Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Skyjacking A Cisco WLAN Attack Analysis and Countermeasures

    Hochgeladen von

    AirTightNetworks
    56 Ansichten29 Seiten
    The document explains skyjacking vulnerability and why the vulnerability occurs in Cisco WLANs, which Cisco access points are affected, how skyjacking can be exploited to launch potent attacks, and what are the best practices to proactively protect your enterprise network against such zero-day vulnerabilities and attacks.

    Originaltitel

    Skyjacking a Cisco WLAN Attack Analysis and Countermeasures

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    The document explains skyjacking vulnerability and why the vulnerability occurs in Cisco WLANs, which Cisco access points are affected, how skyjacking can be exploited to launch potent attacks, and what are the best practices to proactively protect your enterprise network against such zero-day vulnerabilities and attacks.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    56 Ansichten29 Seiten

    Skyjacking A Cisco WLAN Attack Analysis and Countermeasures

    Hochgeladen von

    AirTightNetworks
    The document explains skyjacking vulnerability and why the vulnerability occurs in Cisco WLANs, which Cisco access points are affected, how skyjacking can be exploited to launch potent attacks, and what are the best practices to proactively protect your enterprise network against such zero-day vulnerabilities and attacks.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 29

    Sky[ack|ng a C|sco WLAN:

    Attack Ana|ys|s and


    Countermeasures
    resenLers:
    ur. ravln 8hagwaL, C1C
    ur. PemanL Chaskar, ulrecLor of 1echnology
    ModeraLor:
    Srl Sundarallngam, v of roducL ManagemenL
    Cisco wireless LAN vulnerability could
    open back door
    Cisco wireless LANs at risk of attack,
    skyjacking
    Newly discovered vulnerability could
    threaten Cisco wireless LANs
    In the News
    No risk of data loss or interception
    Could allow an attacker to cause a
    denial of service (DoS) condition
    What Cisco says
    Its not a big deal!
    Severity = Mild
    Hmm
    ?
    ?
    ?
    What exactly is skyjacking?
    Do I need to worry about it?
    How severe is the exploit?
    What you will learn today
    The risk from skyjacking vulnerability is much bigger
    than stated
    How to assess if you are vulnerable
    Countermeasures for skyjacking and other zero-day
    attacks
    Five ways a LAP can discover WLCs
    Subnet-level broadcast
    Configured
    DNS
    DHCP
    Over-the-air provisioning (OTAP)
    Three criteria a LAP uses to select a WLC
    Primary, Secondary, Tertiary
    Master mode
    Maximum excess capacity
    Step 1
    Step 2
    Step 3
    Over-the-air provisioning (OTAP)
    OTAP exploited for skyjacking
    Skyjacked LAP denies service to
    wireless users
    s this ]ust tip
    of the iceberg?
    Secure WLAN enterprise access
    Before
    Internal to corporate network 20 WPA2 Corp
    Comment VLAN Security SSID
    Internal to corporate network 30
    AP Physically
    Connected To
    Authorized LAP skyjacked DoS
    Before
    Internal to corporate network 20 WPA2 Corp
    Comment VLAN Security SSID
    Internal to corporate network 30
    AP Physically
    Connected To
    DoS
    Authorized LAP turned into Open Rogue AP
    Before
    Internal to corporate network 30 OPEN Corp
    Comment VLAN Security SSID
    Internal to corporate network 30
    AP Physically
    Connected To
    Rogue on
    Network
    Camouflaged Rogue LAP:
    a backdoor to your
    enterprise network!
    Wolf in Sheep Clothing
    Before
    Internal to corporate network 30 WPA2 Corp
    Comment VLAN Security SSID
    Internal to corporate network 30
    AP Physically
    Connected To
    Rogue on
    Network
    Wolf in Sheep Clothing Scenario 2
    Before
    Internal to corporate network 20 WPA2 Corp
    Internal to corporate network 30 OPEN Guest
    Comment VLAN Security SSID
    Internal to corporate network 30
    AP Physically
    Connected To
    Rogue on
    Network
    DoS
    SpectraGuard

    Enterprise WLAN policy set-up


    Guest WLAN SSID
    Allowed Subnet (VLAN)
    for Guest SSID
    Normal WLAN operation
    Authorized SSIDs are seen in Green color and are
    detected with VLAN identifier to which they connect
    Device list displayed on SpectraGuard Enterprise console
    Skyjacking on guest access
    1
    Change in the VLAN is detected
    2
    SSID marked as misconfigured
    (Background changes to amber)
    3
    Automatic Prevention started
    ( Shield icon appears )
    Summary
    Guest access as Open
    Rogue AP
    (Wolf in Sheep clothing
    scenario 2)
    Authorized SSID as
    Privileged Rogue AP
    (Wolf in Sheep clothing)
    Authorized SSID as Open
    Rogue AP
    Type of Skyjacking attack

    AirTights unique wireless-


    wired correlation based
    threat detection
    Only over-air
    threat detection
    Open rogue
    WPA2 rogue
    Open guest
    rogue
    AirTights SpectraGuard Enterprise
    Thanks to patented marker packet technology for
    accurate wired connectivity detection and unique
    VLAN Policy Mappingarchitecture
    The only WIPS that can provide zero-day protection
    against the most potent form of skyjacking attack
    Which LAPs can be skyjacked?
    Vulnerable? Type of Cisco LAP
    No
    Configured with locally significant
    certificates (LSC)
    Mostly No
    Configured with preferred WLCs
    (primary, secondary, tertiary)
    Yes LAPs using auto discovery
    ?
    Countermeasures
    Manually configure LAPs with preferred
    WLCs (primary, secondary, tertiary)
    Manually configure LAPs with LSCs
    Primarily HA and load
    balancing feature
    Impractical
    Block outgoing traffic from UDP ports
    12222 and 12223 on your firewall
    Not a common
    practice
    Turn off OTAP on WLC
    Ineffective!
    Practical difficulties:
    Do you know
    If your outgoing UDP ports on the firewall are blocked? Did you test it
    today?
    How many VLANs do you have authorized for wireless access?
    Are all SSIDs mapped to the correct VLANs?
    When was the last time your LAPs rebooted?
    When was the last time your WLC taken down for maintenance?
    If all your APs are compliant with your security policies? How do you
    know?
    If all LAPs are configured with primary,
    secondary and tertiary WLC?
    If all LAPs are indeed connected to
    configured WLCs?
    One mistake and you could
    be exposed!
    Adding second, independent layer of
    WIPS protection
    Misconfigurations
    Zero-day attacks
    Designed for
    security
    Designed for
    WLAN access
    Undesirable
    connections
    Misconfigurations
    Zero-day attacks
    Undesirable
    connections
    SpectraGuard SAFE
    Wireless Security for Mobile Users
    AirTights SpectraGuard product
    family
    SpectraGuard Online
    Industrys Only Wireless Security Service
    SpectraGuard Enterprise
    Complete Wireless Intrusion Prevention
    WLAN Coverage & Security Planning
    SpectraGuard Planner
    About AirTight Networks
    The Global Leader in Wireless
    Security and Compliance
    For more information on wireless security
    risks, best practices, and solutions, visit:
    www.airtightnetworks.com
    Visit our blog to read the root cause
    analysis of
    Skyjacking: What Went Wrong?
    blog.airtightnetworks.com

    Das könnte Ihnen auch gefallen