Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Monitoring and Protection. Topics Objectives Protocol Analyzers WIPS Common WIDS/WIPS Features Conclusion.

Published byOwen Holland Modified over 11 years ago

Similar presentations

Presentation on theme: "Wireless Monitoring and Protection. Topics Objectives Protocol Analyzers WIPS Common WIDS/WIPS Features Conclusion."— Presentation transcript:

1 Wireless Monitoring and Protection

2 Topics Objectives Protocol Analyzers WIPS Common WIDS/WIPS Features Conclusion

3 Objectives Understand how to select and use 802.11 protocol analyzer based on security features. Understand the security features of 802.11 WIPS

4 Wireless Protocol Analyzer A Wireless Protocol Analyzer is a tool that can be used to assist with the site survey process, troubleshoot network communication issues and examine wireless frames and their contents. Protocol Analyzers do not need to associate to other wireless devices, they are merely listening and recording what they hear.

5 Wireless Protocol Analyzer here are some of the free network protocol analyzers available online: 1.ettercap 2.Hping 3.Kismet 4.Nemesis 5.Netstumbler/ministumbler 6.ngrep - network grepngrep - network grep 7.Tcpdump 8.Windump 9.WiresharkWireshark http://sectools.org/tag/sniffers/

6 Wireless Protocol Analyzer ettercap suitable for man in the middle attacks on LAN Publisher:Alberto Ornaghi and Marco Valleri Home Page:http://ettercap.sourceforge.net/index.php License: GNU General Public License Platforms: Windows, Linux, UnixAlberto OrnaghiMarco Vallerihttp://ettercap.sourceforge.net/index.phpGNU General Public License

7 ICMP type 8, Echo request message:

8 Passive vs. Active monitoring The passive approach: use of devices to watch traffic as it passes by The active approach : capability to inject test packets into network

9 Wireless Protocol Analyzer hping Publisher:Salvatore Sanfilippo Home Page:http://www.hping.org/ License: GNU General Public License Platforms: Linux, UnixSalvatore Sanfilippohttp://www.hping.org/GNU General Public License

10 Wireless Protocol Analyzer kismet Publisher: Mike Kershaw Home Page:http://www.kismetwireless.net/ License: GNU General Public License Platforms: Linux, Unixhttp://www.kismetwireless.net/GNU General Public License

11 Wireless Protocol Analyzer Nemesis publisher:Jeff Nathan Home Page:http://nemesis.sourceforge.net/ License: Free Platforms: Windows, Linux, UnixJeff Nathanhttp://nemesis.sourceforge.net/

12 Wireless Protocol Analyzer NetStumbler/MiniStumbler Publisher:Marius Milner Home Page:http://www.netstumbler.com/Marius Milnerhttp://www.netstumbler.com/

13 Wireless Protocol Analyzer ngrep - network grep Publisher:Jordan Ritter Home Page:http://ngrep.sourceforge.net/ License: Free Platforms: Windows, Linux, UnixJordan Ritterhttp://ngrep.sourceforge.net/

14 Wireless Protocol Analyzer tcpdump Publisher:Lawrence Berkeley National Library Home Page:http://www.tcpdump.org/ License: Free Platforms: iWindows, Linux, UnixLawrence Berkeley National Libraryhttp://www.tcpdump.org/ -w flag -b flag

15 Wireless Protocol Analyzer WinDump: tcpdump for Windows Publisher: Politecnico di Torino Home Page:http://www.winpcap.org/windump http://www.winpcap.org/windump License: Free Platforms: Windows

16 Wireless Protocol Analyzer Wireshark Publisher:Wireshark Development Team Home Page:http://www.wireshark.org/ License: GNU General Public License Platforms: Windows, Linux, UnixWireshark Development Teamhttp://www.wireshark.org/GNU General Public License

17 Wireless Intrusion System IDS/IPS/WIDS Intrusion detection systems (IDS) are designed to analyze data communications for unauthorized activity and then alert administrators about the situation. Intrusion prevention systems (IPS) are designed to not only analyze and alert but also take proactive measures to prevent further access by the unauthorized party. A wireless intrusion detection system (WIDS) monitors the radio spectrum for the presence of unauthorized, rogue access points. WIPS

18 IDS

19 Sensors SSH server is a software program which uses the secure shell protocol to accept connections from remote computers SCP allows secure file transfer

20 Running Snort on multiple network interfaces and logging to different places

21 Simplified block diagram for Snort.

22 About the DMZ (Demilitarized zone) DMZ using a three-legged firewall

23 About the DMZ (Demilitarized zone) DMZ using dual firewalls defense in depth

24 Cont… Common WIDS/WIPS features: –Device identification and Categorization –Event Alerting, Notification and Categorization –Rogue Containment (class assignment) –Policy enforcement and violation reporting (class assignment) –Rogue triangulation and Rogue Fingerprinting (class assignment)

25 WIDS checking methodology

26 IPS

27 WCS: Wireless Control System (a management solution) http://www.cisco.com/en/US/products/ps6305/index.html WLC: WLAN Controller http://www.cisco.com/en/US/products/ps6302/Products_Sub_Category_Home.html MSE (Mobility Service Engine) SOAP: Simple Object Access Protocol, is a protocol specification for exchanging structured information inprotocol the implementation of Web Services in computer networksWeb Servicescomputer networks

28 An example of WIPS

29 Conclusion Protocol analyzer is a monitoring tool for examining the contents of wireless frames by decoding the information received by a possible monitoring system. Security monitoring is classified to WIDS or WIPS depending whether the system can take proactive steps to protect the network. Policy enforcement is an automated way of reacting to wireless conditions deemed critical. Rogue triangulation and fingerprinting are ways of physically finding a rogue device.

Download ppt "Wireless Monitoring and Protection. Topics Objectives Protocol Analyzers WIPS Common WIDS/WIPS Features Conclusion."

Similar presentations

Intrusion Detection/Prevention Systems Charles Poff Bearing Point.

Intrusion Detection/Prevention Systems Charles Poff Bearing Point.
ITEC 6324 – Assignment Seven IEM Baseline Activity / Tool (Netstumbler, Kismet, Airopeek & AirSnort. Name: Victor Wong Instructor: Dr Crowley.

ITEC 6324 – Assignment Seven IEM Baseline Activity / Tool (Netstumbler, Kismet, Airopeek & AirSnort. Name: Victor Wong Instructor: Dr Crowley.
Wireless LAN Security Understanding and Preventing Network Attacks.

Wireless LAN Security Understanding and Preventing Network Attacks.
F3 Collecting Network Based Evidence (NBE)

F3 Collecting Network Based Evidence (NBE)
Good afternoon. My name is Marek Pawłowski

Good afternoon. My name is Marek Pawłowski
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.

Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Department Of Computer Engineering

Department Of Computer Engineering

Similar presentations

Ads by Google