1. Security in Wireless Networks 458 Security Offense Debate: Wireless Security by Cisco Group DoubleDeuce Jibran Ilyas Frank LaSota Paul Lowder Juan Mendez May 30, 2009

2. Introduction  Cisco Centricity  Flaws with Article  Points Not Addressed  The Future/Best Practices

3. Cisco Centric Solution  Focus is on Cisco wireless solution  Advocates a need for network-wide security solution  Products Products and More Products –CUWN – Cisco Unified Wireless Network –CSA – Cisco Security Agent –Cisco NAC –Cisco Firewalls –Cisco IPS –CS-MARS – network security monitoring  Gartner group cautions little integration

4. Cisco Centric Solution - cont  Claims about Cisco Security product line –Scalable, Managable, Secure –Lowest Total Cost of Ownership –Self-defending, proactive, against most attacks  Does not compare other solutions

5. Flaws With Article  ‘Cisco… does not mean just putting more boxes on the network’? –Client Devices –Access Points –Wireless Controllers –Mobility Services –Network Mngmt  Campus Network Architecture ‘.. What does it do?’  Vs Branch Architecture? Click for 2 graphics

6. Flaws With Article - cont  Audience Is Unclear –Technical vs Executives – business case?  Oblivious to the fact that WEP is still dominant in most corporate environments –Assumes implementation of 802.11i encryption –Cisco slow to market with new solutions 802.11n

7. Points Not Addressed  Financial costs/risks not highlighted –Cost justification process unclear –Cisco expensive  Not enough content on methodology /process fix  Doesn’t bring home risks of rogue devices  No mention of signal controlling  No mention of custom virus infiltration and controls

8. Points Not Addressed - cont  Security advisories a full time job  Significant updating Single Vendor soln. for end to end security? Vendor Lock in an issue Missing functionality? Cisco low rated on EPP anti-virus

9. Best Practices  Recommended methodology for wireless protection –Security Policy – what to protect –Segment/Isolate networks critical data –Hire wireless pen testers to conduct tests against the network –Choose current methodologies over new devices  Security device installed and forgotten  Intruder sophistication recognized

10. Best Practices – cont. Wireless Planning  Guest access planning - use virtual LAN (VLAN) tunnels to route users outside the firewall  Use centrally controlled access points  Site Survey, Limit Coverage Areas  Turn off SSID, use unique anonymous names  Migrate to WPA2  Client Configurations Important –Personal firewalls –Turn off peer-to-peer/ad hoc networking. –Wireless and wired NICs should not be allowed to be active at the same time on a client

11. Questions Welcome  Useful Links  NIST Wireless Security Standards –http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf  Network World Wireless Security Research –http://www.networkworld.com/topics/wireless-security.html  InfoTech Research Group for Wireless Security –http://www.infotech.com/ITA/Research%20Centers/Security/Wireless%20Security.aspxhttp://www.infotech.com/ITA/Research%20Centers/Security/Wireless%20Security.aspx  Gartner Articles –Introduction to Wi-Fi Security Best Practices. John Girard, John Pescatore. ID Number: G00144428 –Magic Quadrant for Wireless LAN Infrastructure. Michael J. King, Tim Zimmerman. ID Number: G00163188 Jibran Ilyas Frank LaSota Paul Lowder Juan Mendez