View
216
Download
1
Category
Tags:
Preview:
Citation preview
1
Enhancing the Security of Corporate Wi-Fi Networks using DAIR
PRESENTED BY
SRAVANI KAMBAM
2
Outline:IntroductionAttacks on Wi-Fi NetworksDAIR ArchitectureDetecting AttacksExperimental ResultsChannel AssignmentLimitationsRelated WorkFuture WorkConclusion
3
IntroductionDAIR-Dense array of Inexpensive Radios
Framework for monitoring enterprise wireless networks
DAIR framework to detectRogue wireless devicesDenial of Service attacks
Prior proposals:Combination of access points, mobile clients and dedicated sensor nodes
Dense deployment of sensors is necessary for effective monitoring
2 Observations- Plenty of desktop computers with wired connectivity and availability of inexpensive USB-based wireless adapters
4
Attacks on Wi-Fi NetworksEavesdroppingIntrusionDenial of Service(DoS)Phishing
5
DAIR ArchitectureAir MonitorsThe Land MonitorsThe Inference EngineThe Database
6
7
Detecting AttacksIntrusion Attacks
Guarding Against False PositivesAssociation TestSource/Destination Address TestReplay TestDHCP Signature Test
Guarding Against False Negatives
DoS Attacks Deauthentication/Disassociation Attacks NAV attacks
8
Experimental ResultsTest Environment
Sensor Deployment Density
System scalability
Demonstrative Results Delay Incurred by the Association Test Effectiveness of the Replay Test Effectiveness of DHCP Test Threshold for Detecting Disassociation Attacks
9
Channel AssignmentWhich channels the DAIR nodes should listen on???
10
LimitationsDAIR assumes the availability of stationary Desktop computers with good wired network connectivity.
DAIR can never guarantee that a suspect device is harmless.
If all the tests fail, we still cannot say that the suspect device is not connected to the corporate network.
DAIR monitoring system is at risk, if some component of the monitoring system is compromised.Desktop systems-False data submitted, large number of alarms, Denial of Service attacks
DAIR adds a wireless interface to desktop systems which may make them more vulnerable.
11
Related WorkFirewalls prevent unauthorized users from gaining access to the network.
IDSs detect compromised machines in the network.They detect once the attack is launched High false positive rate-hence not useful
IPSec secures the communication channel between two authorized machines.VPN software uses this.
These reduces the attacks but does not secure the network against the attacks like DoS.
Does not detect rogue Wi-Fi devices
DAIRDetects and locates the rogue Wi-Fi devices Detects various DoS attacksFew false positivesMinimal human intervention.
12
Related Work Cont..Two Approaches
APsDedicated and expensive custom hardware sensors for RF monitoring
One prior research paper on detecting rogue devicesMobile clients and APsAny unknown AP is flagged as rogue AP, even if it not plugged into corporate network.Rogue adhoc networks are not detectedDoS attacks not detected
Another research on detecting greedy and malicious behavior in IEEE 802.11 neworks.
DOMINOAP based solution for detecting greedy behavior in IEEE 802.11 hotspots.
13
Future Work: Initially deployed on a small scale but can be scaled to larger deployments
1. Plan to expand initial deployment to cover entire office building.2. Building additional performance monitoring and network management applications using the DAIR
framework3. Extending DAIR system to support accurate location determination.
14
ConclusionDAIR
◦ For monitoring enterprise wireless networks using desktop machines◦ Takes advantage of key attributes of desktop infrastructure
◦ Dense deployment◦ Stationarity◦ Wired connectivity◦ Spare CPU and disk resources
DAIR monitors ◦ Security breaches◦ Denial of Service attacks
DAIR reducesFalse negative alarmsFalse positive alarms
15
Thank You!
Recommended