Network Access Control and VoIP. Ben Hostetler Senior Information Security Advisor

Similar documents
PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Detecting MAC Spoofing Using ForeScout CounterACT

Cisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ]

Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group

Frequently Asked Questions WPA2 Vulnerability (KRACK)

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Attacking Networks. Joshua Wright LightReading LIVE! October 1, 2003

Introduction to 802.1X Operations for Cisco Security Professionals (802.1X)

PROTECTING THE ENTERPRISE FROM BLUEBORNE

Submitted on behalf of the DOE National SCADA Test Bed. Jeff Dagle, PE Pacific Northwest National Laboratory (509)

Cisco Securing Cisco Wireless Enterprise Networks (WISECURE) Download Full Version :

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Vendor: Cisco. Exam Code: Exam Name: Implementing Cisco Secure Access Solutions. Version: Demo

Identity Based Network Access

CyberArk Privileged Threat Analytics

Wireless Integration Overview

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

Wireless Network Security

August knac! 10 (or more) ways to bypass a NAC solution. Ofir Arkin, CTO

Comptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam

Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller

Security Considerations for IPv6 Networks. Yannis Nikolopoulos

ISE Version 1.3 Self Registered Guest Portal Configuration Example

CSA for Mobile Client Security

Cybersecurity Auditing in an Unsecure World

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Wireless LAN Security (RM12/2002)

Cisco TrustSec How-To Guide: Central Web Authentication

Exam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo

n Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 9 Performing Vulnerability Assessments

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

NETWORK THREATS DEMAN

Cyber Security Threats to Telecom Networks. Rosalia D Alessandro Hardik Mehta Loay Abdelrazek

Tiger Scheme QST/CTM Standard

Cisco Exam Questions & Answers

Secure Development Lifecycle

Wireless Attacks and Countermeasures

MS Switch Access Policies (802.1X) Host Modes

Example: Configuring IP Source Guard with Other EX Series Switch Features to Mitigate Address-Spoofing Attacks on Untrusted Access Interfaces

Mobile Security Fall 2013

Cisco TrustSec How-To Guide: Monitor Mode

Simplifying your 802.1X deployment

CHCSS. Certified Hands-on Cyber Security Specialist (510)

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Cisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1

IT Exam Training online / Bootcamp

Configuring MAC Authentication Bypass

Numerics. Index 1. SSH See SSH. connection inactivity time 2-3 console, for configuring authorized IP managers 11-5 DES 6-3, 7-3

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Cisco TrustSec How-To Guide: Phased Deployment Overview

Information Technology Enhancing Productivity and Securing Against Cyber Attacks

White Paper. Comply to Connect with the ForeScout Platform

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Exam Questions Demo Cisco. Exam Questions

CIH

External Supplier Control Obligations. Cyber Security

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

5. Execute the attack and obtain unauthorized access to the system.

PrecisionAccess Trusted Access Control

T22 - Industrial Control System Security

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

N exam.420q. Number: N Passing Score: 800 Time Limit: 120 min N CompTIA Network+ Certification

Configuring Port-Based and Client-Based Access Control (802.1X)

Switch and Wireless LAN Controller Configuration Required to Support Cisco ISE Functions

A. The portal will function as an identity provider and issue an authentication assertion

HIPAA Regulatory Compliance

Agile Controller-Campus V100R002C10. Permission Control Technical White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

Best Practices in Securing a Multicloud World

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

FortiNAC. HiPath. Enterasys. Siemens. Extreme. Wireless Integration. Version: 8.x. Date: 8/28/2018. Rev: B

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

Wireless IDS Challenges and Vulnerabilities. Joshua Wright Senior Security Researcher Aruba Networks

6 Vulnerabilities of the Retail Payment Ecosystem

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Technical Reference [Draft] DRAFT CIP Cyber Security - Supply Chain Management November 2, 2016

Compare Security Analytics Solutions

A Security Admin's Survival Guide to the GDPR.

ForeScout ControlFabric TM Architecture

ForeScout Extended Module for Splunk

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

Secure Wireless LAN Design and Deployment

DumpsFree. DumpsFree provide high-quality Dumps VCE & dumps demo free download

C A S E S T U D Y D E C E M B E R P R E P A R E D B Y : Iftah Bratspiess

VLAN Hopping, ARP Poisoning, and Man-In-TheMiddle Attacks in Virtualized Environments

Lab #3 Defining an Information Systems Security Policy Framework for an IT Infrastructure

CISCO EXAM QUESTIONS & ANSWERS

Certified Secure Web Application Engineer

Chapter 2 VLANs. CHAPTER 2 VLANs

C1: Define Security Requirements

Secure Access & SWIFT Customer Security Controls Framework

HSL SECURITY SOLUTION FOR. VoIP PHONES PROTECTION

Pulse Policy Secure X Network Access Control (NAC) White Paper

ISE with Static Redirect for Isolated Guest Networks Configuration Example

Implementing Cisco Network Security (IINS) 3.0

Selected Network Security Technologies

Transcription:

Network Access Control and VoIP Ben Hostetler Senior Information Security Advisor

Objectives/Discussion Points Network Access Control Terms & Definitions Certificate Based 802.1X MAC Authentication Bypass (MAB) Attack Vectors Spoofing Certificate Capture Traffic Injection VoIP Consideration Network Traffic ACL s Configuration Data Restrictions Securing Our Network Layered Defense Conclusion Security Program 2

Network Access Control Terms & Definitions Supplicant Device that is requesting access to network resources. Device must possess the information necessary to successfully identify itself as an authorized device. Radius/Authentication Server Server that is used to authenticate the supplicant to the network. Certificates, passwords, and MAC addresses are some of the items that can be used to authenticate a host. Certificate Authority Server (CA) Network server used to generate signed certificates used by supplicants to authenticate securely to the network and to negotiate the secure transmission of data. 802.1X IEEE standard that defines how traffic, authentication, and connection data is communicated between the supplicant and the authenticating hosts. EAP is one of the common protocols used to support 802.1X configurations. Identity Services Engine (ISE) Cisco product that is used to profile supplicants based on the hosts configuration data (e.g. Operating System). Commonly used as a Authentication or RADIUS Server in 802.1X configurations that are leveraging CISCO products. Security Program 3

Network Access Control Certificate Based 802.1X Security Program 4

Network Access Control Certificate Based 802.1X Positives Provides point of entry security for exposed network ports. Allows for integration and alerting using the organizations IDS or SIEM solutions. Prevents internal employees from connecting rogue devices without notification Negatives Requires planning and constant evaluation to implement successfully Higher costs as compared to other methods of NAC Failure to implement across the entire organization can create gaps in control effectiveness Security Program 5

Network Access Control MAC Authentication Bypass Security Program 6

Network Access Control MAC Authentication Bypass Positives Typically lower cost as compared to other 802.1X solutions. Negatives Vulnerable to spoofing and other network attacks. Limits the scalability of the network due to increased manual network management. Security Program 7

NAC Attack Vectors Security Program

Attack Vectors - Spoofing MAC Spoofing Discover a hosts MAC address through passive network tapping or visual means (e.g. MAC displayed on host) Change the attacking machine MAC address and disconnect the victim host Connect to the same port and wait until 802.1X timeout to force a MAB authentication. Security Program 9

Attack Vectors Certificate Capture Captured Certificate Compromise an existing host through social engineering or direct access. Export or Capture the installed 802.1X client Certificate If the NAC configuration allows, the attacker can now import the obtain certificate and authenticate to the network. (Note An appropriately configured CA would prevent this exploit from being successful) Security Program 10

Attack Vectors Traffic Injection Traffic Injection Fenrir was presented at BlackHat Europe in 2017 Used as an injectable MiTM tool that would allow redirection of 802.1X frames. Redirection is possible due to lack of encryption of 802.1X frames. The attacker would spoof both the authentication server and the supplicant and direct traffic between them with neither host being aware the exploit was working. Security Program 11

VoIP Considerations Security Program 12

VoIP Consideration Network Traffic Traffic should be limited to only what is required for success VoIP operation. VoIP systems should be logically segregated from other network hosts. Organizations should monitor what kinds of protocols and network devices are sending data across the VoIP network. Security Program 13

VoIP Consideration ACL s Access Controls list should prevent VoIP systems from transmitting data across other network VLAN s Appropriately utilized, ACL s will restrict an attacker s lateral movement in the event that the network is compromised through spoofing a VoIP system. Security Program 14

VoIP Consideration Configuration Data Restrictions Attackers must obtain valid MAC addresses or other information to successfully spoof a VoIP device Limiting exposure of this data will aid in limiting this attack vector Security Program 15

Securing Our Network Layered Defense Organizations should implement multiple layers of security controls for identified risks or attack vectors. Never assume that the implemented control will effectively mitigate the threat to appropriate levels. Security Program 16

Securing Our Network Layered Defense Restricted Access to Identification Data. Modified VoIP systems to prevent display of MAC addresses and IP s as well as removed the sticker identification. Isolated VoIP Network Created ACL s that restricted lateral movement as well as placed VoIP systems on their own VLAN. Identified Devices Connecting through MAB Integrated ISE logs with SIEM solution to provide alerts for when anomalous activities occur. Security Program 17

Securing Our Network Layered Defense Examples of SEIM Alerts When VoIP systems are outside of VLAN VoIP systems are using unnecessary protocols VoIP systems are repeatedly going offline Security Program 18

Conclusion Organizations need to take a comprehensive, and consistent look at their NAC. These controls are often the first line of defense from internal malicious users and introduction of rogue devices. Evaluations of attack vectors should be included as part of the risk management process. VoIP systems, similarly to printers, are often overlooked aspects of securing infrastructure. Organizations should refrain from leveraging single point controls within the environment. Security Program 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback