SlideShare una empresa de Scribd logo

Skyjacking A Cisco Wlan Attack Analysis And Countermeasures

AirTight Networks
AirTight Networks

This presentation will deconstruct the skyjacking vulnerability - explaining why the vulnerability occurs in Cisco WLANs, which Cisco access points are affected, how skyjacking can be exploited to launch potent attacks, and what are the best practices to proactively protect your enterprise network against such zero-day vulnerabilities and attacks.

TecnologíaEducación
1 de 29
Skyjacking a Cisco WLAN: Attack Analysis and Countermeasures Presenters: Dr. Pravin Bhagwat, CTO Dr. Hemant Chaskar, Director of Technology Moderator: Sri Sundaralingam, VP of Product Management
In the News Cisco wireless LAN vulnerability could open ‘back door’ Cisco wireless LANs at risk of attack, ‘skyjacking’ Newly discovered vulnerability could threaten Cisco wireless LANs
What Cisco says “ No risk of data loss or interception” “ Could allow an attacker to cause a denial of service (DoS) condition” It’s not a big deal! Severity = Mild
Hmm… ? ? ? What exactly is skyjacking? Do I need to worry about it? How severe is the exploit?
What you will learn today The risk from skyjacking vulnerability is much bigger than stated How to assess if you are vulnerable Countermeasures for skyjacking and other zero-day attacks
Five ways a LAP can discover WLCs Subnet-level broadcast Configured DNS DHCP Over-the-air provisioning (OTAP)
Three criteria a LAP uses to select a WLC Primary, Secondary, Tertiary Master mode Maximum excess capacity Step 1 Step 2 Step 3
Over-the-air provisioning (OTAP)
OTAP exploited for “skyjacking”
Skyjacked LAP denies service to wireless users
Is this just tip of the iceberg?
Secure WLAN enterprise access Before Internal to corporate network 20 WPA2 Corp Comment VLAN Security SSID Internal to corporate network 30 AP Physically Connected To
Authorized LAP skyjacked – DoS Before DoS Internal to corporate network 20 WPA2 Corp Comment VLAN Security SSID Internal to corporate network 30 AP Physically Connected To
Authorized LAP turned into Open Rogue AP Before Rogue on Network Internal to corporate network 30 OPEN Corp Comment VLAN Security SSID Internal to corporate network 30 AP Physically Connected To
Camouflaged Rogue LAP: a backdoor to your enterprise network!
Wolf in Sheep Clothing Before Rogue on Network Internal to corporate network 30 WPA2 Corp Comment VLAN Security SSID Internal to corporate network 30 AP Physically Connected To
Wolf in Sheep Clothing – Scenario 2 Before Rogue on Network Internal to corporate network 20 WPA2 Corp Internal to corporate network 30 OPEN Guest Comment VLAN Security SSID Internal to corporate network 30 AP Physically Connected To DoS
SpectraGuard ® Enterprise WLAN policy set-up Guest WLAN SSID Allowed Subnet (VLAN) for Guest SSID
Normal WLAN operation Authorized SSIDs are seen in “Green” color and are detected with VLAN identifier to which they connect Device list displayed on SpectraGuard Enterprise console
Skyjacking on guest access 1 Change in the VLAN is detected 2 SSID marked as “misconfigured” (Background changes to amber) 3 Automatic Prevention started ( Shield icon appears )
Summary Open rogue WPA2 rogue Open guest rogue Guest access as Open Rogue AP (Wolf in Sheep clothing – scenario 2) Authorized SSID as “Privileged” Rogue AP (Wolf in Sheep clothing) Authorized SSID as Open Rogue AP Type of Skyjacking attack  X  X   AirTight’s unique wireless-wired correlation based threat detection Only over-air threat detection
AirTight’s SpectraGuard Enterprise Thanks to patented marker packet technology for accurate wired connectivity detection and unique VLAN Policy Mapping ™ architecture The only WIPS that can provide zero-day protection against the most potent form of skyjacking attack
Which LAPs can be skyjacked? ? Vulnerable? Type of Cisco LAP No Configured with locally significant certificates (LSC) Mostly No Configured with “preferred” WLCs (primary, secondary, tertiary) Yes LAPs using auto discovery
Countermeasures Manually configure LAPs with preferred WLCs (primary, secondary, tertiary) Manually configure LAPs with LSCs Primarily HA and load balancing feature Impractical Block outgoing traffic from UDP ports 12222 and 12223 on your firewall Not a common practice Turn off OTAP on WLC Ineffective!
Practical difficulties: Do you know ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
One mistake and you could be exposed!
Adding second, independent layer of WIPS protection Misconfigurations Zero-day attacks Designed for security Designed for WLAN access Undesirable connections Misconfigurations Zero-day attacks Undesirable connections
AirTight’s SpectraGuard product family SpectraGuard SAFE Wireless Security for Mobile Users SpectraGuard Online Industry’s Only Wireless Security Service SpectraGuard Enterprise Complete Wireless Intrusion Prevention WLAN Coverage & Security Planning SpectraGuard Planner
About AirTight Networks The Global Leader in Wireless Security and Compliance For more information on wireless security risks, best practices, and solutions, visit: www.airtightnetworks.com Visit our blog to read the root cause analysis of “ Skyjacking: What Went Wrong?” blog.airtightnetworks.com

Recomendados

Pxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityPxosys Webinar Amplify your Security
Pxosys Webinar Amplify your Security
🏆Ruben Cocheno💭
 
Aircrack
AircrackAircrack
Aircrack
MuhammadHanzalah6
 
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless NetworksLiving in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
Chema Alonso
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
Ahmad Yar
 
Cevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th JanuaryCevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th January
UKTI2014
 
WIFI Hacking
WIFI HackingWIFI Hacking
WIFI Hacking
Suraj Bohara
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
barcamp.my
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ng
Open Knowledge Nepal
 

Recomendados

Pxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityPxosys Webinar Amplify your Security
Pxosys Webinar Amplify your Security
🏆Ruben Cocheno💭
 
Aircrack
AircrackAircrack
Aircrack
MuhammadHanzalah6
 
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless NetworksLiving in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
Chema Alonso
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
Ahmad Yar
 
Cevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th JanuaryCevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th January
UKTI2014
 
WIFI Hacking
WIFI HackingWIFI Hacking
WIFI Hacking
Suraj Bohara
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
barcamp.my
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ng
Open Knowledge Nepal
 
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityFeb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
Casey Dunham
 
A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!
edwardo
 
Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtube
Dhruv Sharma
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)
Mandeep Jadon
 
Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World
Symantec
 
Firewall girija ppt
Firewall girija pptFirewall girija ppt
Firewall girija ppt
Girija Sankar Dash
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding Firewalls
Likan Patra
 
Snort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallSnort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense Firewall
Huda Seyam
 
Cracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary AttacksCracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary Attacks
n|u - The Open Security Community
 
What is NetFlow?
What is NetFlow?What is NetFlow?
What is NetFlow?
NetHound
 
Security PWNing 2018 - Penthertz: The use of radio attacks during redteam tests
Security PWNing 2018 - Penthertz: The use of radio attacks during redteam testsSecurity PWNing 2018 - Penthertz: The use of radio attacks during redteam tests
Security PWNing 2018 - Penthertz: The use of radio attacks during redteam tests
📡 Sebastien Dudek
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
arushi bhatnagar
 
謝續平
謝續平謝續平
謝續平
9577601
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
Anton Chuvakin
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
Anthony Daniel
 
Day1
Day1Day1
Day1
Jai4uk
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Huda Seyam
 
Wifi hacking
Wifi hackingWifi hacking
Wifi hacking
Harshit Varshney
 
Day4
Day4Day4
Day4
Jai4uk
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
EnergySec
 
Return oriented programming
Return oriented programmingReturn oriented programming
Return oriented programming
hybr1s
 
Oracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesOracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best Practices
Brian Huff
 

Más contenido relacionado

La actualidad más candente

謝續平
謝續平謝續平
謝續平
9577601
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
EnergySec
 

La actualidad más candente (20)

Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityFeb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
 
A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!
 
Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtube
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)
 
Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World
 
Firewall girija ppt
Firewall girija pptFirewall girija ppt
Firewall girija ppt
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding Firewalls
 
Snort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallSnort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense Firewall
 
Cracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary AttacksCracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary Attacks
 
What is NetFlow?
What is NetFlow?What is NetFlow?
What is NetFlow?
 
Security PWNing 2018 - Penthertz: The use of radio attacks during redteam tests
Security PWNing 2018 - Penthertz: The use of radio attacks during redteam testsSecurity PWNing 2018 - Penthertz: The use of radio attacks during redteam tests
Security PWNing 2018 - Penthertz: The use of radio attacks during redteam tests
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
 
謝續平
謝續平謝續平
謝續平
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
 
Day1
Day1Day1
Day1
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
 
Wifi hacking
Wifi hackingWifi hacking
Wifi hacking
 
Day4
Day4Day4
Day4
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
 

Destacado

Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Jeremiah Grossman
 
Cehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hackingCehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hacking
polichen
 
Iis Security Programming Countermeasures
Iis Security Programming CountermeasuresIis Security Programming Countermeasures
Iis Security Programming Countermeasures
guestc27cd9
 
Digital Astroturfing: Definition, typology, and countermeasures.
Digital Astroturfing: Definition, typology, and countermeasures.Digital Astroturfing: Definition, typology, and countermeasures.
Digital Astroturfing: Definition, typology, and countermeasures.
Marko Kovic
 
Designing Countermeasures For Tomorrows Threats
Designing Countermeasures For Tomorrows ThreatsDesigning Countermeasures For Tomorrows Threats
Designing Countermeasures For Tomorrows Threats
Darwish Ahmad
 
Google Hacking for Cryptographic Secrets
Google Hacking for Cryptographic SecretsGoogle Hacking for Cryptographic Secrets
Google Hacking for Cryptographic Secrets
Dr. Emin İslam Tatlı
 
Irregularity Countermeasures in Massively Parallel BigData Processors
Irregularity Countermeasures in Massively Parallel BigData ProcessorsIrregularity Countermeasures in Massively Parallel BigData Processors
Irregularity Countermeasures in Massively Parallel BigData Processors
Tokyo University of Science
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root Causes
Marco Morana
 
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
CODE BLUE
 

Destacado (20)

Return oriented programming
Return oriented programmingReturn oriented programming
Return oriented programming
 
Oracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesOracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best Practices
 
Patent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction DesignPatent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction Design
 
Antivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and CountermeasuresAntivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and Countermeasures
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Dstl Medical Countermeasures for Dangerous Pathogens
Dstl Medical Countermeasures for Dangerous PathogensDstl Medical Countermeasures for Dangerous Pathogens
Dstl Medical Countermeasures for Dangerous Pathogens
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
 
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
 
Cehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hackingCehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hacking
 
Seminar Presentation
Seminar PresentationSeminar Presentation
Seminar Presentation
 
VoIP: Attacks & Countermeasures in the Corporate World
VoIP: Attacks & Countermeasures in the Corporate WorldVoIP: Attacks & Countermeasures in the Corporate World
VoIP: Attacks & Countermeasures in the Corporate World
 
Bone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
Bone Loss in Long-Duration Spaceflight: Measurements and CountermeasuresBone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
Bone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
 
Iis Security Programming Countermeasures
Iis Security Programming CountermeasuresIis Security Programming Countermeasures
Iis Security Programming Countermeasures
 
Digital Astroturfing: Definition, typology, and countermeasures.
Digital Astroturfing: Definition, typology, and countermeasures.Digital Astroturfing: Definition, typology, and countermeasures.
Digital Astroturfing: Definition, typology, and countermeasures.
 
Designing Countermeasures For Tomorrows Threats
Designing Countermeasures For Tomorrows ThreatsDesigning Countermeasures For Tomorrows Threats
Designing Countermeasures For Tomorrows Threats
 
Webinar Gratuito: "Herramientas Graficas en Kali Linux 2.0"
Webinar Gratuito: "Herramientas Graficas en Kali Linux 2.0"Webinar Gratuito: "Herramientas Graficas en Kali Linux 2.0"
Webinar Gratuito: "Herramientas Graficas en Kali Linux 2.0"
 
Google Hacking for Cryptographic Secrets
Google Hacking for Cryptographic SecretsGoogle Hacking for Cryptographic Secrets
Google Hacking for Cryptographic Secrets
 
Irregularity Countermeasures in Massively Parallel BigData Processors
Irregularity Countermeasures in Massively Parallel BigData ProcessorsIrregularity Countermeasures in Massively Parallel BigData Processors
Irregularity Countermeasures in Massively Parallel BigData Processors
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root Causes
 
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
 

Similar a Skyjacking A Cisco Wlan Attack Analysis And Countermeasures

Skyjacking A Cisco WLAN - What it means and how to protect against it?
Skyjacking A Cisco WLAN - What it means and how to protect against it?Skyjacking A Cisco WLAN - What it means and how to protect against it?
Skyjacking A Cisco WLAN - What it means and how to protect against it?
Samir Palnitkar
 
Skyjacking A Cisco WLAN - What it means and how to protect against it?
Skyjacking A Cisco WLAN - What it means and how to protect against it?Skyjacking A Cisco WLAN - What it means and how to protect against it?
Skyjacking A Cisco WLAN - What it means and how to protect against it?
Samir Palnitkar
 
How to secure your industrial network using segmentation and segregation
How to secure your industrial network using segmentation and segregationHow to secure your industrial network using segmentation and segregation
How to secure your industrial network using segmentation and segregation
Westermo Network Technologies
 
Auditing a Wireless Network and Planning for a Secure WLAN Implementation
Auditing a Wireless Network and Planning for a Secure WLAN ImplementationAuditing a Wireless Network and Planning for a Secure WLAN Implementation
Auditing a Wireless Network and Planning for a Secure WLAN Implementation
CARMEN ALCIVAR
 
Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and ScienceResearch Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Science
inventy
 

Similar a Skyjacking A Cisco Wlan Attack Analysis And Countermeasures (20)

Skyjacking A Cisco WLAN - What it means and how to protect against it?
Skyjacking A Cisco WLAN - What it means and how to protect against it?Skyjacking A Cisco WLAN - What it means and how to protect against it?
Skyjacking A Cisco WLAN - What it means and how to protect against it?
 
Skyjacking A Cisco WLAN - What it means and how to protect against it?
Skyjacking A Cisco WLAN - What it means and how to protect against it?Skyjacking A Cisco WLAN - What it means and how to protect against it?
Skyjacking A Cisco WLAN - What it means and how to protect against it?
 
How to secure your industrial network using segmentation and segregation
How to secure your industrial network using segmentation and segregationHow to secure your industrial network using segmentation and segregation
How to secure your industrial network using segmentation and segregation
 
nsx overview with use cases 1.0
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0
 
Security Issues of 802.11b
Security Issues of 802.11bSecurity Issues of 802.11b
Security Issues of 802.11b
 
Security Issues of IEEE 802.11b
Security Issues of IEEE 802.11bSecurity Issues of IEEE 802.11b
Security Issues of IEEE 802.11b
 
FIREWALL
FIREWALLFIREWALL
FIREWALL
 
Wireless Security
Wireless SecurityWireless Security
Wireless Security
 
Wireless Device and Network level security
Wireless Device and Network level securityWireless Device and Network level security
Wireless Device and Network level security
 
Auditing a Wireless Network and Planning for a Secure WLAN Implementation
Auditing a Wireless Network and Planning for a Secure WLAN ImplementationAuditing a Wireless Network and Planning for a Secure WLAN Implementation
Auditing a Wireless Network and Planning for a Secure WLAN Implementation
 
Wireless LAN Deployment Best Practices
Wireless LAN Deployment Best PracticesWireless LAN Deployment Best Practices
Wireless LAN Deployment Best Practices
 
Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and ScienceResearch Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Science
 
Ngfw overview
Ngfw overviewNgfw overview
Ngfw overview
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentesting
 
physical and hardware security(http://4knet.ir)
physical and hardware security(http://4knet.ir)physical and hardware security(http://4knet.ir)
physical and hardware security(http://4knet.ir)
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)
 
AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011
 
Wlan security
Wlan securityWlan security
Wlan security
 
Firewall ppt.pptx
Firewall ppt.pptxFirewall ppt.pptx
Firewall ppt.pptx
 

Más de AirTight Networks

Wi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise ThyselfWi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise Thyself
AirTight Networks
 

Más de AirTight Networks (20)

Is 11ac Right for Your Network?
Is 11ac Right for Your Network?Is 11ac Right for Your Network?
Is 11ac Right for Your Network?
 
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
 
Wi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise ThyselfWi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise Thyself
 
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
 
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
 
AirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSPAirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSP
 
AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6
 
AirTight social wifi solution brief
AirTight social wifi solution briefAirTight social wifi solution brief
AirTight social wifi solution brief
 
Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013
 
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
 
Survey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise SecuritySurvey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise Security
 
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
 
Non WiFi interference combat guide 1
Non WiFi interference combat guide 1Non WiFi interference combat guide 1
Non WiFi interference combat guide 1
 
WPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQsWPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQs
 
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation StrategiesWPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
 
Conquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the EnterpriseConquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the Enterprise
 
Windows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the EnterpriseWindows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the Enterprise
 
802.11w Tutorial
802.11w Tutorial802.11w Tutorial
802.11w Tutorial
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
 
Retail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsRetail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—Recommendations
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 

Último (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 

Skyjacking A Cisco Wlan Attack Analysis And Countermeasures

  • 1. Skyjacking a Cisco WLAN: Attack Analysis and Countermeasures Presenters: Dr. Pravin Bhagwat, CTO Dr. Hemant Chaskar, Director of Technology Moderator: Sri Sundaralingam, VP of Product Management
  • 2. In the News Cisco wireless LAN vulnerability could open ‘back door’ Cisco wireless LANs at risk of attack, ‘skyjacking’ Newly discovered vulnerability could threaten Cisco wireless LANs
  • 3. What Cisco says “ No risk of data loss or interception” “ Could allow an attacker to cause a denial of service (DoS) condition” It’s not a big deal! Severity = Mild
  • 4. Hmm… ? ? ? What exactly is skyjacking? Do I need to worry about it? How severe is the exploit?
  • 5. What you will learn today The risk from skyjacking vulnerability is much bigger than stated How to assess if you are vulnerable Countermeasures for skyjacking and other zero-day attacks
  • 6. Five ways a LAP can discover WLCs Subnet-level broadcast Configured DNS DHCP Over-the-air provisioning (OTAP)
  • 7. Three criteria a LAP uses to select a WLC Primary, Secondary, Tertiary Master mode Maximum excess capacity Step 1 Step 2 Step 3
  • 9. OTAP exploited for “skyjacking”
  • 10. Skyjacked LAP denies service to wireless users
  • 11. Is this just tip of the iceberg?
  • 12. Secure WLAN enterprise access Before Internal to corporate network 20 WPA2 Corp Comment VLAN Security SSID Internal to corporate network 30 AP Physically Connected To
  • 13. Authorized LAP skyjacked – DoS Before DoS Internal to corporate network 20 WPA2 Corp Comment VLAN Security SSID Internal to corporate network 30 AP Physically Connected To
  • 14. Authorized LAP turned into Open Rogue AP Before Rogue on Network Internal to corporate network 30 OPEN Corp Comment VLAN Security SSID Internal to corporate network 30 AP Physically Connected To
  • 15. Camouflaged Rogue LAP: a backdoor to your enterprise network!
  • 16. Wolf in Sheep Clothing Before Rogue on Network Internal to corporate network 30 WPA2 Corp Comment VLAN Security SSID Internal to corporate network 30 AP Physically Connected To
  • 17. Wolf in Sheep Clothing – Scenario 2 Before Rogue on Network Internal to corporate network 20 WPA2 Corp Internal to corporate network 30 OPEN Guest Comment VLAN Security SSID Internal to corporate network 30 AP Physically Connected To DoS
  • 18. SpectraGuard ® Enterprise WLAN policy set-up Guest WLAN SSID Allowed Subnet (VLAN) for Guest SSID
  • 19. Normal WLAN operation Authorized SSIDs are seen in “Green” color and are detected with VLAN identifier to which they connect Device list displayed on SpectraGuard Enterprise console
  • 20. Skyjacking on guest access 1 Change in the VLAN is detected 2 SSID marked as “misconfigured” (Background changes to amber) 3 Automatic Prevention started ( Shield icon appears )
  • 21. Summary Open rogue WPA2 rogue Open guest rogue Guest access as Open Rogue AP (Wolf in Sheep clothing – scenario 2) Authorized SSID as “Privileged” Rogue AP (Wolf in Sheep clothing) Authorized SSID as Open Rogue AP Type of Skyjacking attack  X  X   AirTight’s unique wireless-wired correlation based threat detection Only over-air threat detection
  • 22. AirTight’s SpectraGuard Enterprise Thanks to patented marker packet technology for accurate wired connectivity detection and unique VLAN Policy Mapping ™ architecture The only WIPS that can provide zero-day protection against the most potent form of skyjacking attack
  • 23. Which LAPs can be skyjacked? ? Vulnerable? Type of Cisco LAP No Configured with locally significant certificates (LSC) Mostly No Configured with “preferred” WLCs (primary, secondary, tertiary) Yes LAPs using auto discovery
  • 24. Countermeasures Manually configure LAPs with preferred WLCs (primary, secondary, tertiary) Manually configure LAPs with LSCs Primarily HA and load balancing feature Impractical Block outgoing traffic from UDP ports 12222 and 12223 on your firewall Not a common practice Turn off OTAP on WLC Ineffective!
  • 25.
  • 26. One mistake and you could be exposed!
  • 27. Adding second, independent layer of WIPS protection Misconfigurations Zero-day attacks Designed for security Designed for WLAN access Undesirable connections Misconfigurations Zero-day attacks Undesirable connections
  • 28. AirTight’s SpectraGuard product family SpectraGuard SAFE Wireless Security for Mobile Users SpectraGuard Online Industry’s Only Wireless Security Service SpectraGuard Enterprise Complete Wireless Intrusion Prevention WLAN Coverage & Security Planning SpectraGuard Planner
  • 29. About AirTight Networks The Global Leader in Wireless Security and Compliance For more information on wireless security risks, best practices, and solutions, visit: www.airtightnetworks.com Visit our blog to read the root cause analysis of “ Skyjacking: What Went Wrong?” blog.airtightnetworks.com

Notas del editor

  1. 09/23/09