1 / 26

Wireless Networks: There Be Dragons

Copyright (C) Manageworx 2003. 2. . . Copyright (C) Manageworx 2003. 3. Agenda. The business impact of wirelessWireless Networking basicsBrief history of WLANWLAN threats (802.11b)WLAN risk mitigationConclusions. Copyright (C) Manageworx 2003. 4. The Impact. Wireless is at the same state today that the Internet was in 1995As of 2003, 1/5th of the world's population using wireless devicesWLAN Business Drivers:Faster realization of ROI32 users with a total cost of ownership of $20,000 o29970

carter
Download Presentation

Wireless Networks: There Be Dragons

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Wireless Networks: There Be Dragons! Marc Rogers PhD, CISSP Director of Information Security Services Manageworx Infosystems Inc.

    2. Copyright (C) Manageworx 2003 2

    3. Copyright (C) Manageworx 2003 3 Agenda The business impact of wireless Wireless Networking basics Brief history of WLAN WLAN threats (802.11b) WLAN risk mitigation Conclusions

    4. Copyright (C) Manageworx 2003 4 The Impact Wireless is at the same state today that the Internet was in 1995 As of 2003, 1/5th of the world’s population using wireless devices WLAN Business Drivers: Faster realization of ROI 32 users with a total cost of ownership of $20,000 over three years would deliver a benefit of $300,000 over a three-year period. 150 users with a total cost of ownership of $60,000 over three years would deliver a benefit of $1,000,000 over a three-year period. 1000 users with a total cost of ownership of $400,000 over three years would deliver a benefit of $5,000,000 over a three-year period. (Source: IntelFinance 2002)

    5. Copyright (C) Manageworx 2003 5 Growth of WLAN

    6. Copyright (C) Manageworx 2003 6 Vertical Mobile Application Trends

    7. Copyright (C) Manageworx 2003 7 Impact of Mobile Applications

    8. Copyright (C) Manageworx 2003 8 Basic Overview Wireless Networks Transport mechanism between devices and the traditional wired networks Covers various technologies 2G Cellular, Cellular Digital Packet Data (CDPD), Global System for Mobile Communication (GSM), WLAN Ad Hoc Networks Shifting network topologies Short distances Blue tooth Cell phones Laptops PDAs Wireless LANS (WLANS) Connects computers and other components to networks using an access point device 802.11 IEEE Standard

    9. Copyright (C) Manageworx 2003 9 WLAN History Late 1980’s Motorola developed the first commercial WLAN 1990 – IEEE initiated the 802.11 project 1997 - IEEE approves the 802.11 international interoperability standard 1999 – IEEE ratifies the 802.11a & 802.11b wireless network communication standard 802.11b is the current, most used standard Frequency 2.4GHz – 2.5GHz Industrial, Scientific, and Medical (ISM) Maximum transmission speed 11Mbits per second 802.11a is soon to be released 5 GHz frequency 54 Mbps

    10. Copyright (C) Manageworx 2003 10 WLAN Threats All the vulnerabilities that exist in a wired network Plus others General consensus on at least 8 top issues

    11. Copyright (C) Manageworx 2003 11 WLAN Security Top 8 Security Issues with 802.11b Access Point Mapping SSID Broadcasting SSID Naming Conventions Security Architecture Radio Frequency Management Default Settings Encryption Authentication

    12. Copyright (C) Manageworx 2003 12 Top 802.11b Security Issues 1. Access Point Mapping Access points can be monitored and located using freely available software, known as ‘war driving.’ Mapping tools can give you information that can allow you to become part of their network, such as channel number (you can change the name of your wireless to match the ssid, and at that point you can actually become part of the network, as long as they assign you an ip address, through dhcp, or if you can sniff an ip address you can simply change yours to match. You also get longitude and latitude parameters with gps capabilities.Mapping tools can give you information that can allow you to become part of their network, such as channel number (you can change the name of your wireless to match the ssid, and at that point you can actually become part of the network, as long as they assign you an ip address, through dhcp, or if you can sniff an ip address you can simply change yours to match. You also get longitude and latitude parameters with gps capabilities.

    13. Copyright (C) Manageworx 2003 13 Top 802.11b Security Issues 1. Access Point Mapping By getting the latitude and longitude parameters from the software, you can know exactly where the access points are, and at that point you can basically do anything you like within the realm of your creativity.By getting the latitude and longitude parameters from the software, you can know exactly where the access points are, and at that point you can basically do anything you like within the realm of your creativity.

    14. Copyright (C) Manageworx 2003 14 Top 802.11b Security Issues 2. SSID Broadcasting The ssid is essentially the network name, which allows an attacker to simply change the network name on his/her laptop, which in effect allows the attacker to become part of the network. That’s all it really takes.The ssid is essentially the network name, which allows an attacker to simply change the network name on his/her laptop, which in effect allows the attacker to become part of the network. That’s all it really takes.

    15. Copyright (C) Manageworx 2003 15 Top 802.11b Security Issues 3. SSID Naming Conventions Vendors will have ‘default’ ids and passwords set that can be used by attackers. Shown in the box is the default Cisco wireless id.Vendors will have ‘default’ ids and passwords set that can be used by attackers. Shown in the box is the default Cisco wireless id.

    16. Copyright (C) Manageworx 2003 16 Top 802.11b Security Issues 4. Security Architecture If you’ve got an access point in the internal network, then you’ve basically opened it up to everyone. A better to solution is to create a dmz where you have an access point, which is shown on the next slide. If you’ve got an access point in the internal network, then you’ve basically opened it up to everyone. A better to solution is to create a dmz where you have an access point, which is shown on the next slide.

    17. Copyright (C) Manageworx 2003 17 Top 802.11b Security Issues 5. Radio Frequency Management Making sure that your footprint doesn’t go past what you can control. Bluetooth can impact the availability of your 802.11b network, because bluetooth can disrupt your signals (that’s why they don’t allow you to use your cellphones in hospitals, etc.)Making sure that your footprint doesn’t go past what you can control. Bluetooth can impact the availability of your 802.11b network, because bluetooth can disrupt your signals (that’s why they don’t allow you to use your cellphones in hospitals, etc.)

    18. Copyright (C) Manageworx 2003 18 Top 802.11b Security Issues 6. Default Settings Unless you take some steps to increase the security of the ‘default’ shipment of wireless, then you don’t really have any security at all.Unless you take some steps to increase the security of the ‘default’ shipment of wireless, then you don’t really have any security at all.

    19. Copyright (C) Manageworx 2003 19 Top 802.11b Security Issues 7. Encryption Encryption can protect your wireless transmissions.Encryption can protect your wireless transmissions.

    20. Copyright (C) Manageworx 2003 20 Top 802.11b Security Issues 8. Authentication You need to add user and device authentication to increase the security of your wireless networks. Eg, two-factor, radius, tacacs, vpns,etc.You need to add user and device authentication to increase the security of your wireless networks. Eg, two-factor, radius, tacacs, vpns,etc.

    21. Copyright (C) Manageworx 2003 21 Risk Mitigation Management Countermeasures Security Policy WLAN specific Policy Operational Countermeasures Physical security Access controls Placement of the AP Location Range

    22. Copyright (C) Manageworx 2003 22 Risk Mitigation Technical Countermeasures Hardware/Software solutions Access Point configuration Updating default passwords Proper encryption settings Controlling the reset function MAC ACL functionality Changing the SSID Changing the default crypto keys

    23. Copyright (C) Manageworx 2003 23 Risk Mitigation Technical Countermeasures (cont’d) Change default SNMP parameter Change default channel DHCP Authentication VPNs BIOMETERICS Personal firewalls IDS Security Assessments

    24. Copyright (C) Manageworx 2003 24 Conclusions Wireless technology is in boom phase Businesses are “leaping” into the wireless arena Caution is required Still an evolving technology WLAN has risks Need to properly manage the “risk” No magic bullet for complete protection Treat WLAN traffic as “Untrusted” traffic

    25. Copyright (C) Manageworx 2003 25 Wireless Security Tools Net Stumbler http://www.netstumbler.com WEP Crack http://wepcrack.sourceforge.net MAC Stumbler http://macstumbler.com Airsnort http://airsnort.shmoo.com

    26. Copyright (C) Manageworx 2003 26 QUESTIONS

    27. Copyright (C) Manageworx 2003 27 Contact Information Dr. Marc Rogers (204) 989-8750 mkr@manageworx.com www.manageworx.com

More Related