Documente Academic
Documente Profesional
Documente Cultură
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 52
WLAN Security
Denial of Service Attacks
RF Jamming
Any intentional or un-intentional RF transmitter in the same frequency
can adversely affect the WLAN
DoS using 802.11 Management frames
Management frames are not authenticated today
Trivial to fake the source of a management frame
De-Authentication floods are probably the most worrisome
Misuse of Spectrum (CSMA/CA – Egalitarian Access!)
“Silencing” the network with RTS/CTS floods, Big-NAV Attacks
802.1X Authentication floods and Dictionary attacks
Overloading the system with unnecessary processing
Legacy implementations are prone to dictionary attacks, in addition to
other algorithm-based attacks
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 53
Wireless Security
MAC Address Spoofing
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 54
Wireless Security:
Sniffing and Reconnaissance
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 55
Wireless Security
Man in the Middle Attack
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 56
Quick Look: Common WLAN
Exploits/Tools
Remote-Exploit/Backtrack/Auditor
Aircrack, WEPcrack, etc
coWPAtty
Kismet
NetStumbler, Hotspotter, etc
AirSnort
Sniffing tools: OmniPeek, Wireshark
dsniff, nmap
wellenreiter
asleap
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 57
Ounce of Prevention…
Stop the Attack Before It Happens
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 58
Ounce of Prevention…
Stop the Attack Before It Happens
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 59
Cisco’s Attack Detection Mechanisms
Adaptive
Base IDS
wIPS
Built-in to
controller Requires MSE
software
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 61
Adaptive wIPS Difference #1
Alarm Aggregation and Correlation
Base Controller IDS Adaptive wIPS
WCS
WCS
WLC MSE
AP WLC
AP
No Alarm Correlation
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 62
Adaptive wIPS Difference #2
Breadth of Alarms Detected
Base Controller IDS Adaptive wIPS
Only 17 signatures
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 63
Adaptive wIPS Difference #2
(Cont) – Attack Encyclopedia
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 64
Adaptive wIPS Difference #3
Forensic Packet Capture
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 65
Adaptive wIPS Difference #3
Forensic Packet Capture
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 66
Adaptive wIPS Difference #4
Historic Reporting
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 67
Adaptive wIPS
Types of Reports
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 68
Adaptive wIPS
Creating Reports • Filter by MSE
• Or by WLC
• Add/Remove Columns
• Sort by Columns
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 69
Example Report
wIPS Alarm List
Attack
Timeline
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 70
Example Report
wIPS Top 10 APs
Alarm Severities
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 71
WCS Security Dashboard
Controller IDS
and Adaptive
wIPS Alarms
Security Index
Rogues by
Category
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 72
Adaptive wIPS
Components and Functions
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 73
Mobility Services Engine
Support for Cisco Motion Services
3310 Mobility Services Engine 3350 Mobility Services Engine
Supports Adaptive wIPS for up to 2000 Supports Adaptive wIPS for up to 3000
Monitor Mode APs Monitor Mode APs
Supports Context Aware for up to 2000 Supports Context Aware for up to 18000
tracked devices tracked devices
Requires WLC software version 4.2.130 or Requires WLC software version 4.2.130
later and WCS version 5.2 or later. or later and WCS version 5.1 or later.
BRKAGG-2015_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 75