Security Enhancement For An Infrastructure Wireless Domain
description
Transcript of Security Enhancement For An Infrastructure Wireless Domain
Security Enhancement For An Infrastructure Wireless Domain
Ganesan S/O Muniandy
August 2003
Agenda & Objective
Wireless LAN
– Understand and Address Wireless Domain Security Issues
– Protection and Security Enhancement
Introduction - Background
Background– Exist since 1996– Slow Growth Rate
Doubt about security and performance
– Minimum Setup: Access Points Wireless Interface Card
– Basic Network Setup – Ad hoc and Infrastructure
Security Concerns
Hottest issues found today is concerning securities More hacking tools are available in the internet Hacking issues concerning
– Theft of information– Illegal access
Method of hacking– Policy violations– Identity theft (SSID and MAC address)– Man in middle attack– Denial of service -DOS
Research On Security - Survey
Security Breach in the Past 12 Months
Yes (28%)
No (34%)
Don't Know (9%)
Cannot Disclose (29%)
Research On Security - Survey
0
5
10
15
20
25
1
IT Initiatives that Impeded by Lack of Security
Web Services (24%)
Wireless (18%)
B2b e-commerce (9%)
B2c e-commerce (7%)
Enterprise Applications(7%)
Storage (6%)
Content Networking (4%)
IP Telephony (4%)
CRM (3%)
Outsourcing (3%)
None (14%)
Research On Security - Survey
0
10
20
30
40
1
Categories of Hackers in the Past 12 Months
Independent hackers (34%) Current Employees (13%)
Former Employees (8%) Competitors (4%)
Customers (3%) Cannot disclose (27%)
Don't know (28%)
Customer Requirement – (Case Study)
Low cost implementation Reliable and flexible solution Manageability Expandability
Existing Infrastructure (Case Study)
Fas
t E
ther
ne
t
Access Point (Channel 11)
Access Point (Channel 6)
Access Point (Channel1)
Conference Room 1st Floor
Meeting Room 2nd Floor
Managing Director Room 3rd Floor
Wired LAN
Exchange Server
Backup Server
Users
Switch
Switch
Cisco 3640 Router
Wireless LAN
EXISTING LAN
Existing Wireless Connection Flow
Wireless LANNetID 1
Private LANNetID 1
- User Authentication- Same Network ID
Proposed Solution Wireless Connection Flow
Wireless LANNetid 1
Server
Private LANNetid 2
Act as Firewalland VPN Gateway
Server Remote Site
VPN TunnelSSH & WWW
Wireless LANNetid 3
Proposed Solution – Diagram (Case Study)
Fas
t E
ther
ne
t
Access Point (Channel 11)
Access Point (Channel 6)
Access Point (Channel1)
Conference Room 1st Floor
Meeting Room 2nd Floor
Managing Director Room 3rd Floor
Wired LAN
Exchange Server
Backup Server
Users
SwitchCisco 3640 Router
Wireless LAN
EXISTING LAN
Switch
VPN LINUX Server
WEB Server
Proposed Solution - Details
A server act as firewall and VPN gateway:– Block port level – Divide network into 2 portion – Configurable to allow specific protocol
SSH, WWW or Others
– Secure VPN Tunnelling
Comparison with other products
Security Solution Comparison
Solution Firewall-1/VPN-1 Gateway PIX Firewall Linux Firewall/VPN Company Check Point Software
Technologies Cisco Systems, Inc. N/A
Solution targets Small Office/Home Office (1-10 users)
Small Office/Home Office (1-10 users)
Small Office/Home Office (1-10 users)
Medium sized office (10-100 users)
Medium sized office (10-100 users)
Medium sized office (10-100 users)
Large office (hundreds of users)
Large office (hundreds of users)
Large office (hundreds of users)
Enterprise-wide (thousands of users)
Enterprise-wide (thousands of users)
Primarily designed No Yes No to allow outbound access with little or no inbound
access. Supported CPU architectures
Intel x86, Sun SPARC, HP PA-RISC
N/A Intel x86, Sun SPARC, HP PA-RISC,
Others Supported Operating
System Solaris, HP/UX, Linux, N/A Solaris, HP/UX, Linux
Windows NT/2000 Pro, Other.
Entry level price (US dollar)
$101-$1000 $101-$1000 less than $400
Users limitation based on the
25 users or fewer no limit (only on entry level product)
unlimited
entry level product. (whether concurrent or
firewall
based user accounts)
System Requirement
Minimum Hardware Requirement– CPU: 300MHz– Memory: 128MB– Hard disk: 2GB– NIC: 2– CDRom: 1– Floppy: 1
Conclusion
Suitable for SMI (Small Medium Industries) Low cost of Implementation and Security Manageability
References
1. Frank J. Derfler, Jr. and Les Freed, How Network Work, sixth edition, 2003 Que Corporation.
2. Robert C. Newman, Broadband Communications, 2002, Pearson Education, Inc. Upper Saddle River, New Jersey 07458.
3. Kurt Wall, Linux Programming Unleashed, second edition, 2001, Sam Publishing.
4. Computerworld, July, 20015. Computerworld, August, 20026. http://www.airdefense.net7. http://www.sans.org/rr/wireless/IEEE.php8. http://www.yolinux.com/HOWTO/IPCHAINS-HOWTO.html9. http://www.yolinux.com/HOWTO/Net-HOWTO.html
10. http://www.yolinux.com/HOWTO/ Networking-Overview-HOWTO.html
References (cont)
11. http://www.redhat.com/docs/manuals/linux/
12. http://en.tldp.org/HOWTO/Adv-Routing-HOWTO/13. http://www.yolinux.com/HOWTO/Ethernet-HOWTO.html14. http://www.cisco.com/warp/public/cc/so/cuso/ epso/sqfr/safwl_wp.htm
15. http://www.cisco.com/en/US/products/hw/ wireless/ps430/prod_brochure09186a0080088829.html16. http://www.oreillynet.com/pub/a/wireless/ 2001/02/23/wep.html17. http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html18. http://www.oreillynet.com/pub/a/wireless/ 2003/02/06/wifi_products.html19. http://www.oreillynet.com/pub/a/wireless/ 2002/04/19/security.html20. http://www.checkpoint.com21. http://www.cisco.com.go.pix22. Computerworld, May, 200223. ComputerWorld, Nov, 200224. http://www.symbol.com/solutions/education/ pace_university.html
Thank You
Q&A