Title: Integrated Wireless Security and RF Management Introducing RFprotect System 4
1Combating WLAN Influenza and RF
DegradationsRobert MarkovichPresident and
Co-Founder
2About Network Chemistry
Founded 2001, first RFprotect products shipped
2002 Over 300 commercial and government
deployments worldwide Market leader based on
number of RF sensors deployed Numerous industry
awards Newly funded by investment arm of CIA
and US intelligence agencies
3Inherent Problems of Wireless LANs
Problem 1 802.11 Networks are Inherently
Insecure
Problem 2 802.11 Networks are Inherently Flaky
Physical environment dictates network
performance
Authentication and encryption are not enough
Mis-implementations can lead to gaping
security holes
Intermittent problems are the norm
Hackers are well armed to exploit
vulnerabilities
Widely distributed infrastructure
exacerbates troubleshooting
4GAO Report May 2005
- Few government agencies ensure that their WLANs
are protected from unauthorized access. - 9 out of 24 major agencies havent issued
wireless-security plans. - 13 agencies dont require their Wifi networks to
be setup in a secure manner. - GAO investigators were able to pick up Wifi
signals from outside all of the 6 agencies they
tested.
5Part 1CombatingInfections and Intrusionson
Wireless LANs
6Nomenclature Basics
- What is a virus?
- What is a worm?
- What is a Trojan Horse?
- What is Phishing?
7Nomenclature Basics
- Virus (n.) Code written with the express
intention of replicating itself. A virus attempts
to spread from computer to computer by attaching
itself to a host program. It may damage hardware,
software, or information. - Examples Sober, Melissa, MyDoom, Zafi, Homer
- Applicability to Wireless Networks
- Not directly tied to networking
8Nomenclature Basics
- Worm (n.) A subclass of virus. A worm generally
spreads without user action and distributes
complete copies (possibly modified) of itself
across networks. A worm can consume memory or
network bandwidth, causing a denial of service. - Examples Sasser, MSBlast, Code Red, Nimda, Cabir
- Applicability to Wireless Networks
- Wireless to Wired
- Wired to Wireless
- Wireless to Wireless
Denial-of-Service Attack
9Nomenclature Basics
- Trojan Horse (n.) A computer program that appears
to be useful but that actually does damage. - Examples DIDer
- Applicability to Wireless Networks
- Wireless to Wired
- Wired to Wireless
- Wireless to Wireless
10Nomenclature Basics
- Phishing (n.) The act of using spoofed messages
(e.g. emails, website links) to a user falsely
claiming to be an established legitimate
enterprise in an attempt to scam the user into
surrendering private information. - Examples BadTrans
- Applicability to Wireless Networks
- Rogue APs that pretend to be valid AP
- Enterprise
- Hot-spots, e.g. Hotspotter
Man-in-the-Middle Attack
11Wireless Vulnerabilities from Windows XP
- Ad hoc communications enabled
- Firewall disabled
- Bridging enabled
- Connect to any SSID enabled
12Overview of Man-in-the-Middle Attack
- Two common forms
- Eavesdropping
- Manipulation, ARP poisoning
Device Z
Device X
ARP Reply IP of Z has MAC Y
ARP Reply IP of X has MAC Y
Device Y
13Overview of Wireless DoS
- Prevent users from accessing network resources --
to deny them service - Physical layer
- Link layer
- Network layer
14Countermeasure Tools
- Local Protection Protect the Devices
- Anti-Virus Software
- Firewall Software
- Anti-Pest Software
- Scan-on-connect Measures
- Global Protection Protect the Air Waves
- Wireless VPN
- Wireless Vulnerability Scanners
- Wireless IDS/IPS and Network Analyzers
15W-IDP Considerations
- First, how to detect these attacks behavior
analysis - Detecting zero-day attacks, e.g. wireless worms
- Assess threat severity, i.e. is every rogue
malicious? - Active blocking to immediately disable threats
- Position measures to locate and remove threats
- Integration with other security systems
- Use W-IDP to correlate information between
wireless and wired domains - perform more advanced/forensic analysis
16The Role of Distributed Network Analyzers
- Excellent tool to locate network security
breaches, and to help identify and isolate
virus-infected systems - By watching traffic, understanding utilization,
reviewing connection dynamics, security engineers
can easily determine what station is causing the
problem and why. - Behavior analysis can identify and prevent the
incursion of unknown (zero-day) worms and
attacks. - Forensic analysis
17Evolutions and Projections
- Hackers will get more sophisticated. Next
generation threats will be more sinister. - combining the payload of a Trojan Horse with the
propagation speed of a worm. - Wireless specific worms will emerge predicted
a real vulnerability within two to three years
by a leading mobile industry forum. - Who is the Cabir attack a wake-up call for?
- Less diversity and popularity of technology ups
risk of viruses. - Espionage with OTS wifi surveillance tools.
- Wimax has vulnerabilities subject to similar
threats.
1810 Flu Shots for the Mobile Epidemic
- Develop a good security policy
- Reduce violations of security policy
- Lock down mobile devices
- Turn on wireless encryption
- Patch your AP, use its firewall
1910 Flu Shots for the Mobile Epidemic
- Work with your firewall
- Use commercial grade security tools
- Disable potentially exploitable objects
- Keep up with the latest threats
- Close known vulnerabilities
Monitor, Monitor, Monitor
UTILIZE WIRELESS IDP
20W-IDP Conclusions
- Monitor, monitor, monitor protection involves
monitoring - Need tools in place for when things happen fast
response. - Need security monitoring separate from WLAN
infrastructure. - Has to be cost-effective build the case with
ROI. - A W-IDP helps you find the source of an attack or
threat faster and takes both and active and
auditing role in protecting your network and
devices from such security problems. - Follow an active protection process
- Detect ? Assess ? Prevent ? Audit
21Active Protection Process for WLANs
22Part 2Mobile and DistributedW-IDP Approaches
23Stages of WLAN Management
Wireless LANs Deployed IDS/IPSVulnerability
AssessmentPolicy Compliance Performance
Monitoring Troubleshooting
Wireless LANs Not Authorized Rogue Mitigation
Planning for Wireless LANs RF Site Survey
24Wireless IDP and RF Management
Ensure Your WLANs are Hack-Proof
Ensure Your WLANs are Problem-Free
Security Operations
Network Operations
Rogue Detection/Prevention
RF Site Survey
Baseline Alerting
Vulnerability Assessment
Troubleshooting
Attack Detection/Prevention
Compliance Auditing
Performance Reporting
Management Features on APs and Switches are
Ineffective
25Three Major Criteria
Process
Workflow Efficiency
Performance
System Scalability
Price
Capital, Labor Costs
26System Approaches
Total Wireless Management IDS/IPS RF
Management Tight Integration of Mobile
Software Distributed Software RF Sensors
27Simplify Operational Workflow
Security Operations
Network Operations
Enabled By Integration of Mobile and Distributed
Components
28Scalability Drives Where Analysis is Done
Smart Agent
Smart Server
Simple Upgrade Procedures
Ultra Server Redundancy
Low Bandwidth Use
Better Approach Puts Intelligence in both Sensor
and Server.
29Total Ownership Costs
Costs Include System Licenses Sensor
Installation Ongoing Maintenance Enable Sensor
to share cable and power with AP.
WLAN Surveillance Sensor
30Thank Youwww.networkchemistry.comAndy.Chun_at_acte
rna.comwww.acterna.com