of tools, applications, and devices to.
Role Of Network IDS in Network Perimeter Defense.
Company LOGO Network Management Architecture By Dr. Shadi Masadeh 1.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
PART1 Data collection methodology and NM paradigms 1.
Some Great Open Source Intrusion Detection Systems (IDSs)
WIRELESS INTRUSION DETECTION SYTEMS
By Sachin Kumar Korenga & Rochita Thakkallapally
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Firewalls.
Protection Mechanisms in Security Management
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Presentation transcript:

CWSP Guide to Wireless Security Managing the Wireless Network

Objectives Describe the functions of a WLAN management system List the different types of probes that are used in monitoring the RF Explain how a wireless intrusion prevention system differs from a wireless intrusion detection system List the features of a WIPS CWSP Guide to Wireless Security

WLAN Management Systems Monitor the network Used to be an important task Network equipment has become: More powerful, intelligent, significantly less expensive, and even self-monitoring Wireless network monitoring Remains critical Enables the network administrator or manager to: Identify security threats Verify compliance CWSP Guide to Wireless Security

WLAN Management Systems (continued) Wireless network monitoring (continued) Enables the network administrator or manager to: Monitor scarce bandwidth Administer the shared wireless resource Adjust for unpredictable wireless behavior Monitoring a WLAN can be accomplished via: A standard network management protocol A system specifically designed for wireless networks CWSP Guide to Wireless Security

WLAN Management Systems (continued) CWSP Guide to Wireless Security

WLAN Management Systems (continued) Advantages of using SNMP for WLAN management Ability to support a variety of different types of devices Increased flexibility Ease of expanding the network Widespread popularity SNMP shortcomings Wasting bandwidth by sending needless information Complicated encoding rules SNMP may not be quick enough CWSP Guide to Wireless Security

Discovery Identifies wireless devices that comprise the network Wireless device discovery SNMP can send a request similar to a PING (Packet Internet Groper) Software then listens for the response and logs that entry into the MIB MIB can be queried to determine if that wireless device is part of the WLAN Unapproved devices would not respond to SNMP requests CWSP Guide to Wireless Security

Discovery CWSP Guide to Wireless Security

Discovery (continued) Wireless device discovery (continued) Nearest sensor method Simplest and least precise method First determines the access point to which a wireless device is associated Assumes that this is the sensor closest to that device Computes how far the RF signal radiates from that access point Can locate a client to within a 900-meter area CWSP Guide to Wireless Security

Discovery (continued) CWSP Guide to Wireless Security

Discovery (continued) Wireless device discovery (continued) Triangulation/trilateration methods Combine measurements from various APs Triangulation Measures angles between three or more nearby APs Where the measurements intersect, this can be used to calculate the location of the device Trilateration Measures the distance between three or more APs CWSP Guide to Wireless Security

Discovery (continued) Wireless device discovery (continued) RF fingerprinting method Uses intelligent algorithms to improve precision By accounting for the environmental effects on the wireless signal itself (for example): Received Signal Strength Indication (RSSI) Signal that tells strength of incoming (received) signal Can be used to measure the RF power loss between transmitter and receiver To calculate the distance from the transmitting device to the receiver CWSP Guide to Wireless Security

Discovery (continued) Rogue access point discovery Mobile sniffing audits “Manually” audit the airwaves by using a wireless sniffer Such as NetStumbler or AirMagnet Wireless probes Devices that can monitor the airwaves for traffic CWSP Guide to Wireless Security

Discovery (continued) CWSP Guide to Wireless Security

Discovery (continued) Rogue access point discovery (continued) Wireless probes (continued) Wireless device probe Desktop probe Access point probe Dedicated probe Suspicious wireless signal information is sent to a centralized database WLAN management system software compares it to a list of approved APs CWSP Guide to Wireless Security

Discovery (continued) Rogue access point discovery (continued) Network management tools Extend “wireless awareness” into key elements of the wired network Example: Cisco Structured Wireless-Aware Network (SWAN) CWSP Guide to Wireless Security

Monitoring If SNMP is being used: Monitoring focuses upon network performance Bandwidth utilization can be determined by: Collecting statistics on the amount of data traffic that passes through an access point Performance monitoring can assess how often and quickly the device responds to a request SNMP trap Spike in a network’s bandwidth or a decrease in the time to respond to a request CWSP Guide to Wireless Security

Monitoring (continued) SNMP trap (continued) Considered unreliable because the receiver does not send acknowledgments SNMP inform request Acknowledges the message with an SNMP response Dedicated WLAN management systems Provide similar capabilities Designed to report specific wireless information Traffic and utilization, data rates, channel usage, and errors rates CWSP Guide to Wireless Security

Configuration SNMP and WLAN management systems allow for configuration of the wireless APs Through the network without the necessity of “touching” each device SNMP is only capable of a small number of configuration settings You can also “bulk” configure a group of access points with the same configurations Another aspect of configuration is upgrading the firmware of access points CWSP Guide to Wireless Security

Configuration (continued) CWSP Guide to Wireless Security

Wireless Intrusion Prevention System (WIPS) Integrates several layers of protection to detect and prevent malicious attacks CWSP Guide to Wireless Security

Intrusion Systems Intrusion system Security management system Compiles information from a computer network or individual computer Analyzes to identify security vulnerabilities and attacks Similar in nature to a firewall Watches for systematic attacks and then takes specified action Can also watch for any attacks that may originate from inside the network CWSP Guide to Wireless Security

Intrusion Systems (continued) Wireless intrusion detection system (WIDS) Constantly monitors the radio frequency (using wireless probes) for attacks If an attack is detected: WIDS sends information but does not take any action Technologies for WIDS Signature detection Compares the information to large databases of attack signatures Anomaly detection Monitors the normal activity of the wireless LAN and “learns” its normal characteristics CWSP Guide to Wireless Security

Intrusion Systems (continued) CWSP Guide to Wireless Security

Intrusion Systems (continued) Wireless intrusion detection system (WIDS) (continued) Anomaly detection Security administrator defines baseline (normal state) When creating the baseline observe the following tasks: Measure the performance parameters under normal network conditions Configure system to recognize all access points in the area as either authorized, monitored, or known Be aware of any common false positives that may exist for a specific network configuration Looks for variation (from the baseline) CWSP Guide to Wireless Security

Intrusion Systems (continued) CWSP Guide to Wireless Security

Intrusion Systems (continued) Wireless intrusion detection system (WIDS) (continued) Disadvantages Only issue alert Alert after attack has started Dependent upon signatures High number of false positives Wireless intrusion prevention system (WIPS) More proactive approach Attempts to uncover and prevent an attack before it harms the WLAN CWSP Guide to Wireless Security

Intrusion Systems (continued) Wireless intrusion prevention system (WIPS) (continued) Detects categories of attacks using predictable or deterministic techniques May involve a combination of different approaches Signatures are only used to provide additional details about the attack itself WIDS/WIPS Probes Types of probes Integrated Overlay CWSP Guide to Wireless Security

Intrusion Systems (continued) WIDS/WIPS Probes (continued) Integrated probes Also called an access point probe or embedded probe Use existing access points to monitor the RF Drawbacks Can negatively impact throughput AP is not dedicated to watching for attacks IEEE 802.11b/g AP cannot monitor IEEE 802.11a channels CWSP Guide to Wireless Security

Intrusion Systems (continued) WIDS/WIPS Probes (continued) Overlay probe Uses dedicated probes for scanning the RF for attacks Results in higher costs Does not impact WLAN throughput CWSP Guide to Wireless Security

Intrusion Systems (continued) WIDS/WIPS Probes (continued) Overlay probe (continued) Can scan more frequencies Provides broader coverage Detects more attacks Can also be used to troubleshoot WLAN performance issues Drawbacks Requires additional user interfaces, consoles, and databases Must have a list of authorized access points CWSP Guide to Wireless Security

WIPS Features AP identification and categorization Device tracking Ability to learn about the other access points that are in the area and classify those APs Next, the APs can be tagged as to their status Authorized AP Known AP Monitored AP Rogue AP Device tracking Involves the simultaneous tracking of all wireless devices within the WLAN CWSP Guide to Wireless Security

WIPS Features (continued) Device tracking (continued) Used to identify unauthorized device Other uses Asset tracking of wireless equipment Troubleshooting sources of wireless network interference Conducting a site survey Determining a wireless user’s availability status based on location & Finding an emergency Voice over WLAN (VoWLAN) telephone caller CWSP Guide to Wireless Security

WIPS Features (continued) Event action and notification WIPS that identifies an attack must immediately and automatically block any malicious wireless activity Once an attack is detected, the WIPS must notify security administrators RF scanning All of the radio frequency spectrum must be scanned for potential attacks Protocol analysis WIPS products offer remote packet capture and decode capabilities CWSP Guide to Wireless Security

WIPS Features (continued) Protocol analysis (continued) WIPS can view WLAN network traffic to determine exactly what is happening on the network And help determine what actions need to be taken CWSP Guide to Wireless Security

WIPS Features (continued) CWSP Guide to Wireless Security

Summary Wireless LAN management systems are important tools for maintaining wireless networks A WIDS constantly monitors the radio frequency (using wireless probes) for attacks A WIPS attempts to uncover and prevent an attack before it harms the WLAN CWSP Guide to Wireless Security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.