Automatic network selection in Windows (Zero Configuration Client) and MACs is
dangerous ..... Automated & manual termination .... http://www.aircrack-ng.org/.
Security-Paradigmenwechsel durch WLAN: Neues Einflugloch und Spielwiese
16. Oktober 2007 47. DFN-Betriebstagung Berlin Andreas Richter, Systems Engineer D/A/CH
www.airdefense.net www.airdefense.net
WLAN Evolution......
„WLAN“ Historisch
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
Einige Gedanken zum Beginn....
Sind Sie sich wirklich sicher, dass die von Ihnen betriebenen Datennetze nicht der „örtliche“ Rundfunk für sensible Forschungs- und wissenschaftliche Daten sind?
Ah......Sie betreiben keine WLANs aktiv... >>> sind Sie sich da wirklich sicher, das keine WLAN s existieren?
Es gibt immer mindestens einen Interessenten für wertvolle Daten.
Wie sind die Prüfungsdaten und Personaldaten geschützt?
Sind die für wissenschaftliche Arbeiten erhobenen statistischen Daten hinreichend geschützt?.... Denn... deren Erhebung ist aufwendig und teuer!
Ingenieurwissenschaftliche Fakultäten: Wie sind die Daten dort geschützt, die in ein Patent münden sollen?
Bei dem Thema IT & IT Security geht es nicht um die IT selbst, sondern darum, unter Einsatz von IT sichere Betriebsabläufe zu gewährleisten.
Am Ende geht es um deutsche Universitätsstandorte , deren Image und um Geld, bzw. um wirtschaftliche Belange.
Hören Sie nun, wie Sie Ihre IT- Datennetze richtig vor unbefugtem Zugriff schützen können, bevor Ihnen Daten „abhanden“ kommen, oder über Ihre Netze Strafdaten ausgeführt werden. Copyright © 2002-2007 AirDefense Proprietary and Confidential.
Es geht nicht mehr ohne…WLAN
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
Pressenotizen.... Datendiebe an WLAN-Hotspots PC Professionell, 15.März 2007:
Computerbild/Symantec 7/2007: Datendiebstahl im Internet … ein milliardenschwerer Markt
http://www.virenschutz.info/beitrag_Datendiebe+an+WLAN+Hotspots_252.html
http://www.computerbild.de/artikel/cb-Aktuell-Internet-Datendiebstahl-im-Internet-milliardenschwerer-Markt_1678449.html
Unverschlüsseltes WLAN hat Folgen 9/2006 http://www.heise.de/newsticker/meldung/77921
Kölner Stadtanzeiger 8.10. 2007
Gartner: Sicherheitsverantwortliche müssen die "Konsumerisierung" der IT mit einplanen 15.06.2007
CIO.de: Bösartige Angriffe: Deutschland weltweit auf Platz 3 Phishing-Köder immer raffinierter...
http://www.computerwoche.de/knowledge_center/it_security/ 594455/?NLC-Newsletter&nlid=594455%20Nachrichten%20mittags
http://www.cio.de/knowledgecenter/security/835235/index.html
Kölner Stadtanzeiger 5.10. 2007
CIO.de:.... „Die Folge wäre, dass Unternehmen keinen gehärteten Perimeter mehr haben werden.” VDI Nachrichten 14.09. 2007
Quelle: http://www.cio.de/knowledgecenter/security/837927/index.html Copyright © 2002-2007 AirDefense Proprietary and Confidential.
AirDefense is at the Center of It All Security Rogue Protection Intrusion Detection & Active Defenses WEP Cloaking protects legacy protocols Forensic Analysis
Administration WIRELESS Integration with Infrastructure for combined solution LiveRF assists in remote troubleshooting
Security
Administration
Network Usage & Performance
Compliance Compliance
Enterprise Policy Compliance Regulatory Compliance for Retail (PCI), Corporate (Sarbanes-Oxley) and other
WIRELESS
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
6
AirDefense Highlights Market Leadership
#1 Wireless Security Platform Deployed in 30 countries across 5 continents Partnered with IBM, Motorola, CSC, BT, Symantec, Symbol, Trapeze etc.
Technology Innovation
Pioneered Wireless IDS/IPS market 25 Patents pending/granted NIAP Common Criteria (EAL-2) certified
Enterprise Customers
700+ enterprise customers in all areas, including education and goverments Deployed in federal, healthcare, retail, transportation, telecom etc. verticals Securing over 1 million devices worldwide
Industry Recognition
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
7
Wired Network Security Architecture Attackers SECURE ENTERPRISE PERIMETER
Server
INTERNET
INTRANET
Virus & Malware Desktop
Inside Threat Data Theft
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
8
Wireless changes the Security Paradigm 2 Hotspot Phishing Hotspot
1 Rogue AP Connected to Network
Evil Twin
Hacker
3 Leaked Wired Traffic & Insertion
Server Mobile User AP INTERNET INTRANET
Laptop
Desktop
4 Non-Compliant AP
5 Users Bypassing Network Security Controls Muni Wi-Fi Copyright © 2002-2007 AirDefense Proprietary and Confidential.
9
The AirDefense Solution
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
Increasing Sophistication of Attacks Attack Sophistication
Wireless LAN Security Stories
SMBrelay
High
Karma
Wireless hacking bust in Michigan when two men cracked a retail store’s nationwide network; at point crashed the point of sale terminals
airbase ASLEAP
Security lapses caused electronics retailer to ban wireless cash registers A person broke into the computer system of a North Carolina medical consulting firm & illegally accessed information of hundreds of patients, including checks and insurance forms
CoWPAtty Lorcon
A wholesale club was hacked & credit card data stolen & used upto the tune of ~$ 20M
Low 2007
2002
Knowledge Required by Intruder
War drivers broke into a retail giant’s network & over 4 month period, stole credit info of more than 1 million customers
Wireless LAN Security Videos Denver News
ABC News
CNN
Fox News
Minneapolis News
At a California public school district, unprotected WLAN allowed full unauthorized access to sensitive files & enabled hackers to upload their own files into servers
http://www.airdefense.net/education/video/
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
11
Characteristics of Wireless Networks 1
Vs.
AIR
Shared, Uncontrolled Media Invisible & Airborne Threats are hard to control vs. Wired
Network
Self-Deploying & Transient Networks 2
Simplicity of Self Discovery Create Security Challenges Mobile Nature of Wireless LAN Devices and Users Require In-depth Forensics capability to Address Security Breaches
User Indifference 3
4
Invisible Connectivity & True Distributed Nature Gives a Faulty Sense of Security
Easier to Attack Lax WLAN Security is the Lowest Hanging Fruit for Hackers.
Dozens of Tools Readily Available to Exploit these Holes
Wireless Networks Pose Higher Risks than Wired Networks Copyright © 2002-2007 AirDefense Proprietary and Confidential.
12
802.11 Frame Format vs. 802.3 802.11
802.3 frames
Layer 1 is the AIR
Layer 1 is a cable Layer 2 - single data frame
Layer 2 - three different frames me Fr a s
BSSID
AC
WEP
Ke y
MAC
M
Need
Vendor
e rat
• Management frames • Control frames • Data frames
• 3 step handshake
SSID l Channe b
Important: • Encryption (WEP, WPA2 ...) is only valid for the „Data Frame“ • „Management/Control Frames“ are NOTencryptable, which means transparent and always visible, ( even 802.11 w WILL NOT HELP!) Copyright © 2002-2007 AirDefense Proprietary and Confidential.
13
802.11 Working Groups
802.11a:
5.0 GHz, 54 Mbps Physical Standard – Ratified 1999
802.11b:
2.4 GHz, 11 Mbps Physical Standard – Ratified 1999
802.11c:
Wireless Bridge Operation – Ratified 2001
802.11d:
802.11b International Compatibility – Ratified 2001
802.11e:
Quality of Service – Expected Q1 2005
802.11f:
AP Interoperability – Recommended Practice 2003
802.11g:
2.4 GHz, 54 Mbps Physical Standard – Ratified 2003
802.11h:
802.11a International Compatibility – Ratified 2003
802.11i:
Security – Ratified June 2004
802.11j:
802.11a in Japan – Expected Q4 2004
802.11k:
Radio Resource Management – Expected 2005
802.11l:
(Reserved, typologically unsound)
802.11m:
Standards Maintenance – On going
802.11n:
“True 100Mbps Throughput” – Expected 2006~2007
802.11o:
(Reserved, typologically unsound)
802.11p:
WAVE – Wireless Access for the Vehicular Environment (such as ambulances & passenger cars)
802.11q:
(Reserved, typologically unsound, can be confused with 802.1Q VLAN trunking)
802.11r:
Fast roaming (VOIP) – Expected Late 2006
802.11s:
ESS Mesh Networking (Mesh Standard / Interoperability)
802.11t:
Wireless Performance Prediction (WPP) - test methods and metrics
802.11u:
Interworking with non-802 networks (e.g., cellular)
802.11v:
Wireless network management (new)
802.11w:
Protected Management Frames (Security (Again))
802.11x:
(Not Used)
802.11y:
Inclusion of 3.65-3.7 GHz bands for 802.11 networks
802.11z:
Not Used YET ☺ Copyright © 2002-2007 AirDefense Proprietary and Confidential.
Need to know: Is also used by microwave ovens, cordless home telephones, baby monitors, and wireless video cameras, Bluetooth
a 802.11 a/b/g Country Channel 802.11 b/g channels Channel Nummer
802.11 a channels
Middlefrequency (GHz)
Valid in
1
2,412
USA FCC, Europa ETSI, Japan
2
2,417
USA FCC, Europa ETSI, Japan
3
2,422
USA FCC, Europa ETSI, Japan
4
2,427
USA FCC, Europa ETSI, Japan
5
2,432
USA FCC, Europa ETSI, Japan
6
2,437
USA FCC, Europa ETSI, Japan
7
2,442
USA FCC, Europa ETSI, Japan
8
2,447
USA FCC, Europa ETSI, Japan
9
2,452
USA FCC, Europa ETSI, Japan
10
2,457
USA FCC, Europa ETSI, Japan
11
2,462
USA FCC, Europa ETSI, Japan
12
2,467
Europa ETSI, Japan
13
2,472
Europa ETSI, Japan
14
2,484
Japan Copyright © 2002-2007 AirDefense Proprietary and Confidential.
36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140 147 151 155 167
5,18 EU, USA, Japan 5,2 EU, USA, Japan 5,22 EU, USA, Japan 5,24 EU, USA, Japan 5,26 EU, USA 5,28 EU, USA 5,3 EU, USA 5,32 EU, USA 5,5 EU 5,52 EU 5,54 EU 5,56 EU 5,58 EU 5,6 EU 5,62 EU 5,64 EU 5,66 EU 5,68 EU 5,7 EU 5,735 USA 5,755 USA 5,775 USA 5,835 USA
Understanding Probes & Beacons User Station
PROBES: A Station sends a probe request frame when it needs to obtain information from another station. (For example, a station would send a probe request to determine which access points are within range.)
Probes
BEACONS:
Beacons
The Access point (AP) periodically sends a beacon frame to announce its presence and relay information, such as timestamp, SSID, and other parameters regarding the access point Access Point
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
16
Beacons what they Tell ME about you Beacons disclose Encryption Authentication Flaws in Design Older Firmware Showing the Hacker the Weak Points THAT you NEVER SEE See Client Issues See your IPS and Management
Beispiel eines Beacons von einem Cisco AP
Beacons are the RED CARPET of Wireless From:www.fotosearch.de
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
17
Wireless Attack Surface
Signal emitted from a single access point. Copyright © 2002-2007 AirDefense Proprietary and Confidential.
18
Content Filtering
SSL VPN Firewalls Secure Perimeter
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
AirDefense
Anti Virus
Damage
Attack Sophistication
Wired Networks
Wired Security Tools
Layered Approach to Security Wireless Networks
Increased Vulnerability For Upper Layers
Predominant Attacks
19
Why Hack Wireless Networks? Direct access to internal network Get “inside the door” and “on the wire” Attacks bypass traditional security barriers
Complete anonymity No risk of being traced Not being watched
Tools abundant, cheap & easy to use Mobility adds capability & cover Huge attack surface
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
20
Wireless Sniffing Why & What Happens Any clear-text is heard by everyone If you are using WEP, remember everyone has YOUR key Very common at hotspots Hashes are clear-text Most Service, still authenticate over clear-text no tunnels Internal/Corporate servers are at higher risk due to lower security
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
21
Enterprises Drowned in Insecure Wi-Fi Open APs around an office park
Wigle.net over 12 mio GPS tagged WiFi networks
Enterprises already have to deal with lots of unmanaged outbound wireless access Municipal Wi-Fi compounds the problem Copyright © 2002-2007 AirDefense Proprietary and Confidential.
22
Just a little Wigle
Over 12 Million Networks... With GPS… I know all your secrets!
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
Auszug aus Wigle, Blick auf Berlin
Demo of Wigle On Google earth Show „hpsetup, wireless, wlan“
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
Security is Never ABOUT Just Good Enough Security is Never ABOUT JUST GOOD ENOUGH… Would you run your firewall for 6 minutes a day? Would you turn off your IDS? Would you allow All Traffic through your firewall? Would you leave Doors unlocked? Would you leave Keys in the Car?
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
25
What in the Air can Kill You? #1 Corporate Vulnerability
Even if the data is encrypted, the services that are run by the MAC address can be detected
Remember wireless is LAYER 2; it will send out all Layer 2 traffic
VRRP, HSRP, Spanning Tree, OSPF, VTP/VLAN, CDP
VLAN don’t help unless filtered
MOST USE HASHES or PASSWORDS Clear-Text
Broadcast/Multicast key rotation is OFF by Default
Client devices using static WEP cannot use the access point when you enable broadcast key rotation
It’s a two-way street, what goes out can also come in! Just an example, any other LAN switch will act similar. Copyright © 2002-2007 AirDefense Proprietary and Confidential.
26
Do you know what your Leaking Access points Are Bridges Not Routers Not Firewalls Not Filters
Job is to forward all traffic to other side Forwards All Broadcast Netbios Windows
Forwards All Multicast CDP Routing
Information Used Copyright © 2002-2007 AirDefense Proprietary and Confidential.
27
Injection of Traffic
Yersinia is a network tool designed to take advantage of some weaknesses in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.
http://www.yersinia.net
Attacks
Spanning Tree Protocol (STP) Cisco Discovery Protocol (CDP) Dynamic Trunking Protocol (DTP) Dynamic Host Configuration Protocol (DHCP) Hot Standby Router Protocol (HSRP) 802.1q 802.1x Inter-Switch Link Protocol (ISL) VLAN Trunking Protocol (VTP)
Exampes of current Exploits Cisco CatOS VLAN Trunking Protocol Remote Command Execution Vulnerability Cisco IOS Multiple VLAN Trunking Protocol Code Execution and DoS Vulnerabilities Cisco Intrusion Prevention and Detection Systems DoS and Security Cisco Access Point Web-browser Interface Unauthorized Administrative Access and Bypass Issue Copyright © 2002-2007 AirDefense Proprietary and Confidential.
28
Yersinia….continued
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
Access Point Wireless access point (WAP or AP) is a device that connects wireless communication devices together to form a wireless network. Provides the Physical Medium to Clients and other AP’s Creates the Ethernet Cables in the AIR Using Control and Management Frames to Build SHARED MEDIUM Data is sent using data frames Can not Transmit and Receive at the same time Only on 1 Channel
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
Radio Firmware Radio Software
AP Firmware AP Software
802.3 Bridge
30
Part time Scanning = Part time Security •Part-Time Firewall •Part-Time Antivirus •Part-Time Content Filtering •Do you look at just Port 80 •Does Windows never need to be patched Total Time in the Day is 6 Minutes of scanning Copyright © 2002-2007 AirDefense Proprietary and Confidential.
31
What about 802.11w or MFP?
(Management Frame Protection)
IEEE to the rescue…….Again Client has to Understand them! Hmmm…What about Control Frames? CTS/RTS Floods Control Frame are more import than Management Frames for continual communication to the Client
802.1x is not covered in it as well Flawed at the start, protection will not help after
Cisco MFP is NOT 802.11w Its just Signed Beacon’s using MIC (Message Integrity Checking) It’s a Standard and will change MFP = 802.11w NOT!
Really just stop SIMPLE DOS attacks and Phishing Attacks Allows vendors to force standardize clients Copyright © 2002-2007 AirDefense Proprietary and Confidential.
32
Soft AP: Make any Laptop an AP Linux allows for any wireless device to become an AP
No special firmware required for the wireless LAN card Supports normal laptop in Infrastructure and Ad hoc Soft APs come and go http://www.quetec.net Windows Drivers (Some cards still have it) http://www.pctel.com
Bootable Floppy disk AP’s The ZyXEL AG-225H is the ultimate tool for the road warrior. It combines an 802.11a/b/g/Draft11n hotspot detector with an 802.11a/b/g USB 2.0 adapter all in a sleek device small enough to fit into any pocket. On the road, an instant Hot Spot can be created using the Software Access Point feature that is included in each and every AG-225H.
http://www.cqure.net/ , http://www.coyotelinux.com/
Monitor for Soft APs
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
33
Clients All Shapes and Sizes Hotspots Wi-Fi Phones Free Access via OUI
Many ways to attack clients Scan Exploit Repeat
But why do you have to? Have the client come to you! YOU KNOW WHAT THEY WANT!!!!!!! Probe Request
Soft AP to the Probe Request
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
34
Attacking Wireless Clients Packets of Death Plenty of them from handheld devices to laptops Most are BAD packets Usually Management or Control Frames Some are Data WEP Cracking is adding to the packets Fuzzing
Most are using cut through data rates (5.5 for Beacon Frames) Most are simple buffer overflows Lots of things that go BOOM Client Software Authentication Supplicates
http://www.802.11mercenary.net/lorcon/ Copyright © 2002-2007 AirDefense Proprietary and Confidential.
35
Client MAC Address Spoofing 1. Find MAC address 2. Change MAC (SMAC, regedit)
MAC: 00 02 2D 50 D1 4E (Cisco 350)
User Station
3. Re-initialize card 4. Associate
AP
1
2 NEW MAC: 00 02 2D 50 D1 4E ORIGINAL MAC: 00 12 2D 50 43 1E (Orinoco Gold)
3
4
Hacker
www.klcconsulting.net/smac SMAC is a MAC Address Modifying Utility (spoofer) for Windows 2000/XP and Server 2003 systems, regardless of whether the manufactures allow this option or not.
MAC filtering is not enough Copyright © 2002-2007 AirDefense Proprietary and Confidential.
36
Windows Wireless Zero Configuration 1.
Wireless Auto Configuration attempts to connect to the preferred networks that appear in the list of available networks in the preferred networks preference order
2.
If there are no successful connections, Wireless Auto Configuration attempts to connect to the preferred networks that are hidden wireless network. (No Beacon SSID)
3.
If there are no successful connections and there is an ad hoc network in the list of preferred networks that is available, Wireless Auto Configuration tries to connect to it
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
37
Wireless Phishing
Tools such as Karma can respond to ANY client probe request
Variety of services (POP, FTP and HTTP) to lure unsuspecting users
No authentication of “pervasive wireless cloud”
Automatic network selection in Windows (Zero Configuration Client) and MACs is dangerous
Enterprises need to manage centralized policies
Karma (http://theta44.org/karma/index.html)
AirSnarf (http://airsnarf.shmoo.com/) Copyright © 2002-2007 AirDefense Proprietary and Confidential.
38
One-way Injection Airpwn Monitors wireless traffic & responds with content as configured Response from airpwn is faster than real network With airpwn, you are the network!
Request
Request
Answer in x ms
Answer
Answer in less than x ms
http://sourceforge.net/projects/airpwn/ Copyright © 2002-2007 AirDefense Proprietary and Confidential.
39
Man-in-the-Middle Attack: WLAN Jack & Air-Jack Tools Allows attacker to: Intercept ALL communications between the client & AP Pretend to be the client without disrupting the client’s session at Layer 2
Possible due to: Management frame’s lack of authentication/ Lack of AP authentication
Step 1: Disassociation of Target station from AP by spoofing the MAC of the AP and sending Disassociate & Deauth Frames Step 2: Attacker re-associates target to Malicious station and connects to AP
AP
Server
Target
Dual-Card Attacker Copyright © 2002-2007 AirDefense Proprietary and Confidential.
40
Data Seepage Your notebook is not location-aware Office or Home or Hotspot
Interfaces are Active by order Last Interface is usually Wifi
Wants to always connect to something Just someone to offer you a connection
Office
All data is same Company Name
What am I connected to?
Servers Home
Email Clients Applications And More…..
Hotspot Copyright © 2002-2007 AirDefense Proprietary and Confidential.
41
Your Interfaces and YOU! Last Interface Active becomes primary Interface Requires an Default Route to be set or Given (DHCP)
Your Wireless is not ACTIVE until it connects Did you see the bubble? Now ALL traffic will go out that Interface
I control your Interface I control the client Oh, Your Firewall will not protect you, since YOU asked for this connection
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
42
Printers HP Printers Jet Direct Cards come Wirelessly Enabled Bluetooth and 802.11 Support for WPA, WEP, 802.1x/EAP hpsetup Ad-Hoc By factory default, the default address 192.0.0.192 will be automatically assigned
What can I do Load Firmware Change the LCD
http://www.phenoelit.de/hp/download.html
See what's been printed /saveDevice/DigitalSend/jobs /fax
Sniff Print Jobs Dest Port 9100
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
43
Exploiting is too Easy!
Vx.netlux.org MVBSWE Worm Editors Virus Editors Script Editors Do you Trust your Hotspot Web Page? Corporate Guest Access? Copyright © 2002-2007 AirDefense Proprietary and Confidential.
44
Zero Day Alerts http://www.frsirt.com/ http://www.cert.org http://nvd.nist.gov
FrSIRT delivers vulnerability and threat alerts, 24/7, 365 days a year, to inform organizations of new potential threats. Our services are designed to deliver notification of vulnerabilities and exploits as they are identified, providing timely, actionable information and guidance to help mitigate risks before they are exploited. Copyright © 2002-2007 AirDefense Proprietary and Confidential.
45
FYI: Cisco Flaw on WCS Switch Will turn Switch to default PWD
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
ZERO Day New Attacks
Zero-Day attacks against know services
Zero-Day attacks against IE, Firefox Remote Exploits I am on your system as YOU!
New Trojans and Virus ready for Injection
Favorite exploits
NEW
WMF
Media Player
Java Exploits
www.milw0rm.com Copyright © 2002-2007 AirDefense Proprietary and Confidential.
47
Fuzzing Attacks from Milw0rm.com Real Code…… Real Attacks Broadcomm http://www.milw0rm.com/exploits/2770
Atheros Apple http://www.milw0rm.com/exploits/2700
Intel
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
48
Sniffing Enterprise Secrets
Hackers can sniff passwords and credentials FTP, HTTP, POP3 and IMAP passwords Hashes can be cracked – NTLM, MDx, SHA-x, OSPF, CDP, et al Certificates and Keys Stolen
Pervasive wireless makes this easy Copyright © 2002-2007 AirDefense Proprietary and Confidential.
49
Hacking Password Hashes
Get virtually any password Offline & passive LEAP, PPTP, MS-CHAPv2, MD-5 Search hash list to find password Large password list to generate hashes Requires 3-5 GB of space
Rainbow tables are indexed hash lists
Required 2-3 TB of space Known tables exist for up to14 characters http://rainbowtables.shmoo.com/ http://www.antsight.com/zsl/rainbowcrack/ http://www.rainbowcrack-online.com/
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
50
http://www.antsight.com/zsl/rainbowcrack/
99,909%
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
Listening in on VoIP Conversations using Cain Cain & Able Decode SIP conversations Recorded as WAV files Caller ID intercepting
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
52
Snarfing Hot Spots Security question: Connecting to a untrusted network and launching the most vulnerable program you have just screams “ E X P L O I T M E “!!!! Fake web pages Steals your Hotspot Password
Evil web pages Infect your PC with Malware
My Web pages
Steal your NT Password 1x1 pixel Cross Site Scripting Installs Trojans Installs Spyware Opens back doors Changes Registry Adds User Account Shares Files and such
Oops you just opened a web page, that’s all!!!!! Copyright © 2002-2007 AirDefense Proprietary and Confidential.
53
Wireless Threat Status
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
54
Firewall Myths
“Firewall only” approach to network security
Firewalls: Cannot stop rogue wireless devices Do not eliminate the need for wireless scanning for rogues Do not protect against wireless attacks Once a hacker is on the network they can punch through open ports Access Control Lists are weaker than Firewalls Best bet is to keep hackers off the network Copyright © 2002-2007 AirDefense Proprietary and Confidential.
55
VPN Myths Allows the hacker to get onto open Wi-Fi network and exploit network or clients for weaknesses
VPN WIPS
Client cannot run on many embedded devices (e.g., wireless scanners, VoWi-Fi handsets, etc.) Subnet roaming is problematic VPN Less performance and more overhead Break weak encryption & authentication Re-authentication on weak ciphers Dictionary attacks on weak ciphers
Protocol & server flaws exposed IKE Aggressive mode Pre-shared keys Exploiting bugs in VPN server
Wireless Security
A Layer 3 solution to a Layer 2 problem
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
56
VLANs Virtual Local Area Networks A logical grouping of devices or users Users can be grouped by function, department, application, regardless of physical segment location VLAN configuration is done at the switch (Layer 2) WIRELESS is not the SAME (Spoofing is EASY) VLAN Membership Static VLAN Assignment Port based membership: Membership is determined by the port on the switch on not by the host.
Dynamic VLAN Assignment Membership is determined by the host’s MAC address. Administrator has to create a database with MAC addresses and VLAN mappings
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
57
Guestnetworking Issues on VLANs Guestaccess to Internet via WLAN IP-Adress for WLAN- Client via DHCP Server which is in the area of the Corporate Network, including DNS Servercredentials Sometimes a split but that does not help either…. As the DNS Server, still is in the Corporate LAN… Issues: DHCP DoS Access Point DNS DoS VLAN Hopping u.a. = 1q VLAN used for Guest “tunnelt” = DHCP Address supplied containing DNS Server Information = DNS request from Client Copyright © 2002-2007 AirDefense Proprietary and Confidential.
Internet DNS Server
DHCP Server
WLAN SSID
Guest
VLAN Hopping Basic VLAN Hopping Attack Attacker fools switch into thinking that he is a switch that needs trunking Double Encapsulated VLAN Hopping Attack SSID’s
Switches perform only one level of IEEE 802.1q decapsulation
Corp Guest OLD VOIP
This allows the attacker to specify Corp a .1q tag inside the frame, allowing the frame to go to a Client VLAN that the outer tag did specify
VOIP OLD
?
Guest
WPA-2
Guest
WEP Only
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
59
Rogue Threat
Always bigger than you believe Why are they so HARD? Access Points Not Solving a Problem Stations – Laptops Requires Collaboration Human Resources Other Devices Upper Management
Phones PDA’s
Have to look to find them No other way
Found it, Now What Evil Rogues Other Channels Quiet – no broadcast On & Off
No Easy Fix
Wireless Everywhere
Need to know things Is it on my network? Did it send data? Who connected? How long were they connected?
Oops I was not watching!
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
60
Eliminate Rogues Connected To The Network 1
Detect Rogue Devices
2
Assess Threat Level
APs, laptops & specialty devices
Prioritize based on threat level
Ad-hoc networks & accidental associations Search wired networks for rogues
Identify rogues connected to the network Ignore neighboring networks
4
3
Eliminate Rogue Threat
Automated & manual termination Wireless or wired termination Stop devices even when they roam Locate rogue devices in real-time
Analyze Connections
In-depth analysis of rogue activity Who was connected to the rogue How much data transmitted
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
61
Rogue Alarms
Rogue AP on Switch
Rogue AP on Wired Network
Rogue Station
Rogue Station on Switch
Suspected Wireless Device on Wired Network
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
62
Active Over the AIR!!!!!!! Active Rogue Detection is another name is “WE DON’T Know” Unauthoized Access Point Cisco Rouge Detection CLUELESS WIPS Vendors
Will send Internal IP address over the Air in clear text using UDP AP is being an AP, it can be used as a Leap point in to the nextwork 2 Way Street DHCP Address Easy Attack Point (Connect to the bad guy) Automated connects to everything ONLY WORKS for Un-Encrypted Networks More Dangerous to use than
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
63
Cisco Rogue Detection & Forensics
Gathers 12 statistics per device
Must search through the complete list of devices to locate the specific switch and then log into the switch directly to even get the 12 stats
No forensic capability to analyze what when/what/how
This screen shows what a Rogue running a Karma attack looks like
SN I IS H T
M T O
IS T I R; O IN
A D A
N
U O R GE
S
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
!! ! ! K C TA T A
64
DOS of the RF Medium Physical Layer Attacks or Jamming There is nothing you can do about RF jamming short of triangulating the jamming device and tracking its owner. http://www.globalgadgetuk.com/wireless.htm
Frame Deletion Attack Corrupt the bypassing frame's CRC-32 so that the receiving host will drop it. The attacker sends a spoofed ACK frame to the sender telling it that the frame was successfully received.
DoS Attacks Based on Specific Wireless Network Settings There are somewhat obscure attack possibilities based on exploiting specific Layer 2 settings of 802.11 LANs, such as the power-saving mode, virtual carrier sense, and (RTS/CTS)-enabled networks. Copyright © 2002-2007 AirDefense Proprietary and Confidential.
65
Misconfigurations are Common Here is why Confusing WEP, WPA, WPA-2 Backwards Compatibility VLAN’s 802.1x Make it Work Client issues too Makes PKI look ”Through 2006, 70% of successful WLAN attacks will occur Simple
because of misconfigured access points or client software.” Gartner Group Copyright © 2002-2007 AirDefense Proprietary and Confidential.
66
It’s Encrypted Is it really encrypted?? In some APs, “Both” is typical security No to show that data is encrypted
The #1 AP Vendor Enable WEP, MIC, and TKIP Set the WEP level and enable TKIP and MIC “ If you enter optional, client devices can associate to the access point with or without WEP enabled. You can enable TKIP with WEP set to optional but you cannot enable MIC. If you enter mandatory, client devices must have WEP enabled to associate to the access point. You can enable both TKIP and MIC with WEP set to mandatory.” www.cisco.com Copyright © 2002-2007 AirDefense Proprietary and Confidential.
67
WEP Summary of Attacks 23 Known Attacks against WEP WEP Attacks
Lack of IV replay protection Short IV sequence space RC4 vulnerabilities due to WEP’s implementation Linear properties of CRC32 (allows bit flipping) Lack of keyed Message Integrity Checking MIC Use of shared keys
Shows that Implementation is VERY IMPORTANT
Breaking Wep 2001 Un-crackable 2003 Years 2004 Days 2005 Hours 2006 Minute 2007 Seconds
Ultimate Hacking tool for Wep http://www.aircrack-ng.org/
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
68
What is AirDefense WEP Cloaking? WEP was the old 802.11 encryption standard WEP is broken 128-bit WEP takes a couple of minutes to crack
There are lots of legacy WEP devices deployed Wireless scanners/barcode readers, VoWLAN phones, embedded Wi-Fi clients, etc. Many are not firmware upgradeable
New regulations require upgrades E.g. PCI requires retailers to move to WPA(2) starting in 2007
AirDefense has technology that makes WEP uncrackable, integrated into its wireless IPS Tremendous savings over forklift upgrades to all WEP infrastructure Enhances shelf-life of newer wireless security standards (WPA, etc.) Plus all the benefits of the world’s best wireless IPS solution
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
69
Legacy Encryption Protection AirDefense WEP CloakingTM
WEP cracking tools fail when AirDefense WEP Cloaking is enabled
PCI Standard Section 4.1.1
“Never rely exclusively on wired equivalent privacy (WEP) to protect confidentiality and access to a wireless LAN.”
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
70
WPA /WPA 2 als Lösung? NEIN, nur bedingt! WPA ist eher leichter zu hacken als WEP WPA 2 hat viele EAP Issues Es funktioniert immer noch WLAN Pishing, (SSIDs der Hotspots) sobald ein solches Gerät am Hotspot ist!
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
WPA-PSK The PSK version of WPA suffers from an offline dictionary attack because of the BROADCASTING of information required to create and verify a session key. In WPA, the PMK (master key) is produced by running a special function on a preshared pass phrase and an SSID. Both the host and the AP use this PMK, along with MAC addresses and nonces, in order to create the PTK (session key) Client
PMK
Access Point
PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256)
Snonce
PMK Anonce
EAPOL-Key (Anonce) PTK
EAPOL-Key (Snonce, MIC RSN IE) PTK = PRF-512(PMK, “Pairwise key expansion”, Min(AP_Mac, Client_Mac) || Max(AP_Mac, Client_Mac) || Min(ANonce, SNonce) || Max(ANonce, SNonce))
PTK
EAPOL-Key (Anonce, MIC RSN IE) Install Keys
EAPOL-Key (Snonce, MIC)
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
Install Keys 72
WPA Tools (Easier than WEP) http://sourceforge.net/projects/ptcrack/ A hybrid dictionary/brute passphrase search tool for PMK discovery on 802.11 networks using WPA with preshared keys (PSKs)
http://www.churchofwifi.org coWPAtty 3.0 is designed to audit the security of pre-shared keys selected in WiFi Protected Access (WPA) networks (http://www.churchofwifi.org) Rainbow-Like Tables http://umbra.shmoo.com:6969/torrents/wpa_psk-h1kari_renderman.torrent http://umbra.shmoo.com:6969/torrents/wpa_psk-h1kari_renderman.torrent The resulting list is ~1,000,000 words for a total of approximately 40GB of hash tables for the top 1000 SSID's
AirCrack-NG
2006 80 keys per second
Built in WPA cracker since version 2.3 http://www.aircrack-ng.org/
http://www.tinypeap.com/page8.html
2007 130 keys per second 2007 30,000 keys per second
WPA Cracker is a brute force Password cracker, all information entered manually.
Rogue Squadron WRT firmware http://airsnarf.shmoo.com/rogue_squadron/index.html
If you use 21 Character Pass-Phase you are safe? How many clients and AP’s let you enter in 31 Characters? What Happens when you Reach and overlap with SSID?
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
73
WPA2 – 802.1x Vulnerabilities 802.1x + 802.11 vulnerable
802.1x Session Hijacking
Session Hijacking Man In The Middle
Asymmetric treatment of supplicants and APs PSK still used for Key Management Flawed assumption: AP trusted EAP-TLS does provide mutual authentication. Still susceptible to MITM Lack of 802.11 management frame integrity Lack of state machine synchronization between AP and supplicant
PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256)
EAP standard variants within WPA and 802.1x have known vulnerabilities. Vendor interoperability is still limited.
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
74
802.1X Attacks (They Live) 802.1X RADIUS Cracking
Recovering RADIUS secret by brute force from 802.1X access request, for use by evil twin AP
802.11 Frame Injection
Crafting and sending forged 802.11 frames.
802.11 Data Replay
Capturing 802.11 data frames for later (modified) replay.
802.11 Data Deletion
Jamming an intended receiver to prevent delivery while simultaneously spoofing ACKs for deleted data frames.
802.1X EAP Replay
Capturing 802.1X Extensible Authentication Protocols (e.g., EAP Identity, Success, Failure) for later replay
802.1X RADIUS Replay
Capturing RADIUS Access-Accept or Reject messages for later replay.
802.1X Identity Theft
Capturing user identities from cleartext 802.1X Identity Response packets.
802.1X Password Guessing
Using a captured identity, repeatedly attempting 802.1X authentication to guess the user's password.
802.1X LEAP Cracking
Recovering user credentials from captured 802.1X Lightweight EAP (LEAP) packets using a dictionary attack tool to crack the NT password hash.
802.1X EAP Downgrade
Forcing an 802.1X server to offer a weaker type of authentication using forged EAP-Response/Nak packets.
802.11 TKIP MIC Exploit
Generating invalid TKIP data to exceed the target AP's MIC error threshold, suspending WLAN service
802.11 Deauthenticate Flood
Flooding station(s) with forged Deauthenticates or Disassociates to disconnecting users from an AP.
802.1X EAP-Start Flood
Flooding an AP with EAP-Start messages to consume resources or crash the target
802.1X EAP-Failure
Observing a valid 802.1X EAP exchange, and then sending the station a forged EAP-Failure message
802.1X EAP-of-Death
Sending a malformed 802.1X EAP Identity response known to cause some APs to crash.
802.1X EAP Length Attacks
Sending EAP type-specific messages with bad length fields to try to crash an AP or RADIUS server.
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
75
WPA Issues Using WPA-PSK (Personal) Pre-Shared Keys “AGAIN”! That bad, right? Passwords “AGAIN”! AGGGGGGGGGH!!!!!!! That bad too!
Look at the Arrows IMPLEMENTATION IS IMPORTANT Remember WEP
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
76
And Other Supplicates
SO ANY CERTIFICATE WILL DO
All the Hard work and a check-box ruins it Hard to beat, unless you OWN THE DNS Server
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
77
Next Generation Wireless Attacks 802.1x State Machine Client initiated disconnection Assumes everyone plays nice
Fuzzing Attacks will Expand Intel driver issues 802.1x supplicant issues AP issues Exploit More EAP-Types
Windows Vista Wireless stack rewritten Good news Support for many EAP types Providing for XP too
Bad news Hacking tools ported to Windows Built in Network Address Spoofing Point and click “hacking”
TLS is not secure in Windows Copyright © 2002-2007 AirDefense Proprietary and Confidential.
78
The AirDefense Product Family The AirDefense Enterprise Solution
Tools for Administrators
Analyze AirDefense Server
Protect Enterprise Perimeter
AirDefense Sensor
Protect Mobile User
HEADQUARTERS
Plan & Validate
AirDefense Personal Agent
REMOTE OFFICES
Real-time snapshot of local wireless activity
MOBILE USERS
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
Accurate RF simulation tool for coverage analysis In-field measurements of wireless deployments
79
The AirDefense Solution
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
Appliance Hardware
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
Sensor Models Quick Reference
Model 510
Model 520
Radios
dual radio: a & b/g
dual radio: a & b/g
Radio Receive Sensitivity
-92dBm @ 1Mbps (802.11b)
-93dBm @ 1Mbps (802.11b)
-87dBm @ 6Mbps (802.11g)
-88dBm @ 6Mbps (802.11g)
-87dBm @ 6Mbps (802.11a)
-88dBm @ 6Mbps (802.11a)
Antenna
Internal antennas, omni-directional
Removable, external antennas, omnidirectional
Antenna Gain
+2dBi (2.4GHz)
+2dBi (2.4GHz)
+3dBi (5GHz)
+5dBi (5GHz)
Removable antenna capable
Yes, external SMA connectors
Yes, external RP-SMA connectors
Mounting
Bracket included
Bracket included
Mounting options
Ceiling, Ceiling Tile, Wall Mount
Ceiling, Wall Mount
DC Adapter Input
N/A
110-240VAC 50-60Hz Universal Power input
Power-over-Ethernet
802.3af compliant
802.3af compliant
Plenum (UL 2043)
FCC, UL/CSA, CE, Plenum (UL2043), ROHS
FCC, UL/CSA, CE, Plenum (UL2043), ROHS
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
Comprehensive Intrusion Detection 200+ Threats Detected
Reconnaissance & Probing Various DoS Attacks Identity Theft, Malicious Association Dictionary Attacks Security Policy Violations Clear-text Leakage
Minimal False Positives Correlation across multiple detection engines reduces false positives Most accurate attack detection
Day Zero Attacks Anomalous behavior engines ensure protection against all Day Zero / unknown attacks
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
83
Automated Protection Wireless Termination AirDefense Server
Terminates target device only – minimal disruption to rest of network Automated or on-command disconnect
AirDefense Sensor Neighboring AP
Authorization required, audit trail maintained
X
Compliant with applicable laws & FCC regulations
Switch Laptop
Wired-side Port Shutdown PORT ALERT! SUPPRESSED!
TERMINATED! ALERT!
Rogue AP on Network
Accidental Association
PCI Standard Section 11.4
Port look-up and suppression On-command shutdown
Use network intrusion detection systems, host-based intrusion detection systems, and/or intrusion prevention systems to monitor all network traffic and alert personnel to suspected compromises. Keep all intrusion detection and prevention engines up to date. Copyright © 2002-2007 AirDefense Proprietary and Confidential.
84
Policy Compliance Define Policy
Define
Monitor COMPLY
Enforce Define Monitor Enforce
PCI Compliance Report
Run compliance reports for:
PCI Report Financial (GLBA)
Federal Govt. (DoD 8100.2)
Corporate (Sarbanes Oxley)
PCI Standard Section 11.1
Use a wireless analyzer at least quarterly to identify all wireless devices in use.
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
85
Troubleshoot Wireless Network Performance Remote Troubleshooting
Network Usage & Performance
View remote devices & channels with LiveView Identify connectivity & throughput issues
Determine over-utilized APs & channels Pinpoint network congestion
Decode 802.11 frames in real-time Perform remote frame captures
Find bandwidth hogs Analyze utilization & congestion trends
Availability
Live View of Devices
Notify administrators of AP failures Create inventory list of all devices Report devices missing from the network Maintain wireless service level agreements
Report WLAN Usage
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
86
Live Wireless Troubleshooting AirDefense LiveRF – Proactive troubleshooting & performance monitoring Assess Capacity Based on Application
Identify Interference Sources
Find Coverage Holes View Impact to Throughput
Resolve interference, capacity, & coverage problems remotely! Copyright © 2002-2007 AirDefense Proprietary and Confidential.
87
Performance Monitoring
Identify wireless performance problems quickly Flag location, group, and device impacted
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
88
AirDefense LiveRF
Identify Location of noise source
LiveRF Noise View
View real time performance and coverage issues Identify source and location of interference sources
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
89
AirDefense Mobile Detect Analyze Locate
Real Time Device Discovery & Connection Analysis Advanced Rogue Management with Threat Indicators Real-time Threat Detection & Alarm Expert Help Advanced Location Tracking Live View for Traffic Analysis Wireless Network Usage Statistics & Health Analysis Capture file playback for off-site analysis and reporting Advanced Diagnostics tools for Troubleshooting
Cost-Optimized, Mobile Security Tool
Device Tree Frames & Bytes Transferred
Integrated with AirDefense Enterprise Event Messages
Import Authorized Device List from Enterprise to Mobile Synchronization of authorized & rogue wireless devices for specified locations Rogue Device Information can be imported for problem resolution & device tracking
Live View
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
90
DOWNLOAD Links zu Air Defense Mobile
http://www.airdefense.net/products/admobile/AirDefense_Mobile.zip
Bitte senden Sie mir eine email (
[email protected]) nach erfolgtem Download, ich sende Ihnen alsbald einen Eval Lizenzkey. Dokumentation zu Air Defense Mobile finden Sie unter:
http://www.airdefense.net/products/admobile/AD_Mobile_Documentation.zip
AirDefense Mobile supports the following: A laptop running Microsoft® Windows® XP SP1/SP2 or Windows 2000 SP4 with 256MB RAM and PIII 800Mhz Processor or higher (512MB RAM Recommended). One of the following wireless 802.11 a/b/g wireless cards * Cisco® 802.11 a/b/g Cardbus Wireless LAN Client Adapter CB21AGA-K9 * Netgear® WAG511 V1 or V2 * Linksys® WPC55AG (V1.0, V1.1, V1.2 or V1.3 Firmware) * Ubiquiti Networks SuperRange Cardbus Adapter ************************************************************************ Eine preisgünstige Empfehlung: Netgear WAG 111 – Preis 54,90 Euro, z.B.: erhältlich bei Snogard: http://www.snogard.de/index.php?kategorieId=114&artikelId=WIRELESNET-13 , als auch bei anderen Anbietern. Copyright © 2002-2007 AirDefense Proprietary and Confidential.
AirDefense Personal Mobile Workforce Protection AirDefense Personal is a small software agent that runs on Windows laptops, monitors for wireless exposures, and notifies the user and AirDefense Personal Central Manager Continuous protection & policy enforcement for mobile users on the road or at their office for all wireless networks including Wi-Fi, EV-DO, 3G, GPRS etc. Ensure that wireless protocols prohibited by your policy are not used Complements personal firewalls & host-based IDS systems that don’t protect against wireless attacks
CENTRALLY-DEFINED POLICIES
Policy Enforcement
Central Reporting & Notification
INTERNET
AirDefense Enterprise Appliance AirDefense Personal Agents
ALERTS
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
92
AirDefense Personal Alarm and Alert for Danger
Monitor the End User
Can Perform Automated responses, from turning off the adapater or preventing connection Copyright © 2002-2007 AirDefense Proprietary and Confidential.
93
AirDefense Architect Rapid WLAN Design & Management Complete 3D RF design & simulation of WLANs based on building specific environments Industry leading accuracy to optimize AP & sensor coverage Compare site-survey measurements to expected network performance, enabling real-time design modifications Avoid costly retrofits, minimize deployment costs & increase ROI Step 4
Step 1
Import Floor plans
Step 2
Matl. Characteristics
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
Simulation & Optimization
Step 3
3D Building 94
Zusammenfassung • Wireless ist ein “Business enabler” und als Bestandteil heutiger Datennetze nicht mehr wegzudenken • Nichtüberwachte Wireless Systeme stellen eine große Gefahr für das gesamte Netzwerk dar! • AirDefense bietet marketführende Lösungen an, die eine umfassendes Securitymanagement und somit die Kontrolle von WLANs gestatten, verbunden mit der schnellen Möglichkeit der Fehlereingrenzung (Trouble Shooting) • Die Gesamtlösung ist ein zentral gemanagtes System mit umfassender • Es ist ein vollkommen passives System, somit keine Preisgabe von securityrelevanten Parametern • Investmentprotection für WEP & WPA Geräte • Ergänzung um AirDefense Personal für mobile Endgeräte
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
95
Einige Gedanken zum Abschuss.... Sind Sie sich wirklich sicher, Ihnen betriebene WLAN nicht der „örtliche“ Rundfunk für sensible Forschungsund Wissenschaftliche Daten ist? Es gibt immer mindestens einen Interessenten für interessante Daten. Schützen Sie Ihre IT- Datennetze richtig, bevor Ihnen Am Ende geht es doch um Universitätsstandorte deren Ruf und um Geld! Wir helfen Ihnen gerne und bieten die für Ihre Umgebung passende Lösung! Copyright © 2002-2007 AirDefense Proprietary and Confidential.
Kontakt:
[email protected] Mobil: +49 162 647 0053
Copyright © 2002-2007 AirDefense Proprietary and Confidential.
97