Slide 1Unified vs. Non-Unified WLANTotal Cost of OwnershipTotal Cost of OwnershipTCO for Unified vs. Non UnifiedCost Savings is Not SubstantiatedSecure CommunicationsSecure CommunicationsIntrusion DetectionIntrusion DetectionSecurity Policy ChallengesSegmenting NetworksMobile Device IntrusionWhy do I need Cisco Boxes?Enterprise WLAN Security: Defense-In-DepthDefense-In-Depth: what is missing?Defense-In-Depth: what is missing cont.Some Powerful Wireless Exploitation ToolsSlide 19Fine Tuned MachinesWireless & Network Security Integration Solution OverviewOffense – FTMMarch 6th, 2010Fine Tuned MachinesUnified vs. Non-Unified WLANNon - Unified UnifiedThe paper claims that the Unified System will save costs, but this claim is unsubstantiated03/06/2010 MSIT 458 - FTM Group 2Fine Tuned MachinesTotal Cost of Ownership3MSIT 458 - FTM GroupTo determine cost savings, a company must evaluate:•Is there a savings in acquiring the new infrastructure?•Will the savings be achieved in ongoing maintenance and upgrades?•What is the ROI and Payback Period?•Is the project in line with the company’s strategic priorities, for example, supporting a growing mobile population?•How does a diverse workforce or global presence impact the decision?03/06/2010Fine Tuned MachinesTotal Cost of Ownership4MSIT 458 - FTM Group Acquisition cost is a fraction of the total cost of ownership•Initial acquisition cost of IT technologies usually represents only 20 percent of the TCO over a five-year period. •The remaining 80 percent of the cost-the ongoing upgrades, maintenance, and support-are often overlooked during the initial phases of a new technology rollout. Both areas must be evaluated in the context of ROI before purchasing Unified Network Equipment03/06/2010Fine Tuned MachinesTCO for Unified vs. Non UnifiedMSIT 458 - FTM Group 503/06/2010Fine Tuned MachinesCost Savings is Not Substantiated6MSIT 458 - FTM Group Unified WLANs can save money in the following areas, not defined in the paper:Vendor NegotiationsVendor ManagementReduced Training CostsStreamlined ReportsImproved SecurityLower Labor CostsLower Infrastructure and Energy CostsLess Unplanned Downtime03/06/2010Fine Tuned MachinesSecure CommunicationsCisco Article states: “…, a network-wide security solution that only addresses WLAN-related attacks is dangerously unbalanced.”7MSIT 458 - FTM GroupYet…03/06/2010Fine Tuned MachinesSecure Communications8MSIT 458 - FTM GroupNo Recommended Cisco Feature ?!?!?!?03/06/2010Fine Tuned MachinesIntrusion DetectionThe Cisco Security Agent (CSA): - uses “Signature-based anti-virus protection to identify and remove known malware9MSIT 458 - FTM Group - The operative word here is “known” - What is “Zero Update Protection” - No mention of a Statistical-based detection method for DDoS type attacks.03/06/2010Fine Tuned MachinesIntrusion Detection10MSIT 458 - FTM Group03/06/2010Fine Tuned MachinesSecurity Policy Challenges•Bad Passwords–Low complexity password policies can allow malicious users to guess passwords and gain access to network resources regardless of well-crafted policy.•Central Authentication/Configuration–One must not only be concerned with user authentication, but also authenticated access point configuration and management.–Remove telnet access from devices and move to SSH or better remote access.–Use non-public version of SNMP for both read/write access.MSIT 458 - FTM Group 1103/06/2010Fine Tuned MachinesSegmenting Networks•Network Admission Controller Configuration–Implement NAC to establish baseline of secure access before wired/wireless nodes connects to network.–Does node have updated virus signatures? Doses this node show symptoms of an infection? –NAC can be single point of failure if authentication server is compromised.MSIT 458 - FTM Group 1203/06/2010Fine Tuned MachinesMobile Device Intrusion•WLAN Access–Mobile devices frequently obtain access to business resources either to mitigate cellular data use or increased speeds on WLAN.–Due to proprietary OS phones may not be able to implement Cisco Security Agent on all network nodes. •Flash-disk Access–Phones are frequently charged and synced via USB.–Can be used to bypass IDS, Firewalls, NAC, and CSA.•Malicious Applications–Application marketplaces offer a possible vector for attack in the guise of legitimate software. MSIT 458 - FTM Group 1303/06/2010Fine Tuned MachinesWhy do I need Cisco Boxes?•A slew of Cisco boxes are mentioned but their unique “functional purposes” in the overall enterprise security framework is not clear–More boxes: CSA, NAC, Firewall, IPS, MARS, etc.–What combination of devices is needed (bare essential)?–How can I avoid the dangers of overlaps vs. gaps (must haves)?MSIT 458 - FTM Group 1403/06/2010Fine Tuned MachinesEnterprise WLAN Security: Defense-In-Depth•“Defense-In-Depth” is mentioned but the article lacks explaining what that constitutes and more importantly, how their products map.• “Defense-In-Depth” is a ring architecture which has multiple unique layers of security functions that in unity provide a robust solution.MSIT 458 - FTM Group 1503/06/2010Fine Tuned MachinesDefense-In-Depth: what is missing?MSIT 458 - FTM Group 1603/06/2010Fine Tuned MachinesDefense-In-Depth: what is missing cont.•Weakest link in the chain–Host Level Security•Access Point- SSIDs, encryption, MAC, IP –Application Level Security •OS: hot fixes/patches/updates•Applications: essential vs. non-essential•Access: “least privilege principle”•Protection: accounts, passwords, anti-virus, spyware, firewalls MSIT 458 - FTM Group 1703/06/2010Fine Tuned MachinesSome Powerful Wireless Exploitation Tools According to “sectools.org” top 5 wireless cracking tools: Wardriving, warwalking, war-*, etc.Aircrack-ng – one of the fastest WEP/WPA crack tool available A) Computing resourcesB) KEY complexity C) Dictionary Youtube Demo MSIT 458 - FTM Group 18Kismet NetStumbler Aircrack-ng AirSnort KisMAC03/06/2010Fine Tuned MachinesMSIT 458 - FTM Group
View Full Document
Unlocking...