WHIFF Wireless Intrustion Detection System A project by Foundstone, Inc. and Carnegie Mellon University
|
|
- Abigayle Ray
- 8 years ago
- Views:
Transcription
1 WHIFF Wireless Intrustion Detection System A project by Foundstone, Inc. and Carnegie Mellon University Christopher R. Ameter Russell A. Griffith John K. Pickett CMU Faculty Advisor: Chris Prosise, Foundstone Inc.
2 WHIFF A Wireless Intrusion Detection System Developed by Foundstone, Inc. and Carnegie Mellon University This paper presents an overview of the Whiff Intrusion Detection System, which was developed during the summer and fall of 2002 by a team of graduate students majoring in Information Security and Assurance at Carnegie Mellon University. The project was a collaborative effort between Carnegie Mellon and Foundstone, Inc. The experience and knowledge gained during this project will enhance and refine future versions of Foundstone s industry leading security software. Whiff is a system that solves several current, real-world wireless security problems. Whiff identifies and monitors wireless networks and devices, alerting administrators to exposures in real time. Whiff is comprised of multiple listeners which monitor all wireless activity and report to a central correlation engine. The correlation engine delivers to multiple users a complete asset inventory of wireless devices and access points as well as a GPS map of signal propagation. The system integrates intrusion detection capabilities, alerting administrators to wireless and traditional intrusion attempts, rogue access points, and rogue clients. This document details Whiff s features and functionality. We believe that the capabilities demonstrated in Whiff will provide needed security solutions to organizations implementing wireless networks.
3 TABLE OF CONTENTS Introduction 1 Scope and Objectives 2 Background 3 Solution 4 Detail 5 Conclusions 21 Resources 22
4 Introduction During the spring of 2002, a team of Carnegie Mellon University graduate students majoring in Information Security & Assurance became concerned about the lack of security on wireless networks. They perceived the need for a wireless intrusion detection system that could keep administrators informed about what was happening on their network. At about the same time, Foundstone, Inc. approached Carnegie Mellon with a proposal to work together to develop such a system. Throughout the summer the Carnegie Mellon students conducted studies of wireless networks and found many lacked the basic configurations necessary to provide even minimal levels of security. In August development work began, and over the next four months the threemember graduate team, assisted by a member of Foundstone, devoted 90 hours a week to the project. Using standard methodologies developed by Carnegie Mellon and Foundstone, the team developed Whiff, a wireless intrusion detection system that provides network administrators with constant security reports, allowing them to make informed security decisions Foundstone, Inc. All Rights Reserved 1
5 Scope and Objectives This white paper focuses on the security features of Whiff. It describes the system s purpose, how it works (including collection methodologies, reporting mechanisms, and underlying security architecture), and how it can be used to improve wireless network security. We also provide references for those who wish to read more about the tools and technologies used. This project is not intended to be the "silver bullet" that dramatically increases the state of security of wireless networks. Identification of intruders is an important step toward that goal, but it is only one part of a larger effort. The overall security of a system involves blending many technical components with sound policy to create a total package. Our goal is to provide administrators with an image of what is happening on their network. Armed with this information, they will be able to make better decisions and take actions to improve network security Foundstone, Inc. All Rights Reserved 2
6 Background: Problems with Wireless Network Security In the early days of local area networks security was addressed by controlling physical access to facilities, and insiders were the primary threat. With the advent of the Internet and the adoption of wide area networks, administrators were forced to defend their network not only against those with physical access, but against the larger community of people with Internet access or even just modems. Hackers began using automated scripts to call phone numbers at random, searching for modems through which they could access networks. This became known as war dialing. Still, attackers had to enter the network from a known point, such as a telephone number or IP address, making them at least somewhat traceable. In recent years an entirely new class of attacks has emerged. Proliferation of wireless technologies has enabled attackers to enter networks, quite literally, out of thin air. Using simple, free software, a new generation of hackers is able to locate wireless networks, eavesdrop on communications, and commandeer resources. The practice of wandering around in search of wireless networks is referred to as war driving, which is a play on the earlier modem discovery technique. With the proper antenna, the attack can come from as far as several miles away. Thus detection and identification of the intruder presents unique challenges which render many traditional intrusion detection techniques ineffective. Compounding the problem is the fact that the b wireless Ethernet standard contains fundamental security vulnerabilities. Recognizing that eavesdropping is an inherent problem in any wireless system because of the inability to control the propagation of radio waves, the designers of the standard included WEP, the wired equivalent privacy protocol, in b. WEP is a layer two security protocol that employs the RC4 encryption algorithm. While the algorithm itself is sound, the implementation is flawed, allowing WEP to be broken in a matter of minutes. To a determined attacker, it is a mere inconvenience. Traditional network security models rely heavily on perimeter protection. Administrators of wireless networks must recognize, however, that many attacks originate behind these outer defenses. Much of the security must therefore be handled at the host and application levels. Solid host security and higher level encryption protocols such as IPSec address many of the vulnerabilities introduced through the use of wireless networks. Still, if network administrators are to make informed security decisions, implement sound policies, and deploy available security technology effectively, they must be able to identify wireless assets, monitor network activity, and detect intruders Foundstone, Inc. All Rights Reserved 3
7 Solution: WHIFF Wireless Intrusion Detection System Whiff dynamically creates and reports a complete asset inventory of wireless devices, detects the presence of rogue wireless clients or access points, detects wireless and traditional intrusion attempts, and alerts administrators to exposures. Alerts Whiff includes one or more listeners, which continuously monitor all wireless activity in their vicinity and report back to a central correlation engine. The listeners generate four classes of alerts: Rogue access points Rogue clients Traditional IDS alerts Wireless-specific alerts Rogue Clients and Access Points Rogue clients and access points are identified by detecting the presence of MAC addresses not included in a known good list. The list of known access points is updated periodically by the correlation engine. Upon detection of a rogue MAC address, the listener generates an alert, which it transmits to the correlation engine. The engine filters all incoming alerts (removing duplicates), loads a record of the alerts into a database, and notifies administrators via . Traditional IDS Alerts Traditional IDS alerting is facilitated through the use of Snort, an open source intrusion detection system. Snort definitions may be customized and prioritized based on the needs of a specific environment. Traditional IDS alerts are collected by each listener and periodically transmitted back to the correlation engine, where they are sorted in a manner similar to that of the rogue MAC alerts and added to the database. Wireless-Specific Alerts Wireless-specific alerts are a function of the Kismet wireless sniffer, an open source program upon which much of this project is based. Wireless-specific alerts are generated by conditions matching special signatures that would arise only in a wireless network, such as the presence of a NetStumbler probe. Wireless-specific alerts are handled in a batch fashion, just like traditional IDS alerts. Web Interface In addition to automated notifications, alerts may be viewed through a web interface on the correlation engine. The web interface may also be used to update configuration files automatically distributed to the listeners, view various statistics regarding the status of the network, configure administrator accounts, add MAC addresses to the known good list, and view a propagation map displaying the wireless network footprint. Communication with the web interface is secured through certificate-based authentication and SSL encryption Foundstone, Inc. All Rights Reserved 4
8 WHIFF in Detail Architecture The components of the Whiff system architecture were selected to provide the best possible functionality, given a number of technical and financial constraints. These constraints included the need to limit the amount of additional strain on the network and to make any machines and traffic added to the network as secure as possible. While our goal was to achieve a technologically superior solution, we were also heedful of the need to minimize hardware requirements and software expenditures. The Whiff architecture comprises the following four modules, diagramed in Figure 1 (page 8): Listener Notification Correlation Interface Listener The listeners act as continuous collection points for wireless data. These machines passively monitor b traffic within antenna range and report a variety of anomalies back to the correlation server. Our listener implementation consists of standard PCs and laptops using either a Lucent Orinoco or Prism II based wireless card, although almost any card capable of running in monitor mode would work. These systems run a standard installation of Redhat Linux 8.0 and primarily use two excellent and freely available software packages, Kismet and Snort. Access to open source was invaluable to the success of this project, as it was necessary, for example, in the case of Kismet, to add some reporting features to the software. Kismet operates by placing wireless cards in monitor mode and then continuously hopping between b channels to gather data throughout the entire used 2.4GHz spectrum. Unlike standard packet sniffers, such as TCPDump and Ethereal, Kismet is also able to monitor level II wireless traffic, including b management frames and packets (Probe Request, Probe Response, Beacon Frame, etc.). Kismet simultaneously records GPS data, which is later used by the interface module to produce signal propagation maps. Theoretically, mobile listeners could be set up using any NMEA GPS or GPSD software package. Because Whiff listeners are relatively stationary, however, and would likely be placed inside buildings, usually out of satellite range, a GPS might not work. To deal with this limitation, we developed a GPS simulator, GPSDork, which simulates the NMEA GPS signals at any given latitude and longitude. To limit bandwidth usage, much of the initial processing is performed on the listeners, with only anomalies and summary data reported to the next module, the correlation engine. The data collected by Kismet is analyzed in real time to watch for a variety of suspicious activities, as described in the Alerts section above. The TCP/IP traffic is then passed through Snort, a signature based IDS, to watch for any malicious activity on the wireless network Foundstone, Inc. All Rights Reserved 5
9 All of these actions are orchestrated through a series of Perl scripts, which ultimately transfer the processed data to the correlation engine. For security reasons, the listeners do not allow any incoming connections, and simply push the data back to the server at set intervals. System configuration files for the listeners may be changed through the web-based interface module, which the listeners periodically inspect for changes and use to update themselves as necessary. All communications with the listeners are authenticated and encrypted through a certificate-based SSL connection. This is accomplished with curl, using HTTP PUT commands to a special uploads directory on the Apache web server. Correlation The correlation module receives data from the listener and processes it into a series of MySQL tables for use by the interface module. If there are multiple listeners, the Perl scripts first compare all of the alerts and eliminate duplicates. They also throttle the alerts to prevent excessive messages from being sent to the administrator. (Related alerts in rapid succession are grouped into a single alert for notification.) If a rogue client is detected, a correlation script determines if the client has associated itself with the network. If the client has been assigned an IP number, the script launches an Nmap port scan and attempts to determine the host operating system. This information, which may aid in tracking down the rogue host, is delivered to the administrator as part of the alert notification and is also entered into the database. A second benefit of the Nmap scan is that it serves as a shot across the bow, letting possible intruders know they are being tracked. If an intruder were running a personal firewall, they would probably be notified that they are being port-scanned, which might encourage them to look elsewhere. The correlation script then uses GPSMap to build a propagation map from the GPS and wireless network data. The display characteristics of this map are configurable in the interface, as shown in Figure 8. Finally, the correlation scripts archive all of the data, ensuring that in the event of a major security incident, administrators have full access to a detailed history. In the case of signature-based (Snort) alerts, the archive includes any suspicious traffic in TCPDump format, which allows much more detailed analysis than the alert description. In a production environment this data would probably be moved to offline backup media, as it is not directly accessed again by Whiff. Our correlation engine is implemented on a pc server running Redhat Linux 8.0 (minimum specifications in Figure 1). The correlation, notification, and interface modules all reside on this machine, so there is significant overlap in both scripts and system software. The primary software packages used for correlation and notification are the MySQL relational database, the Apache Web Server, GPSMap, Nmap, and OpenSSL. All are open source and freely available Foundstone, Inc. All Rights Reserved 6
10 Notification The notification and correlation modules are conceptually distinct but technically intertwined. The function of the notification script is to gather alert data from the correlation processes and deliver it to an administrator in real time. If the administrator does not care about real-time alerting, this module can easily be disabled, as all of the alert information is also available in the web-based interface. The notification module may be configured to enable or disable Nmap scans and can deliver messages to any address or administrator list. Alert messages are simple and text based, so they display correctly on a pager or wireless PDA. Administrator notification requires access to an SMTP mail gateway for delivery of e- mailed alerts. We have not discussed implementation of an SMTP server in our architecture, as most organizations have one in place or have access to one through their ISP. A sample alert is shown in Figure 2 in the Features discussion below. Interface The interface module provides a web-based console to view alerts, IDS incidents, and rogue clients and access points. It also provides a wide variety of detail views and allows administrators to tag or add comments to alerts following investigation. They can also add rogue devices to the known good list. Access to this system is secured by a certificate-based SSL connection, coupled with a username/password login. This module, which resides on the same correlation server, dynamically generates Whiff views from the MySQL database through a series of PHP scripts. These PHP scripts also make it easy to change data or remote listener configurations from the administrator console. Configuration changes are saved to files on the server, where they are read by the listeners during each reporting interval Foundstone, Inc. All Rights Reserved 7
11 Figure 1 - Whiff Modules and Architecture Foundstone, Inc. All Rights Reserved 8
12 Features In designing Whiff, our goal was a feature set that would not only enhance the overall security of networks, but would also make the network administrator s job a little easier. While this feature set is by no means complete, we feel it includes appropriate functionality for an initial implementation. Reporting Like any other IDS, Whiff generates a great deal of data; one of the biggest design issues was how to best present this data to users. We chose a web-based interface for its consummate lightness and portability, being accessible from any browser. The Whiff homepage provides a single place for administrators to view up-tothe-second wireless network activity, including the most recent alerts of each type, signal propagation, and current status of each listener. Figure 2 - Whiff Home Page Foundstone, Inc. All Rights Reserved 9
13 Rogue Access Points As the cost of wireless access points falls and the desire for convenience and mobility climbs, so too does the likelihood of one or more rogue access points appearing on a network. Rogue access points pose a serious threat to the security of networks, as they are likely to be located behind the firewalls erected to keep intruders out. Whiff presents a partial list of rogue access point alerts on its homepage and a full list on the Rogue APs page, both of which link to more detailed information. At the detail page administrators can add comments to an alert and change its status to in-progress (being looked into) or closed (no longer displayed in the interface). They can also add the MAC of the rogue access point to the known good list, which is then pulled from the server by listeners during each reporting period. Figure 3 - Rogue Access Point Detail Foundstone, Inc. All Rights Reserved 10
14 Rogue Clients (including OS Identification) Wireless networks offer the advantage of allowing users to move freely around a facility while maintaining network connectivity. While this convenience makes life easier for users, it also makes life easier for intruders, who can gain access to the network simply through a handheld device, wireless card, and software freely available on the Internet. Whiff detects rogue clients and lists them on both the homepage and Rogue Client page. Clicking on an entry in the list takes administrators to a detail page, which displays the rogue client s IP address, operating system, and open ports (captured through Nmap scanning). Figure 4 - Rogue Client Detail Foundstone, Inc. All Rights Reserved 11
15 Traditional IDS (Snort-based) Whiff employs the Kismet wireless sniffer, along with Snort, to provide traditional (layer 3) intrusion detection support for wireless traffic. This is necessary because the IDS already in place on the wired network cannot be relied upon to pick up all wireless attacks. In cases where wireless traffic does not touch the wired network for example, where a wireless client is attacking another wireless client on the same access point or where an access point has been compromised and is being used against its client base additional protection is required. Similar to Whiff s other reporting features, Snort-based alerts are presented in two places: the homepage and a Snort Alert page. A unique feature, however, is that Snort-based alerts are sorted by priority level, with higher priorities listed first. Detailed information necessary to determine what happened, when it occurred, and who was involved can be viewed by clicking on any alert in the list. Among the detail available is attack signature and class, source and destination IP address and port, and links to reference information. The actual data that triggered the alert is, of course, archived for further analysis if required. Figure 5 - Snort-Based Alert Detail Foundstone, Inc. All Rights Reserved 12
16 Wireless-specific (Kismet-based) In addition to traditional signature-based alerts, Whiff uses the Kismet wireless sniffer to analyze wirelessspecific (802.11b), generally layer 2, traffic. This type of alert is generated by Kismet when it sees specific frame signatures, including those of some popular wireless discovery tools such as NetStumbler and Wellenreiter. These tools can be detected because their method of network discovery involves broadcasting beacon frames, which anything listening, including Kismet, can hear. Whiff can also generate wireless-specific alerts by scanning for vulnerability in access points caused by software that responds to broadcast queries by echoing back administrative information. These alerts are displayed along with the other alerts on the Whiff homepage and can also be viewed on the Kismet Alerts page. By selecting an individual alert, administrators can view a description of the attack, including the source MAC and, in some cases, IP address. As with other alert types, comments can be added and status changed as each alert is handled. Figure 6 - Kismet-Based Alert Detail Foundstone, Inc. All Rights Reserved 13
17 Network Status (APs and Clients) In addition to the alert reporting described above, Whiff enables system administrators to view both access point and client-specific information. The Access Point page displays the most recent access point data from each listener, including MAC address, service set identifier (SSID), WEP usage, reporting listener, broadcast channel, and manufacturer. Selecting the desired MAC address link displays details for that access point, including a breakdown of packets seen and a list of associated clients (see Figure 7). The packet breakdown can be used to monitor the state of the wireless network, determining under- or overused segments. Knowing which clients are associated with each access point is also useful in troubleshooting and locating rogue clients. From the access point detail page, additional detail can be viewed by selecting the desired client MAC. Available client data includes configuration information similar to that provided for access point detail as well as IP address and the means by which the client was identified. Figure 7 - Whiff Access Point Detail Foundstone, Inc. All Rights Reserved 14
18 Graphical Signal Propagation One of the security risks inherent in wireless networks is the propagation of wireless signals beyond the walls of the organization. While it is difficult to determine with precision the reach of a wireless network, it is possible to come up with an estimate based on network factors such as signal strength and GPS-based point data. Whiff uses the Gpsmap utility to generate a graphical representation of the wireless signal propagation. This propagation map is displayed at a reduced scale on the homepage and at full size on the Signal Propagation page. Some of the Gpsmap provisions for displaying network propagation may be more accurate than others depending on network-specific factors. For this reason, we ve implemented a Propagation Configuration page (see Figure 8), which allows system administrators to test and update default Gpsmap options. Figure 8 - Whiff Propagation Configuration Foundstone, Inc. All Rights Reserved 15
19 Listener Status Continuous reporting of activity from listeners is essential to Whiff performance. The homepage therefore includes a display of the current status of each listener, including its name and a Last Reported timestamp. Administrators can also access a full history of the listener s reporting times to make sure it is functioning as expected. Notifications In addition to providing alert reporting through the web interface, Whiff generates notification s that report details on the combined alerts from all listeners. Real-Time Occasionally system administrators may not have access to the web interface but still need to know what is happening on their network. A real-time notification mechanism fills this need. Each Whiff listener sends realtime alert data to the server, where the correlation engine refines the data, eliminating any redundant alerts from overlapping listeners. Notification s currently report all alerts except traditional IDS alerts (see Figure 9). Figure 9 - Whiff Notification This is an automated intrusion notification. WARNING: Unknown CLIENT detected!! MAC: 00:02:2D:5D:24:00 AP: 00:60:1D:F2:05:00 IP: OS: Ports: WARNING: Kismet alert detected!! NetStumbler (3.23) probe deted from 00:02:2D:05:64:00 WARNING: Unknown ACCESS POINT detected!! SSID: 00:05:3C:04:2C:00 MAC: 00:60:1D:23:C3:00 WARNING: Unknown CLIENT detected!! MAC: 00:02:2D:0F:38:00 AP: 00:60:1D:F2:05:00 IP: OS: Ports: This concludes this intrusion notification Foundstone, Inc. All Rights Reserved 16
20 Centralized Administration The majority of Whiff installations will be of a distributed nature with multiple listeners reporting back to a single server. Manageability issues with this type of architecture make centralized administration a key system requirement. Whiff User Whiff user administration is performed through the web interface, with user data, including hashed passwords, stored in the user table of the database. As illustrated in Figure 10, administrators can add or remove users, or update user information, such as changing the associated group. Figure 10 - Whiff User Administration Foundstone, Inc. All Rights Reserved 17
21 Whiff Listener Each Whiff listener has its own identity, defined through its configuration files. Whiff also provides a number of configurable time-interval-based options, which can be tweaked during initial setup to suit specific network needs. While configuration files, once set, generally remain fairly stable, the distributed nature of Whiff suggested the need for an easy method of making changes. The system therefore includes a Listener Configuration page, which allows administrators to modify all configuration file from a single interface. Updated files are subsequently pulled from the server by the appropriate listener. Figure 11 - Whiff Configuration Administration Foundstone, Inc. All Rights Reserved 18
22 Security Whiff, a security tool for wireless networks, also incorporates features that enhance its own security. Certificate-based User Authentication The wealth of information Whiff provides about the wireless network should not be available to just anyone. The Whiff web server restricts access by performing user authentication based on client certificates distributed only to valid parties. Certificate-based File Transfers Whiff s centralized listener configuration, data storage, and notifications require sensitive files to be transferred between listeners and the server. Client certificates are used to authenticate listeners when they attempt to connect to the server to pickup configuration updates or deliver network and alert data. Role-based Security Whiff offers role-based security to ensure that users with different functions have access to only those features they need to do their jobs. (Currently the database and user administrative roles have been implemented.) Possible Enhancements A number of desirable features emerged during the development and testing of Whiff. Some of those that didn t make the cut for the first version include: Trend reporting Known-but-not-ours MAC list Extended client OS identification Trend Reporting The addition of trend reporting to the Whiff web interface would provide system administrators with the ability to track activity on their wireless network over time. Examples of such activity include the number of clients associated with any access point, occurrences of alerts, and overall wireless traffic. Tracking client counts and wireless traffic in this way would enable system administrators to make informed decisions about tuning and upgrading wireless networking equipment. It could also help administrators and security experts better understand network attackers. The more known about the opponent, the greater the likelihood of ultimately gaining victory--historical tracking is a step toward this goal. Known But Not Ours MAC List During the course of our testing we noticed that we were continually receiving rogue client alerts for access points not on our test network. As wireless networks proliferate, overlapping wireless signals become more likely, creating the problem of distinguishing one s own network from one s that of one s neighbor Foundstone, Inc. All Rights Reserved 19
23 This issue pertains to both access points and clients, and is currently being handled by adding the MAC addresses of each to our known good list. As we quickly found out, this solution is less than optimal, as the administrator may be flooded with rogue client alerts, each of which must be verified. Our suggestion for a more workable solution is to add a list of known but not ours access point MAC addresses. This would allow system administrators to verify only the whereabouts of rogue access points, programmatically disregarding all clients associated with them. Extended Client OS Identification Whiff currently identifies rogue clients by validating clients on the network against a list of known good MAC addresses maintained by the system administrator. This procedure, however, doesn t provide a means of identifying clients that may be spoofing the MAC of a known client. Such an attack may not be as unlikely as it seems, given that it 's trivial for attackers to sniff known MAC addresses out of the air and update their wireless settings accordingly. As discussed previously in this paper, Whiff supports limited Nmap scanning of rogue clients for the purpose of identifying and reporting the open ports and operating system of the offending system. One way to overcome this spoofing shortcoming is to perform more extensive client scanning, essentially maintaining system status for each client. Scanning would take place at a specified interval, and the results would be compared with historical data for the corresponding client, with alerts generated if too much has changed. (Both scanning interval and change threshold would be configurable.) All of this presupposes the resolution of a number of outstanding issues with extended client identification. Work needs to be done, for example, on handling dual or multi-boot machines, retrieving system status for machines with personal firewalls, and preventing scans from being picked up by IDSes Foundstone, Inc. All Rights Reserved 20
24 Conclusion Throughout the project, the extent of the problems with wireless network security became increasingly obvious. During a half-hour war drive around Pittsburgh, the project team uncovered 484 wireless access points; 364 of which were not even running WEP, and many with default configurations. Even more frightening is the fact that while beta testing some of Whiff s alerting features at home, one team member was notified of an unknown client on his home network. Initially expecting a false positive, he checked his access point logs and found that an intruder was indeed present. Upon being port scanned, the intruder immediately disconnected from the network, never to be seen again. Clearly there is an urgent need to gather information about what is happening on wireless networks. Whiff provides a picture of the boundaries of a wireless network, the devices connected to it, and the traffic flowing over it. While identification of attacks and vulnerabilities is only one part of an overall security plan, it is a critical first step in the effort to improve wireless network security. The experience and knowledge gained during this project will enhance and refine future versions of Foundstone s industry leading security software Foundstone, Inc. All Rights Reserved 21
25 Resources Kismet MySQL Apache PHP O Reilly Perl.com curl Nmap Foundstone Carnegie Mellon Snort Snax Orinoco patch GPSD Foundstone, Inc. All Rights Reserved 22
Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline
Overview The following note covers information published in the PCI-DSS Wireless Guideline in July of 2009 by the PCI Wireless Special Interest Group Implementation Team and addresses version 1.2 of the
More informationWIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
WIRELESS SECURITY Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Wireless LAN Security Learning Objectives Students should be able
More informationWireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com
Wireless Security Overview Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com Ground Setting Three Basics Availability Authenticity Confidentiality Challenge
More informationWLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.
Wireless LAN Attacks and Protection Tools (Section 3 contd.) WLAN Attacks Passive Attack unauthorised party gains access to a network and does not modify any resources on the network Active Attack unauthorised
More informationPwC. Outline. The case for wireless networking. Access points and network cards. Introduction: OSI layers and 802 structure
PwC Outline Wireless LAN Security: Attacks and Countermeasures 1. Introduction 2. Problems with 802.11 security 3. Attacks on and risks to Wireless Networks 4. Defending wireless networks ISACA Hong Kong
More informationIntrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS) What are They and How do They Work? By Wayne T Work Security Gauntlet Consulting 56 Applewood Lane Naugatuck, CT 06770 203.217.5004 Page 1 6/12/2003 1. Introduction Intrusion
More informationSecond-generation (GenII) honeypots
Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they
More informationHow To Protect A Wireless Lan From A Rogue Access Point
: Understanding Security to Ensure Compliance with HIPAA Healthcare is a natural environment for wireless LAN solutions. With a large mobile population of doctors, nurses, physician s assistants and other
More informationWireless Tools. Training materials for wireless trainers
Wireless Tools Training materials for wireless trainers This talk covers tools that will show you a great deal of information about wireless networks, including network discovery, data logging, security
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationA Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model
A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model Table of Contents Introduction 3 Deployment approaches 3 Overlay monitoring 3 Integrated monitoring 4 Hybrid
More informationSecurity Awareness. Wireless Network Security
Security Awareness Wireless Network Security Attacks on Wireless Networks Three-step process Discovering the wireless network Connecting to the network Launching assaults Security Awareness, 3 rd Edition
More informationIndustrial Communication. Securing Industrial Wireless
Industrial Communication Whitepaper Securing Industrial Wireless Contents Introduction... 3 Wireless Applications... 4 Potential Threats... 5 Denial of Service... 5 Eavesdropping... 5 Rogue Access Point...
More informationSecurity Event Management. February 7, 2007 (Revision 5)
Security Event Management February 7, 2007 (Revision 5) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 CRITICAL EVENT DETECTION... 3 LOG ANALYSIS, REPORTING AND STORAGE... 7 LOWER TOTAL COST
More informationEnterprise A Closer Look at Wireless Intrusion Detection:
White Paper Enterprise A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model Josh Wright Senior Security Researcher Introduction As wireless enterprise networks become
More informationChapter 3 Safeguarding Your Network
Chapter 3 Safeguarding Your Network The RangeMax NEXT Wireless Router WNR834B provides highly effective security features which are covered in detail in this chapter. This chapter includes: Choosing Appropriate
More informationChapter 2 Configuring Your Wireless Network and Security Settings
Chapter 2 Configuring Your Wireless Network and Security Settings This chapter describes how to configure the wireless features of your DG834N RangeMax TM NEXT Wireless ADSL2+ Modem Router. For a wireless
More informationTopics in Network Security
Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationWHITE PAPER. WEP Cloaking for Legacy Encryption Protection
WHITE PAPER WEP Cloaking for Legacy TM Encryption Protection Introduction Wired Equivalent Privacy (WEP) is the encryption protocol defined in the original IEEE 802.11 standard for Wireless Local Area
More informationChapter 9 Monitoring System Performance
Chapter 9 Monitoring System Performance This chapter describes the full set of system monitoring features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. You can be alerted to important
More informationNetwork Instruments white paper
Network Instruments white paper USING A NETWORK ANALYZER AS A SECURITY TOOL Network Analyzers are designed to watch the network, identify issues and alert administrators of problem scenarios. These features
More informationROGUE ACCESS POINT DETECTION: AUTOMATICALLY DETECT AND MANAGE WIRELESS THREATS TO YOUR NETWORK
ROGUE ACCESS POINT DETECTION: AUTOMATICALLY DETECT AND MANAGE WIRELESS THREATS TO YOUR NETWORK The Rogue Access Point Problem One of the most challenging security concerns for IT managers today is the
More informationTop Three POS System Vulnerabilities Identified to Promote Data Security Awareness
CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA
More information9 Simple steps to secure your Wi-Fi Network.
9 Simple steps to secure your Wi-Fi Network. Step 1: Change the Default Password of Modem / Router After opening modem page click on management - access control password. Select username, confirm old password
More informationAttacking Automatic Wireless Network Selection. Dino A. Dai Zovi and Shane A. Macaulay {ddaizovi,smacaulay1}@bloomberg.com
Attacking Automatic Wireless Network Selection Dino A. Dai Zovi and Shane A. Macaulay {ddaizovi,smacaulay1}@bloomberg.com We made Slashdot! Hackers, Meet Microsoft "The random chatter of several hundred
More informationClosing Wireless Loopholes for PCI Compliance and Security
Closing Wireless Loopholes for PCI Compliance and Security Personal information is under attack by hackers, and credit card information is among the most valuable. While enterprises have had years to develop
More informationWireless Intrusion Detection Systems (WIDS)
Systems (WIDS) Dragan Pleskonjic CONWEX Dragan_Pleskonjic@conwex.net dragan@empowerproduction.com Motivation & idea Wireless networks are forecasted to expand rapidly (Wi-Fi IEEE 802.11a/b/g ) WLANs offer
More informationIBM. Vulnerability scanning and best practices
IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationProtecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems
Page 1 of 5 Protecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems In July the Payment Card Industry Security Standards Council (PCI SSC) published
More informationSOUTHERN POLYTECHNIC STATE UNIVERSITY. Snort and Wireshark. IT-6873 Lab Manual Exercises. Lucas Varner and Trevor Lewis Fall 2013
SOUTHERN POLYTECHNIC STATE UNIVERSITY Snort and Wireshark IT-6873 Lab Manual Exercises Lucas Varner and Trevor Lewis Fall 2013 This document contains instruction manuals for using the tools Wireshark and
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More informationSolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements
SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements SolarWinds Security Information Management in the Payment Card
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationSOHO 6 Wireless Installation Procedure Windows 95/98/ME with Internet Explorer 5.x & 6.0
SOHO 6 Wireless Installation Procedure Windows 95/98/ME with Internet Explorer 5.x & 6.0 Before You Begin Before you install the SOHO 6 Wireless, you must have: A computer with a 10/100BaseT Ethernet card
More informationTaxonomy of Intrusion Detection System
Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use
More informationWireless Security: Secure and Public Networks Kory Kirk
Wireless Security: Secure and Public Networks Kory Kirk Villanova University Computer Science kory.kirk@villanova.edu www.korykirk.com/ Abstract Due to the increasing amount of wireless access points that
More informationWireless Network Analysis. Complete Network Monitoring and Analysis for 802.11a/b/g/n
Wireless Network Analysis Complete Network Monitoring and Analysis for 802.11a/b/g/n Comprehensive Wireless Network Management Made Simple From deploying access points to baselining activity to enforcing
More informationChapter 15: Advanced Networks
Chapter 15: Advanced Networks IT Essentials: PC Hardware and Software v4.0 1 Determine a Network Topology A site survey is a physical inspection of the building that will help determine a basic logical
More informationNetwork Based Intrusion Detection Using Honey pot Deception
Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.
More informationSCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005
SCADA System Security ECE 478 Network Security Oregon State University March 7, 2005 David Goeke Hai Nguyen Abstract Modern public infrastructure systems
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationMN-700 Base Station Configuration Guide
MN-700 Base Station Configuration Guide Contents pen the Base Station Management Tool...3 Log ff the Base Station Management Tool...3 Navigate the Base Station Management Tool...4 Current Base Station
More informationSecurity in Wireless Local Area Network
Fourth LACCEI International Latin American and Caribbean Conference for Engineering and Technology (LACCET 2006) Breaking Frontiers and Barriers in Engineering: Education, Research and Practice 21-23 June
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More informationTHE ROLE OF IDS & ADS IN NETWORK SECURITY
THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker
More informationFirewalls & Intrusion Detection
Firewalls & Intrusion Detection CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration 2007, 2008 Robert H. Sloan Security Intrusion
More informationObserver Analyzer Provides In-Depth Management
Comprehensive Wireless Network Management Made Simple From deploying access points to baselining activity to enforcing corporate security policies, the Observer Performance Management Platform is a complete,
More informationChapter 4 Customizing Your Network Settings
. Chapter 4 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the Wireless-G Router Model WGR614v9, including LAN, WAN, and routing settings. It
More informationChapter 4 Firewall Protection and Content Filtering
Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN to protect your network.
More informationRAVEN, Network Security and Health for the Enterprise
RAVEN, Network Security and Health for the Enterprise The Promia RAVEN is a hardened Security Information and Event Management (SIEM) solution further providing network health, and interactive visualizations
More informationINTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK PACKET SNIFFING MS. SONALI A. KARALE 1, MS. PUNAM P. HARKUT 2 HVPM COET Amravati.
More informationEbonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science
Security Measures taken in Securing Data Transmission on Wireless LAN 1 AGWU C. O., 2 ACHI I. I., AND 3 OKECHUKWU O. 1 Department of Computer Science Ebonyi State University Abakaliki 2 Department of Computer
More informationHow to build and use a Honeypot. Ralph Edward Sutton, Jr. DTEC 6873 Section 01
How to build and use a Honeypot By Ralph Edward Sutton, Jr DTEC 6873 Section 01 Abstract Everybody has gotten hacked one way or another when dealing with computers. When I ran across the idea of a honeypot
More informationWireless Networks. Keeping your network running smooth and secure with the latest security and site analyses
Wireless Networks Keeping your network running smooth and secure with the latest security and site analyses A wireless network can be one of the most important features of your business, creating efficiencies,
More informationArchitecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference
Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security Objectives Overview of IEEE 802.11 wireless security Define vulnerabilities of Open System Authentication,
More informationFirewall and UTM Solutions Guide
Firewall and UTM Solutions Guide Telephone: 0845 230 2940 e-mail: info@lsasystems.com Web: www.lsasystems.com Why do I need a Firewall? You re not the Government, Microsoft or the BBC, so why would hackers
More informationTk20 Network Infrastructure
Tk20 Network Infrastructure Tk20 Network Infrastructure Table of Contents Overview... 4 Physical Layout... 4 Air Conditioning:... 4 Backup Power:... 4 Personnel Security:... 4 Fire Prevention and Suppression:...
More informationPenetration Testing Report Client: Business Solutions June 15 th 2015
Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com
More informationPacket Sniffer Detection with AntiSniff
Ryan Spangler University of Wisconsin - Whitewater Department of Computer and Network Administration May 2003 Abstract Packet sniffing is a technique of monitoring every packet that crosses the network.
More informationADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3
ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3 TO THE Overview EXHIBIT T to Amendment No. 60 Secure Wireless Network Services are based on the IEEE 802.11 set of standards and meet the Commonwealth of Virginia
More informationFifty Critical Alerts for Monitoring Windows Servers Best practices
Fifty Critical Alerts for Monitoring Windows Servers Best practices The importance of consolidation, correlation, and detection Enterprise Security Series White Paper 6990 Columbia Gateway Drive, Suite
More informationTechnical Brief. Wireless Intrusion Protection
Technical Brief Wireless Intrusion Protection Introduction One layer of the multi-layer wireless security solution provided by Aruba Wireless Networks is the ability to lock the air using wireless intrusion
More informationDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities Learning Objectives Name the common categories of vulnerabilities Discuss common system
More informationSCADA SYSTEMS AND SECURITY WHITEPAPER
SCADA SYSTEMS AND SECURITY WHITEPAPER Abstract: This paper discusses some of the options available to companies concerned with the threat of cyber attack on their critical infrastructure, who as part of
More informationSecurity Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions
Security Awareness For Server Administrators State of Illinois Central Management Services Security and Compliance Solutions Purpose and Scope To present a best practice approach to securing your servers
More informationWLAN Security Why Your Firewall, VPN, and IEEE 802.11i Aren t Enough to Protect Your Network
WLAN Security Why Your Firewall, VPN, and IEEE 802.11i Aren t Enough to Protect Your Network 339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net Executive Summary Wireless
More informationWHITEPAPER. Wireless LAN Security for Healthcare and HIPAA Compliance
WHITEPAPER Wireless LAN Security for Healthcare and HIPAA Compliance Wireless LAN Security for Healthcare and HIPAA Compliance Wireless deployments in healthcare institutions have accelerated as mobility
More informationA Research Study on Packet Sniffing Tool TCPDUMP
A Research Study on Packet Sniffing Tool TCPDUMP ANSHUL GUPTA SURESH GYAN VIHAR UNIVERSITY, INDIA ABSTRACT Packet sniffer is a technique of monitoring every packet that crosses the network. By using this
More informationWHITE PAPER. Wireless LAN Security for Healthcare and HIPAA Compliance
WHITE PAPER Wireless LAN Security for Healthcare and HIPAA Compliance Wireless LAN Security for Healthcare and HIPAA Compliance Wireless deployments in healthcare institutions have accelerated as mobility
More informationSCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP
SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations
More informationNetwork Attacks and Defenses
Network Attacks and Defenses Tuesday, November 25, 2008 Sources: Skoudis, CounterHack; S&M Chapter 5 (including many images) CS342 Computer Security Department of Computer Science Wellesley College Networks
More informationThe Nexpose Expert System
Technical Paper The Nexpose Expert System Using an Expert System for Deeper Vulnerability Scanning Executive Summary This paper explains how Rapid7 Nexpose uses an expert system to achieve better results
More informationFISMA / NIST 800-53 REVISION 3 COMPLIANCE
Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationWiFi Security Assessments
WiFi Security Assessments Robert Dooling Dooling Information Security Defenders (DISD) December, 2009 This work is licensed under a Creative Commons Attribution 3.0 Unported License. Table of Contents
More informationToday s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, 2009. Concepts.
Protect - Detect - Respond A Security-First Strategy HCCA Compliance Institute April 27, 2009 1 Today s Topics Concepts Case Study Sound Security Strategy 2 1 Security = Culture!! Security is a BUSINESS
More informationJK0 015 CompTIA E2C Security+ (2008 Edition) Exam
JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationBanking Security using Honeypot
Banking Security using Honeypot Sandeep Chaware D.J.Sanghvi College of Engineering, Mumbai smchaware@gmail.com Abstract New threats are constantly emerging to the security of organization s information
More informationPRIVACY, SECURITY AND THE VOLLY SERVICE
PRIVACY, SECURITY AND THE VOLLY SERVICE Delight Delivered by EXECUTIVE SUMMARY The Volly secure digital delivery service from Pitney Bowes is a closed, secure, end-to-end system that consolidates and delivers
More informationLegacy 802.11 Security
Legacy 802.11 Security Contents Authentication Open System Authentication Shared Key Authentication Wired Equivalent Privacy (WEP) Encryption Virtual Private Networks (VPNs) Point-to-Point Tunneling Protocol
More informationData Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment
White Paper Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment Cisco Connected Analytics for Network Deployment (CAND) is Cisco hosted, subscription-based
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationDesigning, Securing and Monitoring 802.11a/b/g/n Wireless Networks
Designing, Securing and Monitoring 802.11a/b/g/n Wireless Networks The importance of Wireless today Increasingly in the Corporate Environment, Wireless is becoming an enabling technology to facilitate
More informationNETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9
NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document
More informationVirtualized Open-Source Network Security Appliance
Virtualized Open-Source Network Security Appliance By Daniel Secrist Submitted to the Faculty of the Information Technology Program in Partial Fulfillment of the Requirements for the Degree of Bachelor
More informationTop 10 Security Checklist for SOHO Wireless LANs
Expert Reference Series of White Papers Top 10 Security Checklist for SOHO Wireless LANs 1-800-COURSES www.globalknowledge.com Top 10 Security Checklist for SOHO Wireless LANs David Coleman, AirSpy Networks
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationREPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB
REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB Conducted: 29 th March 5 th April 2007 Prepared By: Pankaj Kohli (200607011) Chandan Kumar (200607003) Aamil Farooq (200505001) Network Audit Table of
More informationHow To Manage Sourcefire From A Command Console
Sourcefire TM Sourcefire Capabilities Store up to 100,000,000 security & host events, including packet data Centralized policy & sensor management Centralized audit logging of configuration & security
More information