0 Bewertungen0% fanden dieses Dokument nützlich (0 Abstimmungen)
56 Ansichten29 Seiten
The document explains skyjacking vulnerability and why the vulnerability occurs in Cisco WLANs, which Cisco access points are affected, how skyjacking can be exploited to launch potent attacks, and what are the best practices to proactively protect your enterprise network against such zero-day vulnerabilities and attacks.
Originaltitel
Skyjacking a Cisco WLAN Attack Analysis and Countermeasures
The document explains skyjacking vulnerability and why the vulnerability occurs in Cisco WLANs, which Cisco access points are affected, how skyjacking can be exploited to launch potent attacks, and what are the best practices to proactively protect your enterprise network against such zero-day vulnerabilities and attacks.
Copyright:
Attribution Non-Commercial (BY-NC)
Verfügbare Formate
Als PDF, TXT herunterladen oder online auf Scribd lesen
The document explains skyjacking vulnerability and why the vulnerability occurs in Cisco WLANs, which Cisco access points are affected, how skyjacking can be exploited to launch potent attacks, and what are the best practices to proactively protect your enterprise network against such zero-day vulnerabilities and attacks.
Copyright:
Attribution Non-Commercial (BY-NC)
Verfügbare Formate
Als PDF, TXT herunterladen oder online auf Scribd lesen
Countermeasures resenLers: ur. ravln 8hagwaL, C1C ur. PemanL Chaskar, ulrecLor of 1echnology ModeraLor: Srl Sundarallngam, v of roducL ManagemenL Cisco wireless LAN vulnerability could open back door Cisco wireless LANs at risk of attack, skyjacking Newly discovered vulnerability could threaten Cisco wireless LANs In the News No risk of data loss or interception Could allow an attacker to cause a denial of service (DoS) condition What Cisco says Its not a big deal! Severity = Mild Hmm ? ? ? What exactly is skyjacking? Do I need to worry about it? How severe is the exploit? What you will learn today The risk from skyjacking vulnerability is much bigger than stated How to assess if you are vulnerable Countermeasures for skyjacking and other zero-day attacks Five ways a LAP can discover WLCs Subnet-level broadcast Configured DNS DHCP Over-the-air provisioning (OTAP) Three criteria a LAP uses to select a WLC Primary, Secondary, Tertiary Master mode Maximum excess capacity Step 1 Step 2 Step 3 Over-the-air provisioning (OTAP) OTAP exploited for skyjacking Skyjacked LAP denies service to wireless users s this ]ust tip of the iceberg? Secure WLAN enterprise access Before Internal to corporate network 20 WPA2 Corp Comment VLAN Security SSID Internal to corporate network 30 AP Physically Connected To Authorized LAP skyjacked DoS Before Internal to corporate network 20 WPA2 Corp Comment VLAN Security SSID Internal to corporate network 30 AP Physically Connected To DoS Authorized LAP turned into Open Rogue AP Before Internal to corporate network 30 OPEN Corp Comment VLAN Security SSID Internal to corporate network 30 AP Physically Connected To Rogue on Network Camouflaged Rogue LAP: a backdoor to your enterprise network! Wolf in Sheep Clothing Before Internal to corporate network 30 WPA2 Corp Comment VLAN Security SSID Internal to corporate network 30 AP Physically Connected To Rogue on Network Wolf in Sheep Clothing Scenario 2 Before Internal to corporate network 20 WPA2 Corp Internal to corporate network 30 OPEN Guest Comment VLAN Security SSID Internal to corporate network 30 AP Physically Connected To Rogue on Network DoS SpectraGuard
Enterprise WLAN policy set-up
Guest WLAN SSID Allowed Subnet (VLAN) for Guest SSID Normal WLAN operation Authorized SSIDs are seen in Green color and are detected with VLAN identifier to which they connect Device list displayed on SpectraGuard Enterprise console Skyjacking on guest access 1 Change in the VLAN is detected 2 SSID marked as misconfigured (Background changes to amber) 3 Automatic Prevention started ( Shield icon appears ) Summary Guest access as Open Rogue AP (Wolf in Sheep clothing scenario 2) Authorized SSID as Privileged Rogue AP (Wolf in Sheep clothing) Authorized SSID as Open Rogue AP Type of Skyjacking attack
AirTights unique wireless-
wired correlation based threat detection Only over-air threat detection Open rogue WPA2 rogue Open guest rogue AirTights SpectraGuard Enterprise Thanks to patented marker packet technology for accurate wired connectivity detection and unique VLAN Policy Mappingarchitecture The only WIPS that can provide zero-day protection against the most potent form of skyjacking attack Which LAPs can be skyjacked? Vulnerable? Type of Cisco LAP No Configured with locally significant certificates (LSC) Mostly No Configured with preferred WLCs (primary, secondary, tertiary) Yes LAPs using auto discovery ? Countermeasures Manually configure LAPs with preferred WLCs (primary, secondary, tertiary) Manually configure LAPs with LSCs Primarily HA and load balancing feature Impractical Block outgoing traffic from UDP ports 12222 and 12223 on your firewall Not a common practice Turn off OTAP on WLC Ineffective! Practical difficulties: Do you know If your outgoing UDP ports on the firewall are blocked? Did you test it today? How many VLANs do you have authorized for wireless access? Are all SSIDs mapped to the correct VLANs? When was the last time your LAPs rebooted? When was the last time your WLC taken down for maintenance? If all your APs are compliant with your security policies? How do you know? If all LAPs are configured with primary, secondary and tertiary WLC? If all LAPs are indeed connected to configured WLCs? One mistake and you could be exposed! Adding second, independent layer of WIPS protection Misconfigurations Zero-day attacks Designed for security Designed for WLAN access Undesirable connections Misconfigurations Zero-day attacks Undesirable connections SpectraGuard SAFE Wireless Security for Mobile Users AirTights SpectraGuard product family SpectraGuard Online Industrys Only Wireless Security Service SpectraGuard Enterprise Complete Wireless Intrusion Prevention WLAN Coverage & Security Planning SpectraGuard Planner About AirTight Networks The Global Leader in Wireless Security and Compliance For more information on wireless security risks, best practices, and solutions, visit: www.airtightnetworks.com Visit our blog to read the root cause analysis of Skyjacking: What Went Wrong? blog.airtightnetworks.com