• Home

  • Documents

  • Cisco Wireless Security Soluons – External · PDF fileCisco Wireless Security Soluons...
2
Cisco Wireless Security Solu/ons – External Threats The Challenge of Wireless Security Implementa/on of wireless systems presents a unique security concern in that wireless is an uncontained medium. Two primary concern arise from this, unauthorized access, and “eves dropping”. Wireless networks can be segregated into separate network so unauthorized access to proprietary informa/on would not be possible however; this then limits the usefulness of the system. In order to achieve versa/le yet secure access via the wireless system, comprehensive security mechanisms must be put into place. Cisco’s Approach to Wireless Security Comprehensive security requires a mul/‐/ered approach: Layer 1, Surveillance Layer 2 and 3 Authen/ca/on, Encryp/on, Detec/on Layer 4‐7 Encryp/on and Assessment. Mi/ga/on at all levels Cisco provides a comprehensive approach to wireless security, offering enterprises the ability to address the threats of access and eves dropping. This at‐a‐glance focuses on the external threats that a WLAN will encounter and the mechanisms to detect and mi/gate these threats. This capability will assist the enterprise in preven/ng both unwanted access and disrup/on. External Threats Threats in the network can come from inten/onal aVackers trying to gain access to a network or to render that network unusable (aVacks). It can also come from well meaning employees trying to provide access to simplify their efforts (rouges). A comprehensive strategy involves both detec/ng and classifying aVacks as they occur as well as taking ac/on to mi/gate the threats. Protec;ng Your Network The Cisco Adap/ve Wireless Intrusion Protec/ons provides the detec/on, classifica/on, loca/on and mi/ga/on of wireless threats. Uninten/onal threats such as rouge APs can provide serious security threats. More sophis/cated threats exist with readily available so\ware to allow the rouge device to work off‐channel making it undetectable for many wireless systems. These rouge devices present backdoor access to the network and put company assets at risk. Cisco’s Wireless IDS along with Clean Air technology can detect, classify, and locate these threats. © 2011 Cisco and/or its affiliates. All Rights Reserved

Cisco Wireless Security Soluons – External · PDF fileCisco Wireless Security Soluons – External Threats The Challenge of Wireless Security Implementaon of wireless systems presents

Embed Size (px)

Citation preview

Page 1: Cisco Wireless Security Soluons – External · PDF fileCisco Wireless Security Soluons – External Threats The Challenge of Wireless Security Implementaon of wireless systems presents

Cisco Wireless Security Solu/ons – External Threats  

The Challenge of Wireless Security Implementa/on of wireless systems presents a unique security concern in that wireless is an uncontained medium.  Two primary concern arise from this, unauthorized access, and “eves dropping”.  Wireless networks can be segregated into separate network so unauthorized access to proprietary informa/on would not be possible however; this then limits the usefulness of the system. In order to achieve versa/le yet secure access via the wireless system, comprehensive security mechanisms must be put into place.  

Cisco’s Approach to Wireless Security  Comprehensive security requires a mul/‐/ered approach: •  Layer 1, Surveillance •  Layer 2 and 3 Authen/ca/on, Encryp/on, Detec/on •  Layer 4‐7 Encryp/on and Assessment.   •  Mi/ga/on at all levels   Cisco provides a comprehensive approach to wireless security, offering enterprises the ability to address the threats of access and eves dropping.  This at‐a‐glance focuses on the external threats that a WLAN will encounter and the mechanisms to detect and mi/gate these threats.  This capability will assist the enterprise in preven/ng both unwanted access and disrup/on.   

External Threats  Threats in the network can come from inten/onal aVackers trying to gain access to a network or to render that network unusable (aVacks).  It can also come from well meaning employees trying to provide access to simplify their efforts (rouges).  A comprehensive strategy involves both detec/ng and classifying aVacks as they occur as well as taking ac/on to mi/gate the threats.   

 Protec;ng Your Network  The Cisco Adap/ve Wireless Intrusion Protec/ons provides the detec/on, classifica/on, loca/on and mi/ga/on of wireless threats.  Uninten/onal threats such as rouge APs can provide serious security threats.  More sophis/cated threats exist with readily available so\ware to allow the rouge device to work off‐channel making it undetectable for many wireless systems.  These rouge devices present backdoor access to the network and put company assets at risk.  Cisco’s Wireless IDS along with Clean Air technology can detect, classify, and locate these threats.  

© 2011 Cisco and/or its affiliates.  All Rights Reserved  

Page 2: Cisco Wireless Security Soluons – External · PDF fileCisco Wireless Security Soluons – External Threats The Challenge of Wireless Security Implementaon of wireless systems presents

Protec;ng Your Network (Con;nued)  Clean Air is a technology that processes the incoming signal while it is s/ll at the AP.  Processing at the AP allows for distribu/ng the processing.  More important, it allows the centralized system to focus on correla/ng, loca/ng, and mi/ga/ng these threats without the constant aVen/on of the network administrator.    Inten/onal aVackers also pose a serious risk to any wireless system.  One of the most common types of aVacks on a network is Denial of Service (DoS) aVack.  Wireless aVackers can emulate large numbers of clients, consuming the resources of the AP.  AVackers can do similar ac/ons against the RADIUS servers or even other clients.  Le\ unaVended, this can make the network unusable and force clients to con/nue to try to re‐authen/cate giving aVackers an opportunity to detect passwords and ul/mately gain access into the system.    In order to do this, a specific type of aVack is employed that a form of ARP flooding.  All of these aVacks present certain “signatures” in layer 2 or layer 3 traffic.  The Wireless IDS system recognizes these signatures and will alert and recommend or take ac/on.  This provides the operator with contextual visibility into the vulnerability and provides this visibility without the constant vigilance of someone watching or roaming the area with detec/on devices.    These threats (and other similar threats) have driven the Department of Defense to issue STIG 8420.01: www.d/c.mil/whs/direc/ves/corres/pdf/842001p.pdf    This states that “DoD Components shall ensure that a wIDS is implemented that allows for monitoring of WLAN ac/vity and the detec/on of WLAN‐related policy viola/ons on all unclassified and classified DoD wired and wireless LANs."    Cisco’s APs, Controllers, and WCS have built in wIDS capability that meets the needs of this requirement.  However, for comprehensive wIPS Cisco provides “Adap/ve” wIPS which adds the capability to add a Mobility Services Engine, providing loca/on, history, classifica/on, correla/on, and mi/ga/on.  The AwIPS capability allows the operator to provide preset responses so that the detec/on, no/fica/on and mi/ga/on are all done autonomously.  This greatly reduces the opera/ons /me and cost.  More informa/on is available at this site:  www.cisco.com/go/wips     

Cisco’s Solu;on for Wireless Security  While detec/ng and mi/ga/ng network intrusion is vital to having a secure wireless network, there are many parts to wireless security.  Cisco uses a comprehensive approach to providing security.    

 

Cisco Wireless LAN Controllers and Access Points  Secure over the air communica/on: •  Management Frame Protec/on •  FIPS Validated 802.11i data encryp/on •  Port based 802.1x over the air authen/ca/on enforced at 

the Access Point  Secure Wireless Infrastructure:  •  All components, APs & WLAN Controllers installed with     

x.509 Cer/ficates to ensure only trusted APs communicate to WLAN Controller 

•  IETF Standards based CAPWAP protocol between AP and WLAN controller ensures secure, publically veVed protocol 

•  FIPS Validated AES 256 encryp/on of all CAPWAP control and data traffic. 

 Provides Wireless Intrusion Detec/on and Protec/on: •  Detect, alert and mi/gate for any unauthorized Wi‐Fi 

device •  Detect and alert over the air wireless aVacks and exploits •  Iden/fy and track the loca/on of the unauthorized devices  Supports Clean Air technology: •  Iden/fica/on of non‐WiFi threats  •  Loca/on of those threats •  Rapid adapta/on of the network to the threats  Cisco Adap;ve Security Appliance 5500 Series & AnyConnect  Secure supplicant for wireless devices: •  PC •  Apple OS and iOS •  Android (including CIUS and Samsung Galaxy)  •  Windows Mobile  VPN connec/vity can be layered on top of wireless security.  Includes firewall and posture for status of an/‐virus, an/‐spyware, and firewall on devices.  Cisco Access Control System  Delivers an 802.1X authen/ca/on server, VLAN override capability and Secure Authen/ca/on of Management. 

 Cisco Catalyst Switches  Integrates 802.1X authen/ca/on of access points and VLAN separa/on of traffic. 

 Learn More   For more informa/on, please go to the following website: www.cisco.com/go/cyber 

Cisco Wireless Security Solu/ons – External Threats 

© 2011 Cisco and/or its affiliates.  All Rights Reserved  


Wireless Security

Wireless Security

Documents
Wireless Network Security - WordPress.com · Wireless Network Security 1 IT352 | Network Security |Najwa AlGhamdi Wireless LAN Security Slide from 2nd book 802.11 Wireless LAN Security

Wireless Network Security - WordPress.com · Wireless Network Security 1 IT352 | Network Security |Najwa AlGhamdi Wireless LAN Security Slide from 2nd book 802.11 Wireless LAN Security

Documents
CWSP Guide to Wireless Security Wireless Security Policy

CWSP Guide to Wireless Security Wireless Security Policy

Documents
Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

Documents
Engineered Soluons For Pipe Moon

Engineered Soluons For Pipe Moon

Documents
CWSP Guide to Wireless Security Wireless Security Models

CWSP Guide to Wireless Security Wireless Security Models

Documents
Wireless (In)security: The true state of wireless security

Wireless (In)security: The true state of wireless security

Documents
Wireless technologies Wireless Network Security

Wireless technologies Wireless Network Security

Documents
Security Testing Automation and Reporting-26May2011-ISSA ......Agenda • Definions • Methodology) • Workflow • Repor,ng) • Problems) • Soluons 26/05/2011 Intru9Shun.caInc.)

Security Testing Automation and Reporting-26May2011-ISSA ......Agenda • Definions • Methodology) • Workflow • Repor,ng) • Problems) • Soluons 26/05/2011 Intru9Shun.caInc.)

Documents
SALE | SERVICE | SUPPORT | AMC | RENTkkrishinfotech.com/Downloads/CorporateFlyer.pdf · Website Development (Responsive) Digital Markeng Soluons Graphic Designing DLP Soluons We take

SALE | SERVICE | SUPPORT | AMC | RENTkkrishinfotech.com/Downloads/CorporateFlyer.pdf · Website Development (Responsive) Digital Markeng Soluons Graphic Designing DLP Soluons We take

Documents
Mobile Security - Wireless Mesh Network Security · PDF fileOverview Introduction •Wireless Ad-hoc Networks •Wireless Mesh Networks Security in Wireless Networks Attacks on Wireless

Mobile Security - Wireless Mesh Network Security · PDF fileOverview Introduction •Wireless Ad-hoc Networks •Wireless Mesh Networks Security in Wireless Networks Attacks on Wireless

Documents
Retrofit Engineering Soluons

Retrofit Engineering Soluons

Documents
Cisco Wireless Security Soluons – External Threats · security concern in that wireless is an uncontained medium. Two ... backdoor access to the network and put company assets at

Cisco Wireless Security Soluons – External Threats · security concern in that wireless is an uncontained medium. Two ... backdoor access to the network and put company assets at

Documents
Emerson Wireless Security - Information Security Reportinformationsecurity.report/Resources/Whitepapers/095f3873-ad8e-4682... · Emerson Wireless Security ... DeltaV Wireless I/O

Emerson Wireless Security - Information Security Reportinformationsecurity.report/Resources/Whitepapers/095f3873-ad8e-4682... · Emerson Wireless Security ... DeltaV Wireless I/O

Documents
CWSP Guide to Wireless Security Enterprise Wireless Hardware Security

CWSP Guide to Wireless Security Enterprise Wireless Hardware Security

Documents
Octane Software Soluons

Octane Software Soluons

Data & Analytics
Wireless Security - George Mason Universityastavrou/courses/isa_656_F08/...Wireless Security Wireless Security Confidentiality Integrity Wireless Architecture Access Points Which

Wireless Security - George Mason Universityastavrou/courses/isa_656_F08/...Wireless Security Wireless Security Confidentiality Integrity Wireless Architecture Access Points Which

Documents
A Home of Complete Electrical & Security System Soluons in ... catlog.pdf · A Home of Complete Electrical & Security System Soluons in warehousing. Since 2006 We would like to introduce

A Home of Complete Electrical & Security System Soluons in ... catlog.pdf · A Home of Complete Electrical & Security System Soluons in warehousing. Since 2006 We would like to introduce

Documents
CWSP Guide to Wireless Security Foundations of Wireless Security

CWSP Guide to Wireless Security Foundations of Wireless Security

Documents
Wireless Security - Layer 2 Attacks - Cisco · Cisco Wireless Security Soluons – Layer 2 Aacks The Challenge of Wireless Security Implementaon of wireless systems presents a unique

Wireless Security - Layer 2 Attacks - Cisco · Cisco Wireless Security Soluons – Layer 2 Aacks The Challenge of Wireless Security Implementaon of wireless systems presents a unique

Documents