NETW 05A: APPLIED WIRELESS SECURITY Additional Security Solutions - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

NETW 05A: APPLIED WIRELESS SECURITY Additional Security Solutions

Description:

Limit access points to only operate on specific channels ... of a selected network segment over a period of time (represent network normalcy) ... – PowerPoint PPT presentation

Number of Views:16
Avg rating:3.0/5.0
Slides: 15
Provided by: bcc66
Category:

less

Transcript and Presenter's Notes

Title: NETW 05A: APPLIED WIRELESS SECURITY Additional Security Solutions


1
NETW 05A APPLIED WIRELESS SECURITY Additional
Security Solutions
  • By Mohammad Shanehsaz
  • Spring 2005

2
Objectives
  • Describe the following types of intrusion
    detection methods and tools for WLANs
  • 24x7 centralized, skilled monitoring
  • Honey pots
  • Professional security audits
  • Accurate, timely reporting
  • Distributed agent software
  • Security spot checking
  • Available wireless LAN intrusion detection
    software and hardware tools

3
Intrusion Detection Systems
  • An IDS inspects inbound and outbound traffic and
    attempts to identify suspicious activity
  • An IDS is different from firewall in that a
    firewall monitors for intrusion to stop them
    while an IDS signals an alarm
  • Wireless IDS can search a WLAN for
    vulnerabilities, detect and respond to intruders,
    and help manage it
  • Wireless IDS use sensors that monitor all
    wireless traffic and report them to the central
    server
  • The sensors provide 24x7 real-time monitoring

4
Features of IDS
  • Network-based vs. host-based monitoring
  • Passive vs. Reactive monitoring
  • Misuse detection
  • Anomaly detection
  • Vulnerability detection
  • Performance monitoring

5
Network-based vs. Host-based
  • Network-based IDS listen on the wireless segment
    through wireless sensors
  • To monitor all wireless traffic, sensors must be
    placed at, in, or near every access point
  • Host-based IDS, examine data on each host
    computer, require that IDS agents be running on
    each node in order to report suspicious activity
    back to the central server
  • They are able to monitor attacks against an
    individual computer more thoroughly

6
Passive vs. Reactive
  • IDS in passive mode - if any attacks occur, will
    raise various alarms to inform the appropriate
    security personnel to take action
  • IDS in reactive mode, IDS react to attacks and
    eliminate them by shutting down services,
    restrict access to services or disconnecting them
    altogether
  • Active vs. reactive settings configured through
    policy settings in the IDS

7
Misuse Detection
  • To detect misuse, the IDS must monitor business
    rules for WLAN, some of which are
  • Limit access points to only operate on specific
    channels
  • Require all wireless LAN traffic to be encrypted
  • Prohibit SSIDs from being broadcast unmasked
  • Limit traffic on the wireless LAN to occur only
    within certain hours of the day

8
Anomaly Detection
  • Monitors network segments to compare their
    current status to the normal baseline
  • Baselines should be established for typical
    network load, protocols, and packet size
  • Appropriate personnel should be alerted to any
    anomalies

9
Vulnerability Detection
  • Vulnerabilities to wireless LANs can be detected
    in real-time
  • Locating any ad-hoc networks that are actively
    transmitting traffic, is one way to keep
    peer-to-peer attacks from occurring
  • Locating an open rogue access point that has
    hi-jacked an authorized user is another one

10
Performance Monitoring
  • Since WLAN has limited bandwidth we need to
    determine who is using the bandwidth and when
  • We dont need performance monitoring if IDS has
    built-in rate Limiter functionality, but we can
    use it to report on usage statistics, for future
    growth

11
Monitoring and Maintenance
  • Monitoring must be active 24x7 to be effective
  • The security policy must define contact
    personnel, and what steps to take to respond
    properly
  • The reports that are generated from an IDS must
    be treated with utmost importance
  • Periodic upgrades and ongoing training for the
    IDS specialist ensure continued success in
    effective use of the IDS
  • Periodic spot-checking of the IDS should be
    considered mandatory

12
Thin Clients
  • Based on a hybrid of the mainframe-terminal and
    the client-server model
  • Clients run an OS of their own, but all
    processing is done at the server
  • Come in the form of thin client software running
    on a notebook computer or an actual machine
  • Low Total Cost of Ownership
  • Peer-to-peer attacks yield no useful info
  • They pass screenshots, mouse clicks, and screen
    updates which use minimal bandwidth
  • Client authentication is required
  • SSH2 can be used to authenticate and tunnel
    encrypted traffic

13
Authenticated DHCP Services
  • IETF RFC 3118 adds authentication to DHCP
  • DHCP clients and server are able to authenticate
    one another
  • IP connectivity is given only to authorized
    clients
  • Prevents rogue and malicious DHCP clients and
    servers from unauthorized access , DoS, theft of
    services or hijacking attacks
  • To implement it, administrators must deploy RFC
    3118 compatible software on all PCs, and upgrade
    existing DHCP servers to support DHCP
    authentication
  • Users must also devise an authentication key
    scheme and distribute it to all authenticated
    DHCP clients

14
Traffic Baselining
  • Analyze the performance of a selected network
    segment over a period of time (represent network
    normalcy)
  • Provides reference points for current use, and
    for required modifications when adding new
    services or users (baselining for performance)
  • Identify performance issues and provide info for
    security (min, max, or average values from
    baseline data can be used for setting alarm
    thresholds in IDS)
Write a Comment
User Comments (0)
About PowerShow.com