Chapter 1 Describing Regulatory Compliance

Similar documents
COPYRIGHTED MATERIAL. Contents

LESSON 12: WI FI NETWORKS SECURITY

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Chapter 24 Wireless Network Security

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Designing Polycom SpectraLink VoWLAN Solutions to Comply with Payment Card Industry (PCI) Data Security Standard (DSS)

What is Eavedropping?

Wireless Network Security

Securing Information Systems

Wireless LAN Security. Gabriel Clothier

FAQ on Cisco Aironet Wireless Security

Configuring Cipher Suites and WEP

Configuring Management Frame Protection

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Product Brief: SDC-MSD30AG a/g Miniature SDIO Module with Antenna Connectors

Cisco Securing Cisco Wireless Enterprise Networks (WISECURE) Download Full Version :

Authentication and Security: IEEE 802.1x and protocols EAP based

Configuring the Client Adapter through the Windows XP Operating System

Standard For IIUM Wireless Networking

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

Product Brief: SDC-EC25N n ExpressCard Card with Integrated Antenna

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Hardware Capabilities. Product Brief: SDC-PC20G g PCMCIA Card with Integrated Antenna

WPA SECURITY (Wi-Fi Protected Access) Presentation. Douglas Cheathem (csc Spring 2007)

Product Brief: SDC-PC22AG a/g PCMCIA Card with Integrated Antenna

Cisco Exactexams Questions & Answers

Product Brief: SDC-MCF10G g Miniature CF Module with Antenna Connectors

Product Brief: SDC-PE15N n PCIe Module with Antenna Connectors

Lab Configure Enterprise Security on AP

Cisco EXAM Implementing Cisco Unified Wireless Networking Essentials (IUWNE) Buy Full Product.

Cisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ]

Product Brief: SDC-PC10AG a/g Compact Flash Module with Antenna Connectors

Configuring WLANsWireless Device Access

Securing Wireless LANs with Certificate Services

TestsDumps. Latest Test Dumps for IT Exam Certification

Wireless technology Principles of Security

Cisco Exam Questions and Answers (PDF) Cisco Exam Questions BrainDumps

Configuring the Client Adapter through Windows CE.NET

Configuring WEP and WEP Features

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

How Secure is Wireless?

Cisco Actualtests Exam Questions & Answers

exam. Number: Passing Score: 800 Time Limit: 120 min CISCO Securing Wireless Enterprise Networks.

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO

Configuring a WLAN for Static WEP

Configuring a VAP on the WAP351, WAP131, and WAP371

Wireless Networking Basics. Ed Crowley

The 8 th International Scientific Conference DEFENSE RESOURCES MANAGEMENT IN THE 21st CENTURY Braşov, November 14 th 2013

Interworking Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks ...

Configuring Security Solutions

Implementing. Security Technologies. NAP and NAC. The Complete Guide to Network Access Control. Daniel V. Hoffman. WILEY Wiley Publishing, Inc.

Intelligraphics Qualcomm Atheros Windows CCXv4 Product Specification

1. Which network design consideration would be more important to a large corporation than to a small business?

802.1x. ACSAC 2002 Las Vegas

Configuring the Client Adapter

Configuring Layer2 Security

ClearPass QuickConnect 2.0

CUA-854 Wireless-G Long Range USB Adapter with Antenna. User s Guide

Cisco Questions & Answers

Configuring OfficeExtend Access Points

Securing Wireless LANs

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

WL 5011s g Wireless Network Adapter Client Utility User Guide

Security in IEEE Networks

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Securing a Wireless LAN

IP network that supports DHCP or manual assignment of IP address, gateway, and subnet mask

Secure Wireless LAN Design and Deployment

Mobile MOUSe WIRELESS TECHNOLOGY SPECIALIST ONLINE COURSE OUTLINE

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Hooray, w Is Ratified... So, What Does it Mean for Your WLAN?

Open System - No/Null authentication, anyone is able to join. Performed as a two way handshake.

WHITE PAPER. A Manager s Guide To Wireless Hotspots How To Take Advantage Of Them While Protecting The Security Of Your Corporate Network

Wireless and Network Security Integration Solution Overview

Basic Wireless Settings on the CVR100W VPN Router

WLAN Security. Dr. Siwaruk Siwamogsatham. ThaiCERT, NECTEC

Configuring Authentication Types

Viewing Status and Statistics

Configuring Hybrid REAP

Appendix E Wireless Networking Basics

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

The WiMAX Technology

Cyber Security Guidelines for Public Wi-Fi Networks

Configuring Security Solutions

Wireless-N Business Notebook Adapter

Exam Questions CWSP-205

CSE 713: Wireless Networks Security Principles and Practices

Configuring the Client Adapter through the Windows XP Operating System

PRODUCT GUIDE Wireless Intrusion Prevention Systems

Cisco Systems, Inc , 1200, 1300 Series AP (Autonomous mode) Product sw version 12.3(11)JA4 I75 Handset sw version 1.4.

Putting Your Air Space to Work with Business-Class Wireless

WDT3250 RF Setup Guide

WIRELESS LOCAL AREA NETWORK SECURITY USING WPA2-PSK

5 Tips to Fortify your Wireless Network

ACCESS POINTS. Configuration Specifications

Solution Architecture

Wireless Attacks and Countermeasures

Information Security in Corporation

Cisco Adaptive Wireless Intrusion Prevention System: Protecting Information in Motion

Securing Cisco Wireless Enterprise Networks ( )

Transcription:

[ 2 ] Chapter 1 Describing Regulatory Compliance Failure to secure a WLAN makes it vulnerable to attack. To properly secure your network, you must be able to identify common threats to wireless and know how to counteract them. Identifying Wireless Vulnerabilities Rogue access points and clients Cisco WLAN controllers identify access points (APs) outside their mobility group as rogue APs. Rogues are friendly if they do not pose a threat, such as APs belonging to neighbors. A rogue is malicious if it poses a threat to the network, such as an AP added to the wired network without permission from the IT department; such an AP could be used for illegitimate access to network resources. Malicious APs can also be external and used to disrupt your network; they include honeypots and evil twins. Honeypots are usually unsecured and set up to lure unsuspecting clients into giving up sensitive information or to infect them with a virus or worm. Evil twins mimic APs from your network. They are used to fool clients into connecting to a network that looks legitimate and then trick users into giving up sensitive information. Rogue clients are devices connected to rogue APs or to other clients in an ad hoc manner. Denial-of-service attacks Wireless denial-of-service (DoS) attacks keep users from connecting by overwhelming the AP s radios. Wireless DoS attacks are usually committed by spoofing management frames, through jamming, or by infecting a client with a virus that floods the network with spurious traffic.

[ 3 ] Over-the-Air Attacks Over-the-air attacks include reconnaissance attacks (used to map out the network) or replay attacks (user data is captured and re-transmitted). Replay attacks work better in networks that use unencrypted or weakly encrypted data. Securing client access You need mutual authentication to properly secure client access to the network. Mutual authentication uses Extensible Authentication Protocol (EAP) to make the client identify itself to the network and the network identify itself to the client. Wireless clients accessing the network from outside the WLAN (for example, from a hotspot in a coffee shop) should use a VPN. Securing guest access We let guests access our WLANs so that they can connect to the Internet or to services we offer, but at the same time we must protect company traffic from accidental or unauthorized access. We also need to ensure that only authorized guests get to use our network. Industry Standards and Associations International Organization for Standardization (ISO) The ISO has members from organizations in 159 countries, and they create standards for the computing industry. The following is a list of published standards from the 27000 series, which relates to information security:

[ 4 ] ISO/IEC 27001:2005. Specification for information security management systems ISO/IEC 27002:2005. Code of practice information security ISO/IEC 27005:2008. Information security risk management ISO/IEC 27006:2007. Guidelines for accrediting organizations that certify/register of information security management systems Institute of Electrical and Electronics Engineers (IEEE) The IEEE is an international organization that creates standards for IT and other engineering fields, including the following: 802.11-2007: Combines 802.11a, b, d, e, g, h, i, and j with the base 802.11 standard 802.11i: Created scalable security based on EAP-based authentication and Advanced Encryption Standard (AES) encryption 802.11r: Draft standard for fast secure roaming intended to support voice 802.11u: Draft standard for internetworking with non-802.11 networks 802.11w: Draft standard for implementing management frame protection Internet Engineering Task Force (IETF) An international group interested in the continued growth and smooth operation of the Internet. They have created multiple RFCs affecting the wireless industry, including the following: RFC 3579: RADIUS Support for EAP RFC 4017: EAP Method Requirements for WLANs RFC 4346: TLS v1.1

[ 5 ] RFC 4851: EAP-FAST RFC 5169: Handover Key Management and Re-authentication Statement Payment Card Industry Data Security Standard for Wireless Networks An international standard designed to protect credit card information, personal data, and cardholder identities. Wi-Fi Alliance International nonprofit organization made up of Wi-Fi manufacturers. They test interoperability of Wi-Fi gear and create interim support measures for customers while waiting for a needed standard. The Wi-Fi Alliance created the following: Wi-Fi Protected Access (WPA) Authentication via EAP or WPA-PSK Encryption using Temporal Key Integrity Protocol (TKIP) Wi-Fi Protected Access 2 (WPA2) Authentication via EAP or WPA-PSK Encryption using AES Cisco Compatible Extensions (CCX) Cisco has written extensions enhancing client performance with Cisco wireless equipment and has made these extensions available to Wi-Fi manufacturers.

[ 6 ] Table 1-1 CCX enhancements CCX Version V1 V2 V3 V4 V5 Security enhancements Static WEP PEAP-GTC WPA2 NAC MFP-v2 802.1X LEAP Cisco TKIP WPA EAP-FAST EAP-TLS PEAP-MSCHAPv2 MFP-v1 Mobility and management enhancements CCKM w/ LEAP Proxy ARP CCKM w/ EAP-FAST SSO w/ LEAP, EAP-FAST CCKM w/ PEAP-GTC, PEAP-MSCHAPv2, EAP-TLS Regulatory Compliance Governments around the world have defined laws to protect sensitive information, including the following: EU Directive on Data Protection 95/46/EC Protects personal data used by multinational organizations within EU boundaries Prevents unauthorized disclosure of data by transmission, including location data Health Insurance Portability and Accountability Act (HIPPA) Requires organizations within the United States to use reasonable safeguards to protect electronic protected health information (EPHI) Includes access and audit controls, user and entity authentication, integrity mechanisms, and data encryption Gramm-Leach-Bliley Act (GLBA) Requires U.S. financial institutions to protect financial information

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback