logging in or signing up Skyjacking a Cisco WLAN Attack Analysis Airtightnetworks Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 219 Category: Science & Tech.. License: All Rights Reserved Like it (0) Dislike it (0) Added: April 21, 2010 This Presentation is Public Favorites: 1 Presentation Description No description available. Comments Posting comment... By: CiscoWlan (12 month(s) ago) Downlaodable ? Saving..... Post Reply Close Saving..... Edit Comment Close By: CiscoWlan (12 month(s) ago) Nice Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript Slide 1: Skyjacking a Cisco WLAN: Attack Analysis and Countermeasures Presenters: Dr. Pravin Bhagwat, CTO Dr. Hemant Chaskar, Director of Technology Moderator: Sri Sundaralingam, VP of Product Management In the News : Cisco wireless LAN vulnerability could open ‘back door’ Cisco wireless LANs at risk of attack, ‘skyjacking’ Newly discovered vulnerability could threaten Cisco wireless LANs In the News What Cisco says : “No risk of data loss or interception” “Could allow an attacker to cause a denial of service (DoS) condition” What Cisco says It’s not a big deal! Severity = Mild Hmm… : Hmm… ? ? ? What exactly is skyjacking? Do I need to worry about it? How severe is the exploit? What you will learn today : What you will learn today The risk from skyjacking vulnerability is much bigger than stated How to assess if you are vulnerable Countermeasures for skyjacking and other zero-day attacks Five ways a LAP can discover WLCs : Five ways a LAP can discover WLCs Subnet-level broadcast Configured DNS DHCP Over-the-air provisioning (OTAP) Three criteria a LAP uses to select a WLC : Three criteria a LAP uses to select a WLC Primary, Secondary, Tertiary Master mode Maximum excess capacity Step 1 Step 2 Step 3 Over-the-air provisioning (OTAP) : Over-the-air provisioning (OTAP) OTAP exploited for “skyjacking” : OTAP exploited for “skyjacking” Skyjacked LAP denies service to wireless users : Skyjacked LAP denies service to wireless users Slide 11: Is this just tip of the iceberg? Secure WLAN enterprise access : Secure WLAN enterprise access Before Authorized LAP skyjacked – DoS : Authorized LAP skyjacked – DoS Before DoS Authorized LAP turned into Open Rogue AP : Authorized LAP turned into Open Rogue AP Before Rogue on Network Slide 15: Camouflaged Rogue LAP: a backdoor to your enterprise network! Wolf in Sheep Clothing : Wolf in Sheep Clothing Before Rogue on Network Wolf in Sheep Clothing – Scenario 2 : Wolf in Sheep Clothing – Scenario 2 Before Rogue on Network SpectraGuard® Enterprise WLAN policy set-up : SpectraGuard® Enterprise WLAN policy set-up Guest WLAN SSID Allowed Subnet (VLAN) for Guest SSID Normal WLAN operation : Normal WLAN operation Authorized SSIDs are seen in “Green” color and are detected with VLAN identifier to which they connect Device list displayed on SpectraGuard Enterprise console Skyjacking on guest access : Skyjacking on guest access 1 Change in the VLAN is detected 2 SSID marked as “misconfigured” (Background changes to amber) 3 Automatic Prevention started ( Shield icon appears ) Summary : Summary Open rogue WPA2 rogue Open guest rogue AirTight’s SpectraGuard Enterprise : AirTight’s SpectraGuard Enterprise Thanks to patented marker packet technology for accurate wired connectivity detection and unique VLAN Policy Mapping™ architecture The only WIPS that can provide zero-day protection against the most potent form of skyjacking attack Which LAPs can be skyjacked? : Which LAPs can be skyjacked? ? Countermeasures : Countermeasures Manually configure LAPs with preferred WLCs (primary, secondary, tertiary) Manually configure LAPs with LSCs Primarily HA and load balancing feature Impractical Block outgoing traffic from UDP ports 12222 and 12223 on your firewall Not a common practice Turn off OTAP on WLC Ineffective! Practical difficulties: Do you know : Practical difficulties: Do you know If your outgoing UDP ports on the firewall are blocked? Did you test it today? How many VLANs do you have authorized for wireless access? Are all SSIDs mapped to the correct VLANs? When was the last time your LAPs rebooted? When was the last time your WLC taken down for maintenance? If all your APs are compliant with your security policies? How do you know? If all LAPs are configured with primary, secondary and tertiary WLC? If all LAPs are indeed connected to configured WLCs? Slide 26: One mistake and you could be exposed! Adding second, independent layer of WIPS protection : Adding second, independent layer of WIPS protection Misconfigurations Zero-day attacks Designed for security Designed for WLAN access Undesirable connections Misconfigurations Zero-day attacks Undesirable connections AirTight’s SpectraGuard product family : AirTight’s SpectraGuard product family About AirTight Networks : About AirTight Networks The Global Leader in Wireless Security and Compliance For more information on wireless security risks, best practices, and solutions, visit: www.airtightnetworks.com Visit our blog to read the root cause analysis of “Skyjacking: What Went Wrong?” blog.airtightnetworks.com You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Skyjacking a Cisco WLAN Attack Analysis Airtightnetworks Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 219 Category: Science & Tech.. License: All Rights Reserved Like it (0) Dislike it (0) Added: April 21, 2010 This Presentation is Public Favorites: 1 Presentation Description No description available. Comments Posting comment... By: CiscoWlan (12 month(s) ago) Downlaodable ? Saving..... Post Reply Close Saving..... Edit Comment Close By: CiscoWlan (12 month(s) ago) Nice Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript Slide 1: Skyjacking a Cisco WLAN: Attack Analysis and Countermeasures Presenters: Dr. Pravin Bhagwat, CTO Dr. Hemant Chaskar, Director of Technology Moderator: Sri Sundaralingam, VP of Product Management In the News : Cisco wireless LAN vulnerability could open ‘back door’ Cisco wireless LANs at risk of attack, ‘skyjacking’ Newly discovered vulnerability could threaten Cisco wireless LANs In the News What Cisco says : “No risk of data loss or interception” “Could allow an attacker to cause a denial of service (DoS) condition” What Cisco says It’s not a big deal! Severity = Mild Hmm… : Hmm… ? ? ? What exactly is skyjacking? Do I need to worry about it? How severe is the exploit? What you will learn today : What you will learn today The risk from skyjacking vulnerability is much bigger than stated How to assess if you are vulnerable Countermeasures for skyjacking and other zero-day attacks Five ways a LAP can discover WLCs : Five ways a LAP can discover WLCs Subnet-level broadcast Configured DNS DHCP Over-the-air provisioning (OTAP) Three criteria a LAP uses to select a WLC : Three criteria a LAP uses to select a WLC Primary, Secondary, Tertiary Master mode Maximum excess capacity Step 1 Step 2 Step 3 Over-the-air provisioning (OTAP) : Over-the-air provisioning (OTAP) OTAP exploited for “skyjacking” : OTAP exploited for “skyjacking” Skyjacked LAP denies service to wireless users : Skyjacked LAP denies service to wireless users Slide 11: Is this just tip of the iceberg? Secure WLAN enterprise access : Secure WLAN enterprise access Before Authorized LAP skyjacked – DoS : Authorized LAP skyjacked – DoS Before DoS Authorized LAP turned into Open Rogue AP : Authorized LAP turned into Open Rogue AP Before Rogue on Network Slide 15: Camouflaged Rogue LAP: a backdoor to your enterprise network! Wolf in Sheep Clothing : Wolf in Sheep Clothing Before Rogue on Network Wolf in Sheep Clothing – Scenario 2 : Wolf in Sheep Clothing – Scenario 2 Before Rogue on Network SpectraGuard® Enterprise WLAN policy set-up : SpectraGuard® Enterprise WLAN policy set-up Guest WLAN SSID Allowed Subnet (VLAN) for Guest SSID Normal WLAN operation : Normal WLAN operation Authorized SSIDs are seen in “Green” color and are detected with VLAN identifier to which they connect Device list displayed on SpectraGuard Enterprise console Skyjacking on guest access : Skyjacking on guest access 1 Change in the VLAN is detected 2 SSID marked as “misconfigured” (Background changes to amber) 3 Automatic Prevention started ( Shield icon appears ) Summary : Summary Open rogue WPA2 rogue Open guest rogue AirTight’s SpectraGuard Enterprise : AirTight’s SpectraGuard Enterprise Thanks to patented marker packet technology for accurate wired connectivity detection and unique VLAN Policy Mapping™ architecture The only WIPS that can provide zero-day protection against the most potent form of skyjacking attack Which LAPs can be skyjacked? : Which LAPs can be skyjacked? ? Countermeasures : Countermeasures Manually configure LAPs with preferred WLCs (primary, secondary, tertiary) Manually configure LAPs with LSCs Primarily HA and load balancing feature Impractical Block outgoing traffic from UDP ports 12222 and 12223 on your firewall Not a common practice Turn off OTAP on WLC Ineffective! Practical difficulties: Do you know : Practical difficulties: Do you know If your outgoing UDP ports on the firewall are blocked? Did you test it today? How many VLANs do you have authorized for wireless access? Are all SSIDs mapped to the correct VLANs? When was the last time your LAPs rebooted? When was the last time your WLC taken down for maintenance? If all your APs are compliant with your security policies? How do you know? If all LAPs are configured with primary, secondary and tertiary WLC? If all LAPs are indeed connected to configured WLCs? Slide 26: One mistake and you could be exposed! Adding second, independent layer of WIPS protection : Adding second, independent layer of WIPS protection Misconfigurations Zero-day attacks Designed for security Designed for WLAN access Undesirable connections Misconfigurations Zero-day attacks Undesirable connections AirTight’s SpectraGuard product family : AirTight’s SpectraGuard product family About AirTight Networks : About AirTight Networks The Global Leader in Wireless Security and Compliance For more information on wireless security risks, best practices, and solutions, visit: www.airtightnetworks.com Visit our blog to read the root cause analysis of “Skyjacking: What Went Wrong?” blog.airtightnetworks.com