Assessing Wireless Security with AiroPeek

Similar documents
Monitoring, Troubleshooting and Securing Networks with EtherPeek

How Does a Network Protocol Analyzer Work?

Course Outline. Networking Essentials, Fifth Edition Pearson ucertify Labs.

Cisco (AWLANFE) Advanced Wireless LAN for Field Engineers (AWLANFE) Practice Test. Version

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Cisco EXAM Designing for Cisco Internetwork Solutions. Buy Full Product.

Behavior-Based IDS: StealthWatch Overview and Deployment Methodology

CCNA Certification Primer

A Network Engineer s Guide to Troubleshooting User Satisfaction Problems with SAP Applications April 2007

5. Execute the attack and obtain unauthorized access to the system.

Contacting WildPackets

Information and Network Technology Revised Date 07/26/2012 Implementation Date 08/01/2012

Service Description: Solution Support for Service Provider Software - Preferred This document

ShoreTel Network Services Portfolio

CompTIA Network+ Lab V2.0. Course Outline. CompTIA Network+ Lab V Apr

5 Days Course on LAN Switching & Wireless and Accessing the WAN (CCNA 3 & 4)

CISA Course. Course Details: iathena.com, a Navitus Education Venture

CERTIFIED WIRELESS NETWORK PROFESSSIONAL CWNP Certified Wireless Network Administrator (CWNA)

Chapter 10: Review and Preparation for Troubleshooting Complex Enterprise Networks

Networking Fundamentals Training

Chapter 16: Advanced Security

Industrial Communications Training

Computer Information Systems

Juniper Care Plus Advanced Services Credits

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

SIMPLIFYING COMMUNICATIONS FOR THE WAY PEOPLE WORK TODAY

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Searching for Access Points

CCNA Discovery 4.0 Designing and Supporting Computer Networks

Certified Wireless Network Administrator

Interface The exit interface a packet will take when destined for a specific network.

Decommissioning Legacy Networks

CCNA Exploration Network Fundamentals

INTRODUCTION. What You Need to Read. What this LANbook Covers

Course Outline. ICND1 - Interconnecting Cisco Networking Devices Part 1. ICND1 - Interconnecting Cisco Networking Devices Part 1

Pearson CompTIA: Network+ (Course & Lab) Course Outline. Pearson CompTIA: Network+ (Course & Lab) 15 Jul 2018

Network Infrastructures & Service Provisioning

Monitoring Dashboard. Figure 1: Monitoring Dashboard

Making Remote Network Visibility Affordable for the Distributed Enterprise

T-BERD /MTS-4000 Multiple Services Test Platform

ONMS. Optical Network Management System

Authorized Learning Partner. Wi-Fi Certification Presentation

CA Spectrum MPLS Transport Manager

Decommissioning Legacy Networks

Experiment 2: Wireshark as a Network Protocol Analyzer

CCNA Boot Camp. Course Description

Cesium Co. Ltd., Company Profile. Certification. Laboratory. Metrology Standards. When Performance Matters. Testing Quality

Managing Rogue Devices

Monitoring and Troubleshooting Smaller Office Networks with Savvius Insight

Wireless# Guide to Wireless Communications. Objectives

Light Mesh AP. User s Guide. 2009/2/20 v1.0 draft

9. Wireshark I: Protocol Stack and Ethernet

802MR. User s Manual

HP0-Y33: IMPLEMENTING HP WIRELESS NETWORKS

CompTIA E2C Security+ (2008 Edition) Exam Exam.

COMP 2000 W 2012 Lab no. 3 Page 1 of 11

CCNA Routing and Switching Courses. Scope and Sequence. Target Audience. Curriculum Overview. Last updated November 2, 2016

Cisco Cisco Express Foundation for Account Managers. Download Full Version :

HP0-Y27: DEPLOYING HP ENTERPRISE WIRELESS NETWORKS

CompTIA Network+ N ucertify Course & Labs. Course Outline. CompTIA Network+ N ucertify Course & Labs.

Evaluation Guide for SNMPc v7.0

Case Study: Professional Services Firm Ensures Secure and Successful IPv6 Deployments for Customers with the OptiView XG Network Analysis Tablet

Introduction to Computer

Wireless Attacks and Countermeasures

Do you want to accelerate your IT Career?

Wireless g AP. User s Manual

WHITE PAPER. LTE in Mining. Will it provide the predictability, capacity and speed you need for your mine?

ISO Lead Auditor Program Risk Management System (RMS) Training Program

2) INSERT THE SETUP CD

Security Survey Executive Summary October 2008

BHConsulting. Your trusted cybersecurity partner

Cisco Associate-Level Certifications

Lab IP Addresses and Network Communication

KillTest 䊾 䞣 催 ࢭ ད ᅌ㖦䊛 ᅌ㖦䊛 NZZV ]]] QORRZKYZ TKZ ϔᑈܡ䊏 ᮄ ࢭ

20335B: Lync Network Readiness Assessment

Providing free Wi-Fi to ensure a means of communication in the event of disaster

Information Technology

Mobility+ Computing Deployment and Management. Course Outline. Mobility+ Computing Deployment and Management. 07 Apr

Wireless Network Policy and Procedures Version 1.5 Dated November 27, 2002

Wireless USB Adapter User Manual

Course Outline. CompTIA Network+ N Pearson ucertify Course and Labs. CompTIA Network+ N Pearson ucertify Course and Labs

Overview. Cisco 805 Router Overview CHAPTER

Agilent E7478A GPRS Drive Test System

Lab Viewing Wireless and Wired NIC Information

CISCO QUAD Cisco CCENT/CCNA/CCDA/CCNA Security (QUAD)

Utilization of Agilent s Remote Management Cards RMC Plus L/LS 1.0 (N2521A-AT1/N2521A-AT3) in Intel s. Performance Appliance Platform.

Subject: University Information Technology Resource Security Policy: OUTDATED

2. Firewall Management Tools used to monitor and control the Firewall Environment.

Digital Advisory Services Professional Service Description SIP SBC with Field Trial Endpoint Deployment Model

AmbiCom WL11-SD Wireless LAN SD Card. User Manual

VMWARE HORIZON CLOUD SERVICE HOSTED INFRASTRUCTURE ONBOARDING SERVICE SILVER

Introduction. Goal of This Book. Audience for This Book

Interconnecting Cisco Networking Devices Part1 ( ICND1) Exam.

Current Drain Analysis Enhances WLAN Network Card Design and Test

Wireless LAN USB Adaptor WL-2111 Quick Installation Guide V.1.0

The following chart provides the breakdown of exam as to the weight of each section of the exam.

SURE TO HAVE YOUR PROOF OF PURCHASE. RETURN REQUESTS CAN NOT BE PROCESSED WITHOUT PROOF OF PURCHASE.

Exam: : VPN/Security. Ver :

RealMedia Streaming Performance on an IEEE b Wireless LAN

Information Security Incident Response Plan

Transcription:

Assessing Wireless Security with AiroPeek Copyright 2001 WildPackets, Inc. All rights reserved.

Intrusion Detection with AiroPeek Joe Bardwell Vice President of Professional Services WildPackets, Inc. It is possible for a user to plug an unauthorized access point into an 802.11 wireless LAN and create a security exposure for the network. The determination of the identity of an unauthorized 802.11 user, or access point, is easily accomplished using AiroPeek. AiroPeek can readily identify this type of security breach as well as notify the appropriate people by paging or email. In this way, you can create an automated intrusion detection scenario for your wireless LAN environment. For this intrusion detection system to be effective, it is assumed that the person doing the intrusion detection knows the ESSIDs or BSSIDs associated with the WLAN being inspected. Armed with that information, it is a matter of setting appropriate filters and configuring AiroPeek to capture and send notification when a foreign participant joins the WLAN. The first step in setting up AiroPeek to identify rogue access points is to create a list of the authorized BSSIDs or ESSIDs in use in the network. An AiroPeek Advanced Filter is then created to EXCLUDE all of the authorized access points. This filter is created by capturing normal network traffic and determining the data offset in an 802.11 frame corresponding to the ESSID or BSSID. WildPackets, Inc. Assessing WIreless Security with AiroPeek 1

The portion of the AiroPeek packet detail window, pictured above, discloses a BSSID that is in use in the WLAN. AiroPeek indicates that this value is located at offset 16. Next, you must specify the BSSID value in the creation of an AiroPeek Advanced Filter, as shown above. If more than one BSSID is in use in the WLAN, then they can all be specified in the single Advanced Filter. This filter might be named, "Authorized BSSIDs" for convenience. When the Advanced Filter is applied to a previously captured trace file, you will see the AiroPeek screen pictured above. Notice that only those frames that are part of the "Authorized BSSID" list are highlighted (selected) in the display. WildPackets, Inc. Assessing WIreless Security with AiroPeek 2

AiroPeek can perform multiple, simultaneous, independent capture operations, each having its own separate buffer space into which frames are placed. You create a capture buffer and specify that all frames that MATCH the Authorized BSSID list are to be EXCLUDED from the buffer. That means that ONLY ROGUE ACCESS POINTS WILL BE CAPTURED INTO THIS BUFFER. In addition to managing captured data in separate buffers, AiroPeek allows buffer-specific alarms to be configured. In this Rogue Access Point buffer, an alarm is created that is triggered on the basis of Frame Count. If the Frame Count exceeds zero, the alarm goes off. (That is, if any frames are detected from a rogue access point, then an alarm will be triggered.) Finally, a notification process is specified. AiroPeek can either send an email, assuming an Ethernet connection is available for mail transmission, or operate in its capacity as an analyzer. When any wireless NIC is configured in promiscuous mode (for use with any protocol analyzer), it is no longer able to communicate as a participant in the WLAN. This is an either/or situation. Either the computer is a node on the WLAN or it is functioning as an analyzer. Alternatively, AiroPeek can use a modem interface to dial out to a pager. While AiroPeek is functioning as an automatic rogue access point detector, it can still be used normally to troubleshoot and analyze WLAN traffic. Since multiple capture buffers can be created, it is simply a matter of opening a new buffer and using AiroPeek in the normal manner for network troubleshooting and analysis. The Rogue Access Point buffer continues to operate in the background. All simultaneous buffers have access to all packets. The buffers are not implemented as "leaky buckets." That is, if a "leaky bucket" implementation were used, then frames that were acquired in Buffer #1 would not "leak out" into Buffer #2. AiroPeek does not use a leaky bucket algorithm when processing multiple buffers. All buffers have access to all packets, and all buffers operate independently. In this way, AiroPeek acts as an automated rogue access point detection tool while maintaining all of its normal functionality as a WLAN analyzer. Locating A Rogue Access Point's Physical Position As far as physically locating an intruder, it must be remembered that AiroPeek is a PROTOCOL analyzer, and not an RF test tool. Tools are available on the market that allow directional identification of RF signals. AiroPeek can quickly pinpoint the 802.11 channels that are in use in a particular environment. Knowing the channel usage in a particular location provides the information about the signal frequencies that are being used. By using a directional RF signal strength meter, it is possible to triangulate the location of an RF transmitter. Suffice it to say, a high-end directional RF signal strength meter (and hence, an expensive device) can pinpoint the location WildPackets, Inc. Assessing WIreless Security with AiroPeek 3

with great accuracy. More realistically, a lower-end tool will be able to provide the location of an intruder to within several meters. In the same way that AiroPeek is most effective when used by an experienced, trained engineer, so too, an RF signal strength meter is simply a tool that is dependent on the user's expertise to provide accurate information. When one thinks about RF signal detection, it is easy to slip into pictures of clandestine operatives working for the intelligence agency; locating foreign intruders in sensitive networks. The realm of signal detection engineering and methodology can seem somewhat "cloak-anddagger" and the techniques, tools, and methodologies are, without a doubt, being used for national security. The network manager of a commercial, corporate, or educational network should carefully weigh the need for RF-level network analysis, since this area of technology is significantly different from the LAN/WAN world of TCP/IP protocols with which we are all familiar. WildPackets, Inc. Assessing WIreless Security with AiroPeek 4

WildPackets Professional Services WildPackets offers a full spectrum of unique professional support services, available on-site, online or through remote dial-in service. On-Site Consulting When protocol analysis support is needed at your site, the network experts at WildPackets will work with you and your support team to resolve network problems. Performance Baseline and Network Capacity Planning Report When it is necessary to know the real performance and capacity issues facing your network, a WildPackets consultant can create a baseline report, from a simple evaluation of a single critical server or router up to an assessment of your overall network infrastructure. Infrastructure Design Analysis Services The network experts at WildPackets can help you sort through the details of multi-vendor proposals for hardware and software installation and systems integration, providing you with an un-biased, third party perspective on your proposed network planning, Remote Consulting Services WildPackets Remote Consulting Services may resolve challenging network problems for you without requiring an on-site visit. Our protocol analysis experts will accurately analyze specific trace files you send in to them or capture live traffic from your network and provide a general characterization of network performance and potential problems. WildPackets Academy WildPackets Academy offers the most effective and comprehensive network and protocol analysis training available, meeting the professional development and training requirements of corporate, educational, government, and private network managers. Our instructional methodology and course design centers around practical applications of protocol analysis techniques for both Ethernet and 802.11b wireless LANs. Wild- Packets Academy also provides instruction and testing for the industry-standard NAX (Network Analysis Expert) Certification. For more information about consulting and educational services, including complete course catalog, pricing and scheduling, please visit http://www.wildpacketsacademy.com. NAX examination and certification details are available at http://www.nax2000.com. Live Online Quick Start Program WildPackets now offers one-hour online Quick Start Programs on using EtherPeek and AiroPeek, led by a WildPackets Academy Instructor. Please visit http://www.wildpackets.com/events for complete details and scheduling information. WildPackets, Inc. Since its inception in 1990, WildPackets has been developing affordable tools designed to simplify the complex tasks associated with designing, maintaining, troubleshooting and optimizing computer networks. In the past eighteen months, WildPackets has acquired two key partner organizations and greatly expanded its product development expertise and professional services capabilities in the process. WildPackets customers include Ameritech, Cisco Systems, Lucent Technologies, Microsoft, National Institutes of Health, Yahoo! and others. Strategic partners include Cisco Systems, Symbol Technologies and Agere Systems. WildPackets, Inc. 2540 Camino Diablo Walnut Creek, CA 94596 Tel 925-937-7900 Fax 925-937-2479 WildPackets, Inc. Assessing WIreless Security with AiroPeek 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback