Wireless Monitoring and Protection. Topics Objectives Protocol Analyzers WIPS Common WIDS/WIPS Features Conclusion.

Slides:



Advertisements
Similar presentations
Intrusion Detection/Prevention Systems Charles Poff Bearing Point.
Advertisements

ITEC 6324 – Assignment Seven IEM Baseline Activity / Tool (Netstumbler, Kismet, Airopeek & AirSnort. Name: Victor Wong Instructor: Dr Crowley.
Wireless LAN Security Understanding and Preventing Network Attacks.
F3 Collecting Network Based Evidence (NBE)
Good afternoon. My name is Marek Pawłowski
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.
Computer Security and Penetration Testing
Host Intrusion Prevention Systems & Beyond
Department Of Computer Engineering
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Penetration Testing Security Analysis and Advanced Tools: Snort.
COEN 252 Computer Forensics
What is FORENSICS? Why do we need Network Forensics?
WIRELESS INTRUSION DETECTION SYTEMS Namratha Vemuri Balasubramanian Kandaswamy.
COEN 252 Computer Forensics Collecting Network-based Evidence.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 Overview of Microsoft ISA Server Introducing ISA Server Protects resourcesProtects resources Connects directly to the Internet and your private.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Linux Networking and Security
Applied Watch Technologies The Enterprise Open Source Security Infrastructure open.freedom Go ahead. Be free.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Wireless Intrusion Prevention System
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Network Sniffer Anuj Shah Advisor: Dr. Chung-E Wang Department of Computer Science.
Security fundamentals Topic 10 Securing the network perimeter.
Network Components David Blakeley LTEC HUB A common connection point for devices in a network. Hubs are commonly used to connect segments of a LAN.
1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.
Cryptography and Network Security Sixth Edition by William Stallings.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
Footprinting and Scanning
COMP2322 Lab 1 Introduction to Wireshark Weichao Li Jan. 22, 2016.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
Role Of Network IDS in Network Perimeter Defense.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Security fundamentals
CompTIA Security+ Study Guide (SY0-401)
Top 5 Open Source Firewall Software for Linux User
Footprinting and Scanning
COMP2322 Lab 1 Wireshark Steven Lee Jan. 25, 2017.
Securing the Network Perimeter with ISA 2004
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Footprinting and Scanning
CompTIA Security+ Study Guide (SY0-401)
Presentation transcript:

Wireless Monitoring and Protection

Topics Objectives Protocol Analyzers WIPS Common WIDS/WIPS Features Conclusion

Objectives Understand how to select and use protocol analyzer based on security features. Understand the security features of WIPS

Wireless Protocol Analyzer A Wireless Protocol Analyzer is a tool that can be used to assist with the site survey process, troubleshoot network communication issues and examine wireless frames and their contents. Protocol Analyzers do not need to associate to other wireless devices, they are merely listening and recording what they hear.

Wireless Protocol Analyzer here are some of the free network protocol analyzers available online: 1.ettercap 2.Hping 3.Kismet 4.Nemesis 5.Netstumbler/ministumbler 6.ngrep - network grepngrep - network grep 7.Tcpdump 8.Windump 9.WiresharkWireshark

Wireless Protocol Analyzer ettercap suitable for man in the middle attacks on LAN Publisher:Alberto Ornaghi and Marco Valleri Home Page: License: GNU General Public License Platforms: Windows, Linux, UnixAlberto OrnaghiMarco Vallerihttp://ettercap.sourceforge.net/index.phpGNU General Public License

ICMP type 8, Echo request message:

Passive vs. Active monitoring The passive approach: use of devices to watch traffic as it passes by The active approach : capability to inject test packets into network

Wireless Protocol Analyzer hping Publisher:Salvatore Sanfilippo Home Page: License: GNU General Public License Platforms: Linux, UnixSalvatore Sanfilippohttp:// General Public License

Wireless Protocol Analyzer kismet Publisher: Mike Kershaw Home Page: License: GNU General Public License Platforms: Linux, Unixhttp:// General Public License

Wireless Protocol Analyzer Nemesis publisher:Jeff Nathan Home Page: License: Free Platforms: Windows, Linux, UnixJeff Nathanhttp://nemesis.sourceforge.net/

Wireless Protocol Analyzer NetStumbler/MiniStumbler Publisher:Marius Milner Home Page: Milnerhttp://

Wireless Protocol Analyzer ngrep - network grep Publisher:Jordan Ritter Home Page: License: Free Platforms: Windows, Linux, UnixJordan Ritterhttp://ngrep.sourceforge.net/

Wireless Protocol Analyzer tcpdump Publisher:Lawrence Berkeley National Library Home Page: License: Free Platforms: iWindows, Linux, UnixLawrence Berkeley National Libraryhttp:// -w flag -b flag

Wireless Protocol Analyzer WinDump: tcpdump for Windows Publisher: Politecnico di Torino Home Page: License: Free Platforms: Windows

Wireless Protocol Analyzer Wireshark Publisher:Wireshark Development Team Home Page: License: GNU General Public License Platforms: Windows, Linux, UnixWireshark Development Teamhttp:// General Public License

Wireless Intrusion System IDS/IPS/WIDS Intrusion detection systems (IDS) are designed to analyze data communications for unauthorized activity and then alert administrators about the situation. Intrusion prevention systems (IPS) are designed to not only analyze and alert but also take proactive measures to prevent further access by the unauthorized party. A wireless intrusion detection system (WIDS) monitors the radio spectrum for the presence of unauthorized, rogue access points. WIPS

IDS

Sensors SSH server is a software program which uses the secure shell protocol to accept connections from remote computers SCP allows secure file transfer

Running Snort on multiple network interfaces and logging to different places

Simplified block diagram for Snort.

About the DMZ (Demilitarized zone) DMZ using a three-legged firewall

About the DMZ (Demilitarized zone) DMZ using dual firewalls defense in depth

Cont… Common WIDS/WIPS features: –Device identification and Categorization –Event Alerting, Notification and Categorization –Rogue Containment (class assignment) –Policy enforcement and violation reporting (class assignment) –Rogue triangulation and Rogue Fingerprinting (class assignment)

WIDS checking methodology

IPS

WCS: Wireless Control System (a management solution) WLC: WLAN Controller MSE (Mobility Service Engine) SOAP: Simple Object Access Protocol, is a protocol specification for exchanging structured information inprotocol the implementation of Web Services in computer networksWeb Servicescomputer networks

An example of WIPS

Conclusion Protocol analyzer is a monitoring tool for examining the contents of wireless frames by decoding the information received by a possible monitoring system. Security monitoring is classified to WIDS or WIPS depending whether the system can take proactive steps to protect the network. Policy enforcement is an automated way of reacting to wireless conditions deemed critical. Rogue triangulation and fingerprinting are ways of physically finding a rogue device.