Integrated Wireless Security and RF Management Introducing RFprotect System 4

1
Combating WLAN Influenza and RF
DegradationsRobert MarkovichPresident and
Co-Founder
2
About Network Chemistry
Founded 2001, first RFprotect products shipped
2002 Over 300 commercial and government
deployments worldwide Market leader based on
number of RF sensors deployed Numerous industry
awards Newly funded by investment arm of CIA
and US intelligence agencies
3
Inherent Problems of Wireless LANs
Problem 1 802.11 Networks are Inherently
Insecure
Problem 2 802.11 Networks are Inherently Flaky
Physical environment dictates network
performance
Authentication and encryption are not enough
Mis-implementations can lead to gaping
security holes
Intermittent problems are the norm
Hackers are well armed to exploit
vulnerabilities
Widely distributed infrastructure
exacerbates troubleshooting
4
GAO Report May 2005

• Few government agencies ensure that their WLANs
  are protected from unauthorized access.
• 9 out of 24 major agencies havent issued
  wireless-security plans.
• 13 agencies dont require their Wifi networks to
  be setup in a secure manner.
• GAO investigators were able to pick up Wifi
  signals from outside all of the 6 agencies they
  tested.

5
Part 1CombatingInfections and Intrusionson
Wireless LANs
6
Nomenclature Basics

• What is a virus?
• What is a worm?
• What is a Trojan Horse?
• What is Phishing?

7
Nomenclature Basics

• Virus (n.) Code written with the express
  intention of replicating itself. A virus attempts
  to spread from computer to computer by attaching
  itself to a host program. It may damage hardware,
  software, or information.
• Examples Sober, Melissa, MyDoom, Zafi, Homer
• Applicability to Wireless Networks
• Not directly tied to networking

8
Nomenclature Basics

• Worm (n.) A subclass of virus. A worm generally
  spreads without user action and distributes
  complete copies (possibly modified) of itself
  across networks. A worm can consume memory or
  network bandwidth, causing a denial of service.
• Examples Sasser, MSBlast, Code Red, Nimda, Cabir
• Applicability to Wireless Networks
• Wireless to Wired
• Wired to Wireless
• Wireless to Wireless

Denial-of-Service Attack
9
Nomenclature Basics

• Trojan Horse (n.) A computer program that appears
  to be useful but that actually does damage.
• Examples DIDer
• Applicability to Wireless Networks
• Wireless to Wired
• Wired to Wireless
• Wireless to Wireless

10
Nomenclature Basics

• Phishing (n.) The act of using spoofed messages
  (e.g. emails, website links) to a user falsely
  claiming to be an established legitimate
  enterprise in an attempt to scam the user into
  surrendering private information.
• Examples BadTrans
• Applicability to Wireless Networks
• Rogue APs that pretend to be valid AP
• Enterprise
• Hot-spots, e.g. Hotspotter

Man-in-the-Middle Attack
11
Wireless Vulnerabilities from Windows XP

• Ad hoc communications enabled
• Firewall disabled
• Bridging enabled
• Connect to any SSID enabled

12
Overview of Man-in-the-Middle Attack

• Two common forms
• Eavesdropping
• Manipulation, ARP poisoning

Device Z
Device X
ARP Reply IP of Z has MAC Y
ARP Reply IP of X has MAC Y
Device Y
13
Overview of Wireless DoS

• Prevent users from accessing network resources --
  to deny them service
• Physical layer
• Link layer
• Network layer

14
Countermeasure Tools

• Local Protection Protect the Devices
• Anti-Virus Software
• Firewall Software
• Anti-Pest Software
• Scan-on-connect Measures
• Global Protection Protect the Air Waves
• Wireless VPN
• Wireless Vulnerability Scanners
• Wireless IDS/IPS and Network Analyzers

15
W-IDP Considerations

• First, how to detect these attacks behavior
  analysis
• Detecting zero-day attacks, e.g. wireless worms
• Assess threat severity, i.e. is every rogue
  malicious?
• Active blocking to immediately disable threats
• Position measures to locate and remove threats
• Integration with other security systems
• Use W-IDP to correlate information between
  wireless and wired domains
• perform more advanced/forensic analysis

16
The Role of Distributed Network Analyzers

• Excellent tool to locate network security
  breaches, and to help identify and isolate
  virus-infected systems
• By watching traffic, understanding utilization,
  reviewing connection dynamics, security engineers
  can easily determine what station is causing the
  problem and why.
• Behavior analysis can identify and prevent the
  incursion of unknown (zero-day) worms and
  attacks.
• Forensic analysis

17
Evolutions and Projections

• Hackers will get more sophisticated. Next
  generation threats will be more sinister.
• combining the payload of a Trojan Horse with the
  propagation speed of a worm.
• Wireless specific worms will emerge predicted
  a real vulnerability within two to three years
  by a leading mobile industry forum.
• Who is the Cabir attack a wake-up call for?
• Less diversity and popularity of technology ups
  risk of viruses.
• Espionage with OTS wifi surveillance tools.
• Wimax has vulnerabilities subject to similar
  threats.

18
10 Flu Shots for the Mobile Epidemic

• Develop a good security policy
• Reduce violations of security policy
• Lock down mobile devices
• Turn on wireless encryption
• Patch your AP, use its firewall

19
10 Flu Shots for the Mobile Epidemic

• Work with your firewall
• Use commercial grade security tools
• Disable potentially exploitable objects
• Keep up with the latest threats
• Close known vulnerabilities

Monitor, Monitor, Monitor
UTILIZE WIRELESS IDP
20
W-IDP Conclusions

• Monitor, monitor, monitor protection involves
  monitoring
• Need tools in place for when things happen fast
  response.
• Need security monitoring separate from WLAN
  infrastructure.
• Has to be cost-effective build the case with
  ROI.
• A W-IDP helps you find the source of an attack or
  threat faster and takes both and active and
  auditing role in protecting your network and
  devices from such security problems.
• Follow an active protection process
• Detect ? Assess ? Prevent ? Audit

21
Active Protection Process for WLANs
22
Part 2Mobile and DistributedW-IDP Approaches
23
Stages of WLAN Management
Wireless LANs Deployed IDS/IPSVulnerability
AssessmentPolicy Compliance Performance
Monitoring Troubleshooting
Wireless LANs Not Authorized Rogue Mitigation
Planning for Wireless LANs RF Site Survey


24
Wireless IDP and RF Management
Ensure Your WLANs are Hack-Proof
Ensure Your WLANs are Problem-Free
Security Operations
Network Operations
Rogue Detection/Prevention
RF Site Survey
Baseline Alerting
Vulnerability Assessment
Troubleshooting
Attack Detection/Prevention
Compliance Auditing
Performance Reporting
Management Features on APs and Switches are
Ineffective
25
Three Major Criteria
Process
Workflow Efficiency
Performance
System Scalability
Price
Capital, Labor Costs
26
System Approaches
Total Wireless Management IDS/IPS RF
Management Tight Integration of Mobile
Software Distributed Software RF Sensors
27
Simplify Operational Workflow
Security Operations
Network Operations
Enabled By Integration of Mobile and Distributed
Components
28
Scalability Drives Where Analysis is Done
Smart Agent
Smart Server
Simple Upgrade Procedures
Ultra Server Redundancy
Low Bandwidth Use
Better Approach Puts Intelligence in both Sensor
and Server.
29
Total Ownership Costs
Costs Include System Licenses Sensor
Installation Ongoing Maintenance Enable Sensor
to share cable and power with AP.
WLAN Surveillance Sensor
30
Thank Youwww.networkchemistry.comAndy.Chun_at_acte
rna.comwww.acterna.com