802.11w's Impacts on WIPS

Similar documents
WLAN w Technology

NXC5500/2500. Application Note w Management Frame Protection. ZyXEL NXC Application Notes. Version 4.20 Edition 2, 02/2015

1. discovery phase 2. authentication and association phase 3. EAP/802.1x/RADIUS authentication 4. 4-way handshake 5. group key handshake 6.

HP ProCurve Mobility Security IDS/IPS Series

Air Marshal. White Paper

Technical Brief. Wireless Intrusion Protection

Enterprise A Closer Look at Wireless Intrusion Detection:

Ensuring HIPAA Compliance in Healthcare

The Wireless Network Road Trip

How To Secure Wireless Networks

Bluetooth Pairing. User Guide

A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model

Wireless Network Analysis. Complete Network Monitoring and Analysis for a/b/g/n

WLAN Security Why Your Firewall, VPN, and IEEE i Aren t Enough to Protect Your Network

AppPulse Mobile. Whitepaper: Overhead, Privacy, and Security. March 2016

Protect the Air: Testing Aruba Networks RFProtect AirWave Capabilities to Detect and Repel WLAN Attacks

Integrating Wired IDS with Wi-Fi Using Open-Source IDS to Complement a Wireless IDS/IPS Deployment

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Observer Analyzer Provides In-Depth Management

Wireless Network Security. Pat Wilbur Wireless Networks March 30, 2007

Go Wireless. Open up new possibilities for work and play

Sharing Pictures, Music, and Videos on Windows Media Center Extender

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

WiFi Security Assessments

PREVENTING WIRELESS LAN DENIAL OF SERVICE ATTACKS

All You Wanted to Know About WiFi Rogue Access Points

Administering Windows Server 2012 (20411) H4D01S

Legacy Security

HP Roar Plus Speaker. Other Features

Wireless security. Any station within range of the RF receives data Two security mechanism

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

Security Awareness. Wireless Network Security

HP JETADVANTAGE SECURITY MANAGER. Adding and Tracking Devices

Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking

Wireless LAN Pen-Testing. Part I

ProCurve Networking. Troubleshooting WLAN Connectivity. Technical White paper

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Modem and Local Area Network

Configuring Security Solutions

HP Software as a Service

CS 356 Lecture 29 Wireless Security. Spring 2013

WIRELESS SECURITY TOOLS

QuickSpecs. Models HP WA2110 Single Radio a/b/g Access Point HP WA2220 Dual Radio a/b/g Access Point

HP Networking Mobility Security IDS/IPS Series

ProLiant Essentials Intelligent Networking Active Path Failover in Microsoft Windows environments

Wireless Security: Secure and Public Networks Kory Kirk

Closing Wireless Loopholes for PCI Compliance and Security

Using HP ProLiant Network Teaming Software with Microsoft Windows Server 2008 Hyper-V or with Microsoft Windows Server 2008 R2 Hyper-V

United States Trustee Program s Wireless LAN Security Checklist

HP 830 Series PoE+ Unified Wired-WLAN Switch, HP 850/870 Unified Wired-WLAN Appliance, and HP 10500/ G Unified Wired-WLAN Module FAQ

Memory Modules User Guide

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

QuickSpecs. HP M n Access Point Series. Models HP M n WW Access Point. Key features

DESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland

HP Hardware Technical Support

Printing and Imaging Support on HP Compaq Thin Clients

HP ProCurve Wireless Access Point 10ag Overview

HP Device Manager 4.6

Guidelines for the Development and Evaluation of IEEE Intrusion Detection Systems (IDS)

Wireless Security and Healthcare Going Beyond IEEE i to Truly Ensure HIPAA Compliance

Release Notes: Version P.1.8 Software. Related Publications. for HP ProCurve 1810G Switches

HP Velocity Live QoS Support

Advanced Solutions of Microsoft SharePoint Server 2013 (20332) H6C76S

HP E-M110 Access Point Series. Product overview. Key features. Data sheet

HP Device Manager 4.7

HP Device Manager 4.7

Installing Microsoft Windows

How to configure MAC authentication on a ProCurve switch

ProCurve Switch ProCurve Switch

Synchronizing ProCurve IDM and Windows Active Directory

Certified Wireless Security Professional (CWSP) Course Overview

Recommended Wireless Local Area Network Architecture

HP Priority Services. Priority Access

HP PDU Management Module Overview

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

HP network adapter teaming: load balancing in ProLiant servers running Microsoft Windows operating systems

ProCurve Mobility Manager 1.0

Wireless Intrusion Detection Systems (WIDS)

HP ThinPro. Table of contents. Connection Configuration for RDP Farm Deployments. Technical white paper

Installation Guide: Agentry Device Clients SAP Mobile Platform 2.3

How to configure 802.1X authentication with a Windows XP or Vista supplicant

PCI Wireless Compliance with AirTight WIPS

Denial of Service attacks: analysis and countermeasures. Marek Ostaszewski

An Overview of ZigBee Networks

Network Access Control ProCurve and Microsoft NAP Integration

HP ThinPro. Table of contents. USB Manager. Technical white paper

HP AP8760 Dual Radio a/b/g Access Point Overview

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points.

Comparison of ICM with TPF-LEP to Prevent MAC Spoof DoS Attack in Wireless Local Area Infrastructure Network

Transcription:

802.11w's Impacts on WIPS Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Part number: 5998-5988

Contents 802.11w's impacts on WIPS 1 Technical background 1 Impacts 1 Impacts on malformed packet detection 1 Impacts on countermeasures against rogue devices 2 Impacts because of software version limitations 3 i

802.11w's impacts on WIPS This document covers the impacts of the 802.11w protocol on the Wireless Intrusion Prevention System (WIPS). Technical background As a broadcast medium, Wi-Fi enables both legitimate and rogue devices to sniff and access the network. Wireless clients use 802.11 management frames, including association, disassociation, authentication, deauthentication, beacon, and probe frames, to establish and terminate network service sessions. During Wi-Fi communication, data frames are encrypted to enhance data security. However, management frames were designed to be transmitted unencrypted to ensure that all devices can hear and understand these frames. As a result, attackers can easily initiate attacks by spoofing the management frames. For example, an attacker might broadcast spoofed deauthentication frames to disassociate legitimate clients from an AP. Figure 1 Deauthentication flood attack AP 1 3 2 4 Attacker Legitimate clients 1. Clients connect to the AP. 2. The attacker broadcasts spoofed deauthentication frames. 3. Clients believe the spoofed deauthentication frames come from the AP. 4. Clients disconnect from the AP. Impacts Both WIPS and the 802.11w protocol can protect clients from spoofed management frame attacks. However, if you enable both WIPS and the 802.11w protocol in a WLAN, some functions of WIPS might be affected because robust management frames such as disassociation, deauthentication, and robust action frames encrypted by the 802.11w protocol cannot be parsed by WIPS. Impacts on malformed packet detection The 802.11w protocol encrypts the payload of a disassociation, deauthentication, or robust action frame, so malformed packet detection on payloads of disassociation, deauthentication, and robust 1

action frames is affected. Figure 2 and Figure 3 show examples of an unencrypted deauthentication frame where the deauthentication reason code is obtained and an encrypted deauthentication frame where the deauthentication reason code is not obtained. Figure 2 Unencrypted deauthentication frame Figure 3 Encrypted deauthentication frame Impacts on countermeasures against rogue devices When WIPS detects a rogue device, it sends deauthentication frames to disconnect the device from the WLAN. If the rogue device is enabled with the 802.11w protocol, the deauthentication frames sent by 2

WIPS will be discarded as invalid frames. Therefore, WIPS cannot take countermeasures against such rogue devices. Figure 4 Impacts on countermeasures against rogue devices AC AP PMF connection Sensor Deauth frames for countermeasure Invalid management frame, discard Rogue device Impacts because of software version limitations WIPS detects flood attacks by monitoring transmitted frames, and removes a client from the detected device list when it detects a deauthentication or disassociation frame for the client during device discovery. As shown in Figure 5, both flood attack detection and device discovery are performed after malformed packet detection in WIPS. In R2607P23, R3507P23 or earlier versions, WIPS identifies 802.11w-encrypted deauthentication or disassociation frames as malformed packets during malformed packet detection and sends the packets for statistics without further processing. Therefore, the following functions of WIPS are affected: Signature-based deauthentication and disassociation flood attack Removal of clients from the detected device list. A client is removed from the detected device list only after its aging time expires. These problems will be resolved in later versions. 3

Figure 5 Packet analysis procedure for WIPS 5. Attack detection 1. ADoS 3. Signature analysis Flood attack detection; Custom attack 4. Wireless topology MAC spoofing; Weak IV; Ad hoc network; Invalid OUI; AP spoofing. 6. Statistics Frame statistics based on channel; Frame statistics based on device; Prohibited channel Rate monitoring; Rate limit; Frame filtering; DoS attack 2. Protocol analysis Device discovery; Wireless network service discovery; Device classification. Frame analysis; Malformed packet Malformed packets 4

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information