1 / 14

NETW 05A: APPLIED WIRELESS SECURITY Additional Security Solutions

NETW 05A: APPLIED WIRELESS SECURITY Additional Security Solutions. By Mohammad Shanehsaz Spring 2005. Objectives. Describe the following types of intrusion detection methods and tools for WLANs: 24x7 centralized, skilled monitoring Honey pots Professional security audits

dylan-gould
Download Presentation

NETW 05A: APPLIED WIRELESS SECURITY Additional Security Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NETW 05A: APPLIED WIRELESS SECURITY Additional Security Solutions By Mohammad Shanehsaz Spring 2005

  2. Objectives • Describe the following types of intrusion detection methods and tools for WLANs: • 24x7 centralized, skilled monitoring • Honey pots • Professional security audits • Accurate, timely reporting • Distributed agent software • Security spot checking • Available wireless LAN intrusion detection software and hardware tools

  3. Intrusion Detection Systems • An IDS inspects inbound and outbound traffic and attempts to identify suspicious activity • An IDS is different from firewall in that a firewall monitors for intrusion to stop them while an IDS signals an alarm • Wireless IDS can search a WLAN for vulnerabilities, detect and respond to intruders, and help manage it • Wireless IDS use sensors that monitor all wireless traffic and report them to the central server • The sensors provide 24x7 real-time monitoring

  4. Features of IDS • Network-based vs. host-based monitoring • Passive vs. Reactive monitoring • Misuse detection • Anomaly detection • Vulnerability detection • Performance monitoring

  5. Network-based vs. Host-based • Network-based IDS listen on the wireless segment through wireless sensors • To monitor all wireless traffic, sensors must be placed at, in, or near every access point • Host-based IDS, examine data on each host computer, require that IDS agents be running on each node in order to report suspicious activity back to the central server • They are able to monitor attacks against an individual computer more thoroughly

  6. Passive vs. Reactive • IDS in passive mode - if any attacks occur, will raise various alarms to inform the appropriate security personnel to take action • IDS in reactive mode, IDS react to attacks and eliminate them by shutting down services, restrict access to services or disconnecting them altogether • Active vs. reactive settings configured through policy settings in the IDS

  7. Misuse Detection • To detect misuse, the IDS must monitor business rules for WLAN, some of which are: • Limit access points to only operate on specific channels • Require all wireless LAN traffic to be encrypted • Prohibit SSIDs from being broadcast unmasked • Limit traffic on the wireless LAN to occur only within certain hours of the day

  8. Anomaly Detection • Monitors network segments to compare their current status to the normal baseline • Baselines should be established for typical network load, protocols, and packet size • Appropriate personnel should be alerted to any anomalies

  9. Vulnerability Detection • Vulnerabilities to wireless LANs can be detected in real-time • Locating any ad-hoc networks that are actively transmitting traffic, is one way to keep peer-to-peer attacks from occurring • Locating an open rogue access point that has hi-jacked an authorized user is another one

  10. Performance Monitoring • Since WLAN has limited bandwidth we need to determine who is using the bandwidth and when • We don’t need performance monitoring if IDS has built-in rate Limiter functionality, but we can use it to report on usage statistics, for future growth

  11. Monitoring and Maintenance • Monitoring must be active 24x7 to be effective • The security policy must define contact personnel, and what steps to take to respond properly • The reports that are generated from an IDS must be treated with utmost importance • Periodic upgrades and ongoing training for the IDS specialist ensure continued success in effective use of the IDS • Periodic spot-checking of the IDS should be considered mandatory

  12. Thin Clients • Based on a hybrid of the mainframe-terminal and the client-server model • Clients run an OS of their own, but all processing is done at the server • Come in the form of thin client software running on a notebook computer or an actual machine • Low Total Cost of Ownership • Peer-to-peer attacks yield no useful info • They pass screenshots, mouse clicks, and screen updates which use minimal bandwidth • Client authentication is required • SSH2 can be used to authenticate and tunnel encrypted traffic

  13. Authenticated DHCP Services • IETF RFC 3118 adds authentication to DHCP • DHCP clients and server are able to authenticate one another • IP connectivity is given only to authorized clients • Prevents rogue and malicious DHCP clients and servers from unauthorized access , DoS, theft of services or hijacking attacks • To implement it, administrators must deploy RFC 3118 compatible software on all PCs, and upgrade existing DHCP servers to support DHCP authentication • Users must also devise an authentication key scheme and distribute it to all authenticated DHCP clients

  14. Traffic Baselining • Analyze the performance of a selected network segment over a period of time (represent network normalcy) • Provides reference points for current use, and for required modifications when adding new services or users (baselining for performance) • Identify performance issues and provide info for security (min, max, or average values from baseline data can be used for setting alarm thresholds in IDS)

More Related