Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Policy-based Approach to Wireless LAN Security Management George Lapiotis, Byungsuk Kim, Subir Das, Farooq Anjum Speaker: George Lapiotis

Published byAsher Francis Modified over 9 years ago

Similar presentations

Presentation on theme: "A Policy-based Approach to Wireless LAN Security Management George Lapiotis, Byungsuk Kim, Subir Das, Farooq Anjum Speaker: George Lapiotis"— Presentation transcript:

1 A Policy-based Approach to Wireless LAN Security Management George Lapiotis, Byungsuk Kim, Subir Das, Farooq Anjum Speaker: George Lapiotis lapiotis@research.telcordia.com Athens/Greece, September 9, 2005 Telcordia Technologies Proprietary – Internal Use Only This document contains proprietary information that shall be distributed, routed or made available only within Telcordia Technologies, except with written permission of Telcordia Technologies.

2 Policy-based WLAN Security Management - 2 Telcordia Technologies Proprietary - Internal use only. See proprietary restrictions on title page. WLAN Security Management Challenges  WLANs are an open shared medium  Broken security mechanisms  Large installed base of 802.11a/b/g  Known WPA vulnerabilities  Untested new standards  TKIP  IEEE 802.11i  Mitigating the Insider Threat  E.g., Unauthorized access to internal network resources/services  Traditional security based on manual static configuration –In Policy-based tools administrators define high-level policies –Need to account for user mobility, rapidly changing configuration environment  Unified and consistent wireline-wireless security policy enforcement

3 Policy-based WLAN Security Management - 3 Telcordia Technologies Proprietary - Internal use only. See proprietary restrictions on title page. The Smart Firewalls Technology  Objective: “hands-free” management of multi-layer network security policies in dynamic network environments – Given a network, verify that the desired access is enabled and every undesired access is verifiably denied  Simple language to express network security policies –in terms of access to applications and network services  Policy engine populated by declarative models of network elements and services –validates policies –computes new configuration settings for network elements when policies are violated  Network monitoring and instrumentation layer –reports network changes as they occur –implements configuration changes computed by the policy engine

4 Policy-based WLAN Security Management - 4 Telcordia Technologies Proprietary - Internal use only. See proprietary restrictions on title page. Policy Engine State Diagram

5 Policy-based WLAN Security Management - 5 Telcordia Technologies Proprietary - Internal use only. See proprietary restrictions on title page. Policy Engine Topology High-level Policy Configuration Summarized Configuration Access Points Control & Monitor Wireless Domain Policy Manager Low-level Policy Configuration Detailed Configuration Wireless Domain Policy Manager Wireless Domain Policy Managers Policy-based Security Architecture

6 Policy-based WLAN Security Management - 6 Telcordia Technologies Proprietary - Internal use only. See proprietary restrictions on title page. Wireless Policy Domain A Multi-Domain Wireless Access Policy Control Policy Engine Wireless Policy Domain B Wireless Policy Domain Controller Access Point Wireless Policy Domain Controller Local Monitor Mobile Host Wireless Subnet AP and Host Info Access Point Access Router Local Monitor Mobile Host Wireless Subnet … WLAN Security Architecture

7 Policy-based WLAN Security Management - 7 Telcordia Technologies Proprietary - Internal use only. See proprietary restrictions on title page. Wireless Domain Policy Manager  Introduced to scale up the system for mobility and rapid configuration changes –Centralized depository might become a bottleneck in a volatile network  Operates as a Global Policy Adaptor –Forwards abstracted snapshots of wireless network host connectivity status to the policy engine  Access point connectivity abstracted –Translates and pushes low-level vendor-specific AP configurations when engine uncovers inconsistencies  Operates as a WLAN Policy Controller with some local autonomy –Security Monitoring configuration to Local Monitors –May independently block hosts if necessary

8 Policy-based WLAN Security Management - 8 Telcordia Technologies Proprietary - Internal use only. See proprietary restrictions on title page. Database Module Host Table AP Interface Definition Table AP Table Execution Module PE Messaging System Interface XML Message Handler Policy Execution Multi-type Access Points Policy Engine Local MonitorWireless Domain Policy Manager Adaptation Module SNMP Adaptor HTTP Adaptor CLI Adaptor Wireless Traffic Sniffer & Attack Detection Module Global Monitor Module Local Monitor Correlator Local Monitor Configuration Alarming and Logging Attack 1 Attack n Attack 2 … Wireless Domain Policy Manager and Local Monitor

9 Policy-based WLAN Security Management - 9 Telcordia Technologies Proprietary - Internal use only. See proprietary restrictions on title page. Supported Attack Detection Modules  Denial of Service  Rogue Access Point  Main in The Middle  Mobility-based Attacks  Obviously not all-inclusive!

10 Policy-based WLAN Security Management - 10 Telcordia Technologies Proprietary - Internal use only. See proprietary restrictions on title page. Wireline Network WLAN Access Network WLAN Access Network Mobile Host attack Report 3 Action 4 Recover 5 Detect 2 1 Policy Engine 2 WDPMan AP Local policy & Configuration LM Global policy Topology Update Local policy & Configuration LM Deployment Scenario

11 Policy-based WLAN Security Management - 11 Telcordia Technologies Proprietary - Internal use only. See proprietary restrictions on title page. Future Work  Current implementation supports Wi-Fi networks, extend to WiMAX  Extend to more types of intrusion attacks using additional detection modules  Extend to cover more access point types, vendors, and interfaces  Use the engine for intruder redirection to honeypots  Further scalability limits with multiple policy engines – tradeoff is global security policy consistency

Download ppt "A Policy-based Approach to Wireless LAN Security Management George Lapiotis, Byungsuk Kim, Subir Das, Farooq Anjum Speaker: George Lapiotis"

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Chapter 1: Introduction to Scaling Networks

Chapter 1: Introduction to Scaling Networks
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
Institute of Technology, Sligo Dept of Computing Semester 3, version 2.1.3 Semester 3 Chapter 3 VLANs.

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.

Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
A Survey on Interfaces to Network Security

A Survey on Interfaces to Network Security
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
Configuring Routing and Remote Access(RRAS) and Wireless Networking

Configuring Routing and Remote Access(RRAS) and Wireless Networking
Hosted by IDS for WLANs The Mansfield Group, LLC 802.11 Security for Enterprise Networks www.itvshop.com Wireless LAN Security Workshop Wash DC Honolulu.

Hosted by IDS for WLANs The Mansfield Group, LLC Security for Enterprise Networks Wireless LAN Security Workshop Wash DC Honolulu.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Similar presentations

Ads by Google