Presentation is loading. Please wait.

Presentation is loading. Please wait.

Agenda 10:00 11:00 Securing wireless networks 11:00 11:15 Break 11:15 12:00Patch Management in the Enterprise 12:00 1:00 Lunch 1:00 2:30 Network Isolation.

Published byBethanie Thompson Modified over 9 years ago

Similar presentations

Presentation on theme: "Agenda 10:00 11:00 Securing wireless networks 11:00 11:15 Break 11:15 12:00Patch Management in the Enterprise 12:00 1:00 Lunch 1:00 2:30 Network Isolation."— Presentation transcript:

1 Agenda 10:00 11:00 Securing wireless networks 11:00 11:15 Break 11:15 12:00Patch Management in the Enterprise 12:00 1:00 Lunch 1:00 2:30 Network Isolation using IPSec and Group Policies 2:30 2:15Break 2:15 3:30Detecting the Hacker 3:30 Q&A

2 Wireless LAN Security Paul Hogan Ward Solutions

3 Session Prerequisites Hands-on experience with Windows 2000 or Windows Server 2003 Working knowledge of networking, including basics of security Basic knowledge of WLANS Level 300

4 This sessions are about… …about operational security The easy way is not always the secure way Networks are usually designed in particular ways  In many cases, these practices simplify attacks  In some cases these practices enable attacks In order to avoid these practices it helps to understand how an attacker can use them

5 This sessions are NOT … a hacking tutorial  Hacking networks you own can be enlightening  HACKING NETWORKS YOU DO NOT OWN IS ILLEGAL …demonstrating vulnerabilities in Windows  Everything we show stems from operational security or custom applications  Knowing how Windows operates is critical to avoiding problems …for the faint of heart

6 The Sessions

7 The Network

8 Why Does Network Security Fail? Network security fails in several common areas, including: Human awareness Policy factors Hardware or software misconfigurations Poor assumptions Ignorance Failure to stay up-to-date Human awareness Policy factors Hardware or software misconfigurations Poor assumptions Ignorance Failure to stay up-to-date

9 Session Agenda WLANs and WLAN issues WLAN Deployment models  Out-of-box  Block SSID / MAC address filtering  WEP  WPA (WPA-PSK) WLAN and Windows Server 2003

10 Wireless LAN – Good News “Cheap, easy to deploy, high performance radio based technology that does not respect the physical parameters of a building”.

11 Wireless LAN – Bad News “Cheap, easy to deploy, high performance radio based technology that does not respect the physical parameters of a building”.

12 Wireless LAN By 2006, 60% of Fortune 1000 companies will be deploying wireless networks By 2010, the majority of Fortune 2000 companies will be heavily dependent on wireless networks. Gartner Group 2003

13 Wireless Network And Now a Warning….. Corporations turning to wireless, for operational flexibility without considering the security issues, may be carelessly sacrificing the integrity of their systems …

14 Lets go for a drive “Drive by hacking” Ward Solutions independent analysis Completely non obtrusive Tools  Laptop  WiFi PCM network card  Orinoco driver  Netstumbler software Results  65 % Networks not encrypted  55 % NO access controls  45 % Broadcasting network name

15 What can be done Interception Monitoring Insertion Packet Analysis Broadcast Monitoring Access Point Cloning Jamming Denial of Service Brute Force Reconfiguration

16 WLAN Deployment: Toaster Install Out of Box Connected to Network Default SSID No Security configurations Could this be happening to you

17 WLAN Deployment: SSID / Mac Filtering So I blocked SSID and have MAC locking Limitations of MAC Address Filtering  Scalability - Must be administered and propagated to all APs. List may have a size limit.  No way to associate a MAC to a username.  User could neglect to report a lost card.  Attacker could spoof an allowed MAC address. SSIDs can be determined even if blocked

18 Limitations of Wired Equivalent Privacy ( WEP)  WEP is inherently weak to due poor key exchange.  WEP keys are not dynamically changed and therefore vulnerable to attack.  No method for provisioning WEP keys to clients. Generations of WEP  APs that filter weak IVs  Change keys frequently WEP Cracking tools  Airsnort  Dwepcrack  Aircrack + aireplay + WLAN Deployment: WEP

19 VPN Connectivity  PPTP  L2TP  Third Party IPSec  Many vendors Password-based Layer 2 Authentication  Cisco LEAP  RSA/Secure ID  IEEE 802.1x PEAP/MSCHAP v2 Certificate-based Layer 2 Authentication  IEEE 802.1x EAP/TLS Possible Solutions

20 WLAN Security Type Security Level Ease of Deployment Usability and Integration IEEE 802.11LowHigh VPNMedium Low Password-basedMedium High IPSecHighLow IEEE 802.1x TLSHighLowHigh WLAN Security Comparisons

21 Defines port-based access control mechanism  Works on anything, wired and wireless  Access point must support 802.1X  No special encryption key requirements Allows choice of authentication methods using EAP  Chosen by peers at authentication time  Access point doesn’t care about EAP methods Manages keys automatically  No need to preprogram wireless encryption keys 802.1X

22 A specification of standards-based, interoperable security enhancements that strongly increase the level of data protection and access control for existing and future wireless LAN systems Goals  Enhanced Data Encryption (TKIP)  Provide user authentication (802.1x)  Be forward compatible with (802.11i)  Provide non-RADIUS solution for Small/Home offices WPA- PSK Typically a software upgrade and Wi-Fi Alliance began certification testing for interoperability on Wi-Fi Protected Access products in February 2003 WPA2 Wi-Fi Protected Access (WPA)

23 WEPs IV only 24 bits and so are repeated every few hours  WPA increased IV to 24 bits repeated 900 years WPA alters values acceptable as IVs Protects against forgery and replay attacks  IV formed MAC address  TSC TKIP: New password generated every 10,000 packets WPA-PSK  Passphrase WPA 802.ii1 recommend 20-character password Crack is brute force based Wi-Fi Protected Access (WPA)

24 802.1x and PEAP

25 WLAN - 802.1X using EAP/TLS Domain Controller DHCP Exchange File Server Certification Authority RADIUS (IAS) Server Certificate Laptop Domain User/Machine Certificate EAP Connection 1, 2, 6 3, 5, 7 4

26 Best Practices Use 802.1x authentication Organize wireless users and computers into groups Apply wireless access policies using Group Policy Use EAP/TLS and 128 bit WEP – 802.1x PEAP Set clients to force user authentication as well as machine authentication Develop a method to manage rogue APs such as LAN based 802.1x authentication and wireless sniffers. Microsoft  Securing a wireless LAN Security Strategy  Securing wireless LANs with PEAP and Passwords

27

28 Questions and Answers

Download ppt "Agenda 10:00 11:00 Securing wireless networks 11:00 11:15 Break 11:15 12:00Patch Management in the Enterprise 12:00 1:00 Lunch 1:00 2:30 Network Isolation."

Similar presentations

Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
CSG357 Dan Ziminski & Bill Davidge 1 Effective Wireless Security – Technology and Policy CSG 256 Final Project Presentation by Dan Ziminski & Bill Davidge.

CSG357 Dan Ziminski & Bill Davidge 1 Effective Wireless Security – Technology and Policy CSG 256 Final Project Presentation by Dan Ziminski & Bill Davidge.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
Implementing Security for Wireless Networks Presenter Name Job Title Company.

Implementing Security for Wireless Networks Presenter Name Job Title Company.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.

Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)

Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Wireless Insecurity.

Wireless Insecurity.

Similar presentations

Ads by Google