Presentation is loading. Please wait.

Presentation is loading. Please wait.

WIRELESS INTRUSION DETECTION SYTEMS Namratha Vemuri Balasubramanian Kandaswamy.

Published byShavonne Miller Modified over 9 years ago

Similar presentations

Presentation on theme: "WIRELESS INTRUSION DETECTION SYTEMS Namratha Vemuri Balasubramanian Kandaswamy."— Presentation transcript:

1 WIRELESS INTRUSION DETECTION SYTEMS Namratha Vemuri Balasubramanian Kandaswamy

2 THREATS THREATS VICTIMS VICTIMS IDS IDS TYPES OF IDS TYPES OF IDS ARCHITECTURE ARCHITECTURE IMPLEMENTATION IMPLEMENTATION TOOLS USED TOOLS USED ADMINISTRATION ADMINISTRATION

3 THREATS Reconnaissance, theft of identity and denial of service (DoS) Signal range of authorized AP. Physical security of an authorized AP Rogue or unauthorized AP Easy installation of an AP Poorly configured AP Protocol weakness and capacity limits on AP

4

5 What are attacked? Corporate network and servers Attempted penetration through the official access points(target 1) into the corporate network. DOS attacks as most of them are TCP/IP based Wireless Clients the Access point behaves as a hub connecting the authorized wireless clients directly to the bad buys inevitably this will expose a connecting pc to a huge array of IP based attack.

6 Unauthorized Access point Unauthorized Access point Unofficial access points installed by user departments (target 4) represent a huge risk as the security configuration is often questionable Bogus Access points (Target 5) represent a different threat as these can be used to hijack sessions at the data link layer and steal valuable information. o Target 3 – The legitimate Access point

7 To protect our network where all access points reside on our network what actions to take to close down any unauthorized access points that do not confirm to the company security standards what wireless users are connected to our network what unencrypted data is being accessed and exchanged by those users

8 What is IDS? IDS is not a firewall IDS is not a firewall IDS watch network from the inside and report or alarm IDS monitors APs,compares security controls defined on the AP with predefined company security standards then reset or closedown any non-conforming AP’s they find. IDS identifies,alerts on unauthorized MAC addresses,tracks down hackers. IDS identifies,alerts on unauthorized MAC addresses,tracks down hackers.

9 Intrusion detection systems are designed and built to monitor and report on network activities, or packets, between communicating devices. Many commercial and open source tools are used: TOOLS capture and store the WLAN traffic, analyse that traffic and create reports analyse signal strength and transmission speed speed

10 ID SYSTEM ACTIVITIES

11 INFRASTRUCTURE

12 ARCHITECTURE

13 IDS : IDS : a sensor (an analysis engine) that is responsible for detecting intrusions (contains decision making mechanism) a sensor (an analysis engine) that is responsible for detecting intrusions (contains decision making mechanism) Sensor recevies message from own IDS knowledge base, syslog and audit trails. Sensor recevies message from own IDS knowledge base, syslog and audit trails. Syslog may include, for example, configuration of file system, user authorizations etc. This information creates the basis for a further decision- making process. Syslog may include, for example, configuration of file system, user authorizations etc. This information creates the basis for a further decision- making process.

14 TYPES OF IDS Misuse or Anomaly IDS Misuse or Anomaly IDS Network based or Host based IDS Network based or Host based IDS Passive or Reactive IDS Passive or Reactive IDS

15 ARCHITECTURE CENTRALIZED : combination of individual sensors which collect and forward 802.11 data to a centralized management system. CENTRALIZED : combination of individual sensors which collect and forward 802.11 data to a centralized management system. DISTRIBUTED : one or more devices that perform both the data gathering and processing/reporting functions if various IDS DISTRIBUTED : one or more devices that perform both the data gathering and processing/reporting functions if various IDS

16 Distributed is best suited for smaller WLANS due to cost and management issues Distributed is best suited for smaller WLANS due to cost and management issues Cost of many sensors with data processing Cost of many sensors with data processing Management of multiple processing/reporting sensors Management of multiple processing/reporting sensors

17 In centralized, it is to easy to maintain only one IDS where all the data is analyzed and formatted. In centralized, it is to easy to maintain only one IDS where all the data is analyzed and formatted. Single point of failure Single point of failure Adds to ‘additional’ network traffic running concurrently, impact on network performance Adds to ‘additional’ network traffic running concurrently, impact on network performance

18 IMPLEMENATION OF IDS Comprises of a mixture of hardware and software called intrusion detection sensors. Comprises of a mixture of hardware and software called intrusion detection sensors. Located on the network and examines traffic. Located on the network and examines traffic. Where the sensors should be placed??!! Where the sensors should be placed??!! How many do wee need??!! How many do wee need??!!

19 Not just to detect attackers.. Helps to Enforce Policies Helps to Enforce Policies Polcies for encryption Polcies for encryption Can report if a un encrypted packet is detectet. Can report if a un encrypted packet is detectet. With proper enforcement WEP can be acchieved (next slide) With proper enforcement WEP can be acchieved (next slide)

20 Why do we need these To achieve WEP To achieve WEP What's WEP? Wired Equivalent Privacy What's WEP? Wired Equivalent Privacy Why do we need it? Why do we need it?

21 People responsible IDS security analysts who can interpret the alerts (Passive IDS). IDS security analysts who can interpret the alerts (Passive IDS). IDS software programmers IDS software programmers IDS database administrators (misuse or anomaly IDS) IDS database administrators (misuse or anomaly IDS)

22 Couple of open source IDS KISMET 802.11 a/b/g network sniffer KISMET 802.11 a/b/g network sniffer NETSTUMBLER NETSTUMBLER

23 Kismet 802.11a/b/g network sniffer Passively collects network traffic(listens), detects the standard named networks and detecting hidden (non beaconing) networks Passively collects network traffic(listens), detects the standard named networks and detecting hidden (non beaconing) networks Analyze the data traffic and build a ‘picture’ of data movement Analyze the data traffic and build a ‘picture’ of data movement

24

25 NetStumbler  Sends 802.11 probes Actively scans by sending out request every second and reporting the responses Actively scans by sending out request every second and reporting the responses AP’s by default respond to these probes AP’s by default respond to these probes Used for wardriving or wilding. Used for wardriving or wilding.

26

27 Who manages and administers WIDS? Large organization (Network Operations group) Large organization (Network Operations group) AirMagnet Distributed 4.0, AirMagnet Distributed 4.0, AirDefense Enterprise v4.1 AirDefense Enterprise v4.1 Red-M Red-M Small and Medium Organization Small and Medium Organization Managed Security Service Provider (MSSP) Managed Security Service Provider (MSSP)

28 AirMagnet Distributed AirMagnet Distributed Sensors report network performance information Sensors report network performance information Alerts management server Alerts management server Airmagnet reporter generates reports from threat summaries to channel RF signal strength Airmagnet reporter generates reports from threat summaries to channel RF signal strength Ex: Using ‘Find’ tool, we can manually and physically track down location of the rogue user Ex: Using ‘Find’ tool, we can manually and physically track down location of the rogue user

29

30 AirDefense AirDefense system consists of a server running Red Hat Linux with distributed wireless AP sensors and a Java-based Web console. The AirDefense Web console and AP sensors communicate on a secure channel to the server

31

32 Red-M Red-M includes Red-Alert and Red-Vision. Red- Alert is a standalone wireless probe which can detect unauthorized Bluetooth devices as well as 802.11a/b/g networks. Red-Vision ss a modular set of products consisting of three main components: Red-Vision Server, Red-Vision Laptop Client and Red-Vision Viewer.

33 Red Vision (cont) Red vision server (Heart) Red vision server (Heart) Red vision laptop client (Ear) Red vision laptop client (Ear) Red Vision viewer ( Brain) Red Vision viewer ( Brain)

34 Wireless IDS drawbacks Cost Cost Cost grows in conjunction with size of the LAN Cost grows in conjunction with size of the LAN New emerging technology and hence may contain many bugs and vulnerabilities. New emerging technology and hence may contain many bugs and vulnerabilities. A wireless IDS is only as effective as the individuals who analyze and respond to the data gathered by the system A wireless IDS is only as effective as the individuals who analyze and respond to the data gathered by the system

35 Conclusion Wireless intrusion detection systems are an important addition to the security of wireless local area networks. While there are drawbacks to implementing a wireless IDS, the benefits will most likely prove to outweigh the downsides

36 QUESTIONS What is Policy Enforcement ? What is Policy Enforcement ? A policy is stated by IDS (Ex: all wireless communications must be encrypted) to detect the attack A policy is stated by IDS (Ex: all wireless communications must be encrypted) to detect the attack What type of ID is AirDefense Guard? What type of ID is AirDefense Guard? It is misuse or signature based anomaly. It is misuse or signature based anomaly. What are ‘dumb’ probes? What are ‘dumb’ probes? They collect all the network traffic and send it to central server for analyses They collect all the network traffic and send it to central server for analyses

37 REFERENCES http://www.telecomweb.com/readingroom/ Wireless_Intrusion_Detection.pdf http://www.telecomweb.com/readingroom/ Wireless_Intrusion_Detection.pdf http://www.telecomweb.com/readingroom/ Wireless_Intrusion_Detection.pdf http://www.telecomweb.com/readingroom/ Wireless_Intrusion_Detection.pdf http://www.giac.org/certified_professionals /practicals/gsec/4210.php http://www.giac.org/certified_professionals /practicals/gsec/4210.php http://www.giac.org/certified_professionals /practicals/gsec/4210.php http://www.giac.org/certified_professionals /practicals/gsec/4210.php http://www.sans.org/rr/whitepapers/wireles s/1543.php http://www.sans.org/rr/whitepapers/wireles s/1543.php http://www.sans.org/rr/whitepapers/wireles s/1543.php http://www.sans.org/rr/whitepapers/wireles s/1543.php http://www-loud-fat- bloke.co.uk/articles/widz-design.pdf http://www-loud-fat- bloke.co.uk/articles/widz-design.pdf http://www-loud-fat- bloke.co.uk/articles/widz-design.pdf http://www-loud-fat- bloke.co.uk/articles/widz-design.pdf

38 QUESTIONS?

39 THANKYOU

Download ppt "WIRELESS INTRUSION DETECTION SYTEMS Namratha Vemuri Balasubramanian Kandaswamy."

Similar presentations

Ethical Hacking Module XV Hacking Wireless Networks.

Ethical Hacking Module XV Hacking Wireless Networks.
Wireless LAN Security Understanding and Preventing Network Attacks.

Wireless LAN Security Understanding and Preventing Network Attacks.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)

2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Presented by Serge Kpan LTEC 4550.020 Network Systems Administration 1.

Presented by Serge Kpan LTEC Network Systems Administration 1.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.

A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.

Similar presentations

Ads by Google