110 likes | 204 Views
Security in Wireless Networks. 458 Security Offense Debate: Wireless Security by Cisco Group DoubleDeuce. Jibran Ilyas Frank LaSota Paul Lowder Juan Mendez May 30, 2009. Introduction. Cisco Centricity Flaws with Article Points Not Addressed The Future/Best Practices.
E N D
Security in Wireless Networks 458 Security Offense Debate: Wireless Security by Cisco Group DoubleDeuce Jibran Ilyas Frank LaSota Paul Lowder Juan Mendez May 30, 2009
Introduction • Cisco Centricity • Flaws with Article • Points Not Addressed • The Future/Best Practices
Cisco Centric Solution • Focus is on Cisco wireless solution • Advocates a need for network-wide security solution • Products Products and More Products • CUWN – Cisco Unified Wireless Network • CSA – Cisco Security Agent • Cisco NAC • Cisco Firewalls • Cisco IPS • CS-MARS – network security monitoring • Gartner group cautions little integration
Cisco Centric Solution - cont Claims about Cisco Security product line Scalable, Managable, Secure Lowest Total Cost of Ownership Self-defending, proactive, against most attacks Does not compare other solutions
Flaws With Article • ‘Cisco… does not mean just putting more boxes on the network’? • Client Devices • Access Points • Wireless Controllers • Mobility Services • Network Mngmt • Campus Network Architecture ‘.. What does it do?’ • Vs Branch Architecture? Click for 2 graphics
Flaws With Article - cont • Audience Is Unclear • Technical vs Executives – business case? • Oblivious to the fact that WEP is still dominant in most corporate environments • Assumes implementation of 802.11i encryption • Cisco slow to market with new solutions 802.11n
Points Not Addressed • Financial costs/risks not highlighted • Cost justification process unclear • Cisco expensive • Not enough content on methodology /process fix • Doesn’t bring home risks of rogue devices • No mention of signal controlling • No mention of custom virus infiltration and controls
Points Not Addressed - cont Security advisories a full time job Significant updating • Single Vendor soln. for end to end security? • Vendor Lock in an issue • Missing functionality? Cisco low rated on EPP anti-virus
Best Practices • Recommended methodology for wireless protection • Security Policy – what to protect • Segment/Isolate networks critical data • Hire wireless pen testers to conduct tests against the network • Choose current methodologies over new devices • Security device installed and forgotten • Intruder sophistication recognized
Best Practices – cont. Wireless Planning Guest access planning - use virtual LAN (VLAN) tunnels to route users outside the firewall Use centrally controlled access points Site Survey, Limit Coverage Areas Turn off SSID, use unique anonymous names Migrate to WPA2 Client Configurations Important Personal firewalls Turn off peer-to-peer/ad hoc networking. Wireless and wired NICs should not be allowed to be active at the same time on a client
Questions Welcome • Useful Links • NIST Wireless Security Standards • http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf • Network World Wireless Security Research • http://www.networkworld.com/topics/wireless-security.html • InfoTech Research Group for Wireless Security • http://www.infotech.com/ITA/Research%20Centers/Security/Wireless%20Security.aspx • Gartner Articles • Introduction to Wi-Fi Security Best Practices. John Girard, John Pescatore. ID Number: G00144428 • Magic Quadrant for Wireless LAN Infrastructure. Michael J. King, Tim Zimmerman. ID Number: G00163188 Thank You! Jibran Ilyas Frank LaSota Paul Lowder Juan Mendez