Presentation is loading. Please wait.

Presentation is loading. Please wait.

WIRELESS INTRUSION DETECTION SYTEMS

Published byMarlene Kennedy Modified over 6 years ago

Similar presentations

Presentation on theme: "WIRELESS INTRUSION DETECTION SYTEMS"— Presentation transcript:

1 WIRELESS INTRUSION DETECTION SYTEMS
Namratha Vemuri Balasubramanian Kandaswamy

2 THREATS VICTIMS IDS TYPES OF IDS ARCHITECTURE IMPLEMENTATION TOOLS USED ADMINISTRATION

3 THREATS Reconnaissance, theft of identity and denial of service (DoS)
Signal range of authorized AP. Physical security of an authorized AP Rogue or unauthorized AP Easy installation of an AP Poorly configured AP Protocol weakness and capacity limits on AP

4

5 What are attacked? Corporate network and servers
Attempted penetration through the official access points(target 1) into the corporate network. DOS attacks as most of them are TCP/IP based Wireless Clients the Access point behaves as a hub connecting the authorized wireless clients directly to the bad buys inevitably this will expose a connecting pc to a huge array of IP based attack.

6 Unauthorized Access point
Unofficial access points installed by user departments (target 4) represent a huge risk as the security configuration is often questionable Bogus Access points (Target 5) represent a different threat as these can be used to hijack sessions at the data link layer and steal valuable information. o Target 3 – The legitimate Access point

7 To protect our network where all access points reside on our network what actions to take to close down any unauthorized access points that do not confirm to the company security standards what wireless users are connected to our network what unencrypted data is being accessed and exchanged by those users

8 What is IDS? IDS is not a firewall
IDS watch network from the inside and report or alarm IDS monitors APs ,compares security controls defined on the AP with predefined company security standards then reset or closedown any non-conforming AP’s they find. IDS identifies,alerts on unauthorized MAC addresses ,tracks down hackers.

9 Intrusion detection systems are designed and built to monitor and report on network activities, or packets, between communicating devices. Many commercial and open source tools are used: TOOLS capture and store the WLAN traffic, analyse that traffic and create reports analyse signal strength and transmission speed

10 ID SYSTEM ACTIVITIES

11 INFRASTRUCTURE

12 ARCHITECTURE

13 IDS : a sensor (an analysis engine) that is responsible for detecting intrusions (contains decision making mechanism) Sensor recevies message from own IDS knowledge base, syslog and audit trails. Syslog may include, for example, configuration of file system, user authorizations etc. This information creates the basis for a further decision-making process.

14 TYPES OF IDS Misuse or Anomaly IDS Network based or Host based IDS
Passive or Reactive IDS

15 ARCHITECTURE CENTRALIZED : combination of individual sensors which collect and forward data to a centralized management system. DISTRIBUTED : one or more devices that perform both the data gathering and processing/reporting functions if various IDS

16 Distributed is best suited for smaller WLANS due to cost and management issues
Cost of many sensors with data processing Management of multiple processing/reporting sensors

17 In centralized, it is to easy to maintain only one IDS where all the data is analyzed and formatted.
Single point of failure Adds to ‘additional’ network traffic running concurrently, impact on network performance

18 IMPLEMENATION OF IDS Comprises of a mixture of hardware and software called intrusion detection sensors. Located on the network and examines traffic. Where the sensors should be placed??!! How many do wee need??!!

19 Not just to detect attackers..
Helps to Enforce Policies Polcies for encryption Can report if a un encrypted packet is detectet. With proper enforcement WEP can be acchieved (next slide)

20 Why do we need these To achieve WEP
What's WEP? Wired Equivalent Privacy Why do we need it?

21 People responsible IDS security analysts who can interpret the alerts (Passive IDS). IDS software programmers IDS database administrators (misuse or anomaly IDS)

22 Couple of open source IDS
KISMET a/b/g network sniffer NETSTUMBLER

23 Kismet 802.11a/b/g network sniffer
Passively collects network traffic(listens), detects the standard named networks and detecting hidden (non beaconing) networks Analyze the data traffic and build a ‘picture’ of data movement

24

25 NetStumbler Sends 802.11 probes
Actively scans by sending out request every second and reporting the responses AP’s by default respond to these probes Used for wardriving or wilding.

26

27 Who manages and administers WIDS?
Large organization (Network Operations group) AirMagnet Distributed 4.0, AirDefense Enterprise v4.1 Red-M Small and Medium Organization Managed Security Service Provider (MSSP)

28 AirMagnet Distributed
Sensors report network performance information Alerts management server Airmagnet reporter generates reports from threat summaries to channel RF signal strength Ex: Using ‘Find’ tool, we can manually and physically track down location of the rogue user

29

30 AirDefense AirDefense system consists of a server running Red Hat Linux with distributed wireless AP sensors and a Java-based Web console. The AirDefense Web console and AP sensors communicate on a secure channel to the server

31

32 Red-M Red-M includes Red-Alert and Red-Vision. Red- Alert is a standalone wireless probe which can detect unauthorized Bluetooth devices as well as a/b/g networks. Red-Vision ss a modular set of products consisting of three main components: Red-Vision Server, Red-Vision Laptop Client and Red-Vision Viewer.

33 Red Vision (cont) Red vision server (Heart)
Red vision laptop client (Ear) Red Vision viewer ( Brain)

34 Wireless IDS drawbacks
Cost Cost grows in conjunction with size of the LAN New emerging technology and hence may contain many bugs and vulnerabilities. A wireless IDS is only as effective as the individuals who analyze and respond to the data gathered by the system

35 Conclusion Wireless intrusion detection systems are an important addition to the security of wireless local area networks. While there are drawbacks to implementing a wireless IDS, the benefits will most likely prove to outweigh the downsides

36 QUESTIONS What is Policy Enforcement ?
A policy is stated by IDS (Ex: all wireless communications must be encrypted) to detect the attack What type of ID is AirDefense Guard? It is misuse or signature based anomaly. What are ‘dumb’ probes? They collect all the network traffic and send it to central server for analyses

37 REFERENCES

38 QUESTIONS?

39 THANKYOU

Download ppt "WIRELESS INTRUSION DETECTION SYTEMS"

Similar presentations

Ethical Hacking Module XV Hacking Wireless Networks.

Ethical Hacking Module XV Hacking Wireless Networks.
Wireless LAN Security Understanding and Preventing Network Attacks.

Wireless LAN Security Understanding and Preventing Network Attacks.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)

2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Presented by Serge Kpan LTEC 4550.020 Network Systems Administration 1.

Presented by Serge Kpan LTEC Network Systems Administration 1.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino

CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Similar presentations

Ads by Google