Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Computer and network surveillance wikipedia , lookup
Information security wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Authentication wikipedia , lookup
Distributed firewall wikipedia , lookup
Unix security wikipedia , lookup
Computer security wikipedia , lookup
Access control wikipedia , lookup
Mobile security wikipedia , lookup
Security-focused operating system wikipedia , lookup
Cybercrime countermeasures wikipedia , lookup
AirDefense Market Leader in Enabling Risk-Free Wireless LANs Wireless Monitoring & Intrusion Protection COPYRIGHT © 2003 – 2004 AIRDEFENSE, INC. www.airdefense.net Put Wireless LAN Security Monitoring in your budget. ALL RIGHTS RESERVED. - Gartner About AirDefense WHAT WE DO OUR TECHNOLOGY Proactive 24 x 7 Monitoring of Enterprise Airwaves against Rogues, Intruders, Hackers, Interference & Network Abuses Ensures Regulatory & Enterprise Policy Compliances Any Vendor, Any Protocol, Any Device Enterprise Class Distributed Monitoring Architecture – 13 Patents Pending Wireless Intrusion Detection & Protection System with Multiple Correlation & Analysis Engines CUSTOMER PROFILE 250+ Govt. Organizations & Blue-Chip Enterprises (over 80% market share) Proven solution monitoring: Tens of thousands of Access Points Hundreds of thousands of Devices BENEFITS Control over air space Auto-Discovery of all Wireless Assets & Threats Risk-free Wireless Deployments Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Wireless LAN Risks: Hype or Reality Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Understanding SSID & Mac Address SSID helps stations find APs around - 32 byte unique Service Set Identifier of AP - Like your company name on the building - Sent when AP receives a probe request from station - Can be seen in the air SSID Mac Address To deliver traffic, a unique Identifier must be available for each device – Media Access Control (MAC) Address Example: 00-04-5a-03-3c-0f OUI (Organizationally Unique Serial Number Identifier, first 3 characters) Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Vendor OUI Cisco (Aironet) 00-04-96 Agere (Orinoco) 00-02-2D Nokia 00-e0-03 Linksys 00-04-5a Understanding Probes & Beacons User Station PROBES: A Station sends a probe request frame when it needs to obtain information from another station. (For example, a station would send a probe request to determine which access points are within range.) Probes BEACONS: The Access point (AP) periodically sends a beacon frame to announce its presence and relay information, such as timestamp, SSID, and other parameters regarding the access point Beacons Access Point Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Problem: Uncontrolled Medium Wireless LAN is extension of Wired LAN With a single access point, walls come tumbling down The walls of the facility provide aasolid solidline lineofof defense defenseagainst againstintruders intruders The walls of thetofacility provide Ethernet now extends the parking lot! Intruder t r 2 Intruder Server Server Server Computer RF in the AIR is uncontrolled… e a k Vs. Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. AIR Self-Deploying & Transient Networks CORPORATE NETWORK Ad Hoc Network NEIGHBOR A Accidental Association PARKING LOT CONFERENCE ROOM Malicious Association 1. User Station transmits PROBES SHIPPING DEPARTMENT 2. APs transmit BEACONS 3. User Station connects to BEST ACCESS POINT We Don’t Control who we connect to… Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Easier to Attack: Growing Security Threats New & Easier Attack Tools Increasing Sophistication of Attacks Attack Sophistication High WiGLE.net Low 1980 2005 Knowledge Required by Intruder New & Easier Tools make it very easy to attack the Network Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. WLAN – Real World Risks 46 % Of Companies Have Been Victim Of A Security Breach - PwC 61% Of Attacks Were From Hackers 10% Of Attacks Were From Former Employees/ Contractors 83% Of Companies Reported A Monetary Loss Downtime Averaged 1.33 Days Per Employee WLAN Facts: Top 8 Companies That Found A Rogue Device Found Devices With No Security Average Cost Of Loss Per Attack (US Study) 90% Average Cost Of Loss Per Attack (UK Study) 80% Companies That Have Deployed Insecure WLANs 60% Current Growth Of Access Points $416K Current Growth of Stations $220K Avg. # Of Serious Attacks Per Month Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. 100 2M/Qtr 10M/Qtr Best Practices for Wireless LAN Security & Monitoring Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Layered Approach to Security Control the Uncontrollable Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Gartner on WLAN Security Risks 3 “Must Have” WLAN Security Install a centrally managed personal firewall on laptops that are issued wireless NICs Perform wireless intrusion detection to discover rogue access points, foreign devices connecting to corporate access points and accidental associations to nearby access points in use by other companies. Turn on some form of encryption and authentication for supported WLAN use. July 31, 2003 Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Best Practices for Securing Enterprise WLANs No WLANs Monitor & Root out Rogue WLANs WLAN POLICY Lock down APs & User Stations Sanctioned WLANs Use Strong Encryption & Authentication & Authorization Monitor your Air Space Securing the perimeter © Giga Research, a wholly owned subsidiary of Forrester Research, Inc. 802.11 Security Standards WEP: Wired Equivalent Privacy, a wireless encryption standard, which was developed by the IEEE 802.11 standards committee. 802.1X: IEEE 802.1 standard for authentication, which supports multiple authentication modes, including RADIUS, that can be used in wireline and wireless networks. LEAP: Lightweight Extensible Authentication Protocol , which includes Cisco’s proprietary extensions to 802.1X to share authentication data between Cisco WLAN access points and the Cisco Secure Access Control Server. TKIP: Temporal Key Integrity Protocol, which was developed by the IEEE 802.11i standards committee as a WEP improvement. TTLS: Tunneled Transport Layered Security, which was developed by Funk Software and Certicom, now is an IETF draft standard. It is an alternative to PEAP. PEAP: Protected Extensible Authentication Protocol , which was developed by Microsoft, Cisco and RSA Security, is now an IETF draft standard. PEAP encrypts authentication data using a tunneling method. WPA: Wi-Fi Protected Access – Announced by the Wi-Fi Alliance to describe 802.1x with TKIP and MIC. Subset of the 802.11i security standard expected in Q4 ‘03 802.11i: IEEE standards group effort that involves fixing perceived weaknesses in 802.1X and WEP and creating an umbrella standard for 802.11 security Copyright © 2003 AirDefense Proprietary and Confidential. AirDefense Solution: Plug & Protect Wireless Stations Access Points Smart Sensor Appliance Remote Secure Browser Hacker Smart Sensor Rogue Access Point Real-time Monitoring Multiple Correlation, Analysis & IDS Engines Integrated Reporting Centralized Management Smart Sensors scanning 802.11 a/ b/ g Selective processing, Encryption Designed for Enterprise Scalability & Central Management Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. AirDefense Functionality 1 SECURITY Rogue Detection, Analysis & Mitigation Intrusion Detection System Forensics & Incident Analysis Active Defenses 2 COMPLIANCE Enterprise Policy Monitoring Regulatory Compliance DoD, HIPAA SOX, FDIC, OCC, GLBA 3 TROUBLESHOOTING Remote Troubleshooting Availability Network Usage & Performance Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Experience: Fortune 500 Consumer Goods Company AIRPORT 26-STORY ATRIUM SOUTH AFRICA IRELAND JAPAN HONG KONG 20-STORY 3-STORY ARGENTINA MEXICO 11-STORY HEADQUARTERS, USA Centralized Management Console Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. BRAZIL Customer Examples Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Southeastern Hospital - Background Main driver: point of care access to computerized care systems at the bedside: Recent contract with McKesson and Siemens for wireless application deployment Reduction of errors on medications and physician’s orders Reduction of paper in all medical records Improved care through access to information at point of diagnosis and treatment Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Southeastern Hospital - Background Physical plant was saturated with cable, no room for real growth Additional devices required additional equipment in the closets More personnel resources are needed to support additional lines Wireless access will speed up application deployment Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Southeastern Hospital Issues With Rogue Devices Columbus is saturated with wireless deployments Local universities are moving to wireless deployments in their classrooms All students are now outfitted with laptops with WLAN cards for their class work Two largest competitors share a property line with our campus Fear of unauthorized access and HIPAA’s implications Physicians and clinicians bringing in unauthorized devices with wireless access cards Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Southeastern Hospital Rogue Incident #1 – Physician Unauthorized Access / Use New PACS systems was installed in radiology Contract radiologist connected WLAN device to viewing station Was pulling images from other hospitals via this device to be manipulated by 3-D imaging system HIPAA concerns, ownership of data, patient confidentiality Solution – identified rogue device via air defense, removed device, contract was terminated Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Southeastern Hospital Rogue Incident #2 – Vendor With Hacking Software An unauthorized vendor came to sell to a department in hospital Obtained temporary access to WLAN from ED nodes for email and internet Intercepted emails from materials management staff in a matter of minutes Solution – identified rogue vendor as they passed through the hospital with AirDefense, had security meet them, and escorted off the building Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Large Systems Integrator Case #1: Probing Vendor Vendor probing for WLAN within LM Aero controlled facility AirDefense alerted security officer via email. Security resolved situation before any damage was done. Large Systems Integrator Case #2: Mis-configured WLAN Approved WLAN with several configurations out of security specs AirDefense alerted security and network services Security and network services resolved problem. Large Systems Integrator Case #3: Default Configuration Approved AP accidentally reset to factory defaults during construction in area of building AirDefense alerted security of default configuration. Security was able to shut AP down before any intrusions. A Large University Issues: As an educational institution we provide an open flexible network infrastructure Many departments with network admins who want to install their own APs Must maintain a standard configuration policy regardless of hardware used Employees bringing in access points Difficulty identifying WLAN performance issues A Large University How Can the Issues Be Addressed? Communication to staff, faculty, students – difficult at best Create policy not allowing WLAN outside of ITS control – not good, people usually want and push for what they can’t have War-walking 24-7 – time consuming, doesn’t monitor A Large University 24 X 7 Monitoring with AirDefense 24/7 monitoring of airwaves Security policy enforcement A better view of our WLAN than EVER before Time savings Network management Security Product was purchased by security for security purposes – but the reality is that it’s been as much a WLAN performance & management tool Summary 1. 2. 3. 4. 5. 6. WLAN risks made severe by: We don’t control the medium We don’t control who we connect to Every organization has WLANs (rogue or sanctioned) Check out wigle.net Detect and root out rogue WLANs NetStumbler > Kismet > 24 X 7 monitoring Lock down laptops (Probing, ad hoc) WLAN policy is critical (Deployed or prohibited) Define > Monitor > Enforce When deploying, use layered security approach Encryption > Authentication > 24 X 7 RF Monitoring Have Control over your Air Space Assets > Relationships > Behavior Copyright © 2002 – 2004 AirDefense Proprietary and Confidential. Contact us Web: www.AirDefense.NET HQs Phone: 770-663-8115 More info or demo? Darren Hamrick Email: [email protected] Phone: 404-786-1440 Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.