Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Network Security

Published byAdele Hensley Modified over 6 years ago

Similar presentations

Presentation on theme: "Wireless Network Security"— Presentation transcript:

1 Wireless Network Security

2 The Current Internet: Connectivity and Processing
Access Networks Cable Modem LAN Premises- based WLAN Operator- Core Networks Transit Net Private Peering NAP Public Peering H.323 Data RAS Analog DSLAM The ISP likely has banks of many modems multiplexed onto a high capacity telephone cable that transports a large number of phone calls simultaneously (such as a T1, E1, ISDN PRI, etc.). This requires a concentrator or "remote access server" (RAS). PSTN Regional Wireline Voice Cell

3 Agenda The Cisco Unified Wireless Networks Common wireless threats
Cisco Security Agent (CSA) Cisco NAC Appliance Cisco Firewall Cisco IPS CS-MARS Common wireless threats How Cisco Wireless Security protects against them

4 Today’s wireless network

5 Cisco Unified Wireless Network
The following interconnected elements work together to deliver a unified enterprise-class wireless solution: Client devices (CSA) Access points (NAC) Wireless controllers (Firewall, and NIPS) Network management (CS-MARS)

6 CSA – Cisco Security Agent
Full featured agent-based endpoint protection Two components: Managed client - Cisco Security Agent Single point of configuration - Cisco Management Center

7 CSA - Purpose

8 CSA – Wireless Perspective

9 CSA – Combined Wireless Features
General CSA features Zero-day virus protection Control of sensitive data Provide integrity checking before allowing full network access Policy management and activity reporting CSA Mobility features Able to block access to unauthorized or ad-hoc networks Can force VPN in unsecured environments Stop unauthorized wireless-to-wired network bridging

10 CSA – End User View

11 Cisco Network Admission Control (NAC)
Determines the users, their machines, and their roles Grant access to network based on level of security compliance Interrogation and remediation of noncompliant devices Audits for security compliance

12 NAC - Overview 05/30/2009

13 Cisco NAC Architecture

14 Cisco NAC Features Client identification Compliance auditing
Access via Active Directory, Clean Access Agent, or even web form Compliance auditing Non-compliant or vulnerable devices through network scans or Clean Access Agent Policy enforcement Quarantine access and provide notification to users of vulnerabilities

15 Cisco Firewall (Placement Options)
Source: Cisco, Deploying Firewalls Throughout Your Organization

16 Why Placing Firewalls in Multiple Network Segments?
Provide the first line of defense in network security infrastructures Prevent access breaches at all key network junctures WLAN separation with firewall to limit access to sensitive data and protect from data loss Help organizations comply with the latest corporate and industry governance mandates Sarbanes-Oxley (SOX) Gramm-Leach-Bliley (GLB) Health Insurance Portability and Accountability Act (HIPAA) Payment Card Industry Data Security Standard (PCI DSS) -The rise of internal threats has come about by the emergence of new network perimeters that have formed inside the corporate LAN. 16

17 Cisco IPS Designed to accurately identify, classify and stop malicious traffic Worms, spyware, adware, network viruses which is achieved through detailed traffic inspection Collaboration of IPS & WLC simplifies and automates threat detection & mitigation LAP: lightweight access point WLC: wireless LAN controller

18 CS-MARS:Cisco Security Monitoring, Analysis and Reporting System
Monitor the network Detect and correlate anomalies (providing visualization) Mitigate threats

19 Cross-Network Anomaly Detection and Correlation
MARS is configured to obtain the configurations of other network devices. Devices send events to MARS via SNMP. Anomalies are detected and correlated across all devices. ASA: Adaptive Security Appliance ACS: Access Control Server LAP LWAPP Access Point. LWAPP Lightweight Access Point Protocol. Configuration Notes SNMP community strings on MARS must match those on the devices. First add devices that detect attacks and false positives. Then add devices that can block an attack. Next add hosts such as critical database servers. Layer 3 devices can be discovered by CS-MARS. 19

20 Group Quiz For each of the business challenges below, which component(s) of CUWN protect against them Mitigate network misuse, hacking and malware from WLAN clients by inspecting traffic flows Identify who is on the network and enforce granular policies to prevent exposure to viruses and “malware” Streamline user experience, consolidate accounting, and improve password management Standardize on wireless client connection policies while protecting them from suspect content and potential hackers Supporting and maintaining a diverse range of security products, correlating events and delivering concise reporting Offer secure, controlled access to network services for non employees and contractors IPS Cisco NAC NAC and CSA CSA CS-MARS NAC and firewall

21 Conclusions Present unparalleled threats
The Cisco Unified Wireless Network Solution provides the best defense against these threats

22 Agenda The Cisco Unified Wireless Networks Common wireless threats
Cisco Security Agent (CSA) Cisco NAC Appliance Cisco Firewall Cisco IPS CS-MARS Common wireless threats How Cisco Wireless Security protects against them

23 Rogue Access Points Rogue Access Points refer to unauthorized access points setup in a corporate network Two varieties: Added for intentionally malicious behavior Added by an employee not following policy Either case needs to be prevented

24 Rogue Access Points - Protection
Cisco Wireless Unified Network security can: Detect Rogue AP’s Determine if they are on the network Quarantine and report CS-MARS notification and reporting Locate rogue AP’s

25 Cisco Rogue AP Mapping

26 Guest Wireless

27 Guest Wifi Benefits Network segmentation Policy management
Guest traffic monitoring Customizable access portals

28 In-Band Modes When the NAC appliance is deployed in-band, all user traffic, both unauthenticated and authenticated, passes through the NAC appliance, which may be positioned logically or physically between end users and the network(s) being protected. When the NAC appliance is configured as a virtual gateway, it acts as a bridge between end users and the default gateway (router) for the client subnet being managed. When the NAC appliance is configured as a "real" IP gateway, it behaves like a router and forwards packets between its interfaces. 28

29 Compromised Clients Wifi Threat Security Concern CSA Feature
Ad-hoc Connections Wide-open connections Unencrypted Unauthenticated Insecure Pre-defined ad-hoc policy Concurrent wired/wifi connection Contamenating secure wired environment Concurrent wired/wifi pre-defined policy Disable wifi traffic if wired detected Access to unsecured wifi May lack authentication / encryption Risk of traffic cracking, rogue network devices Location based policies Restrict allowed SSIDs Enforce stronger security policies

30 Monitoring, Anomalies, & Mitigation
Discover Layer 3 devices on network Entire network can be mapped Find MAC addresses, end-points, topology Monitors wired and wireless devices Unified monitoring provides complete picture Anomalies can be correlated Complete view of anomalies (e.g. host names, MAC addresses, IP addresses, ports, etc.) Mitigation responses triggered using rules Rules can be further customized to extend MARS

Download ppt "Wireless Network Security"

Similar presentations

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.
Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.

The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.

Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Presented by Serge Kpan LTEC 4550.020 Network Systems Administration 1.

Presented by Serge Kpan LTEC Network Systems Administration 1.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Wireless Network Security

Wireless Network Security
All Rights Reserved © Alcatel-Lucent 2010 1 | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.
Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.

Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.
1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.

1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Similar presentations

Ads by Google