wireless security: a framework for decision-making
DESCRIPTION
TRANSCRIPT
SecurityWirelessWireless
CoSN/MNEP © 2004 www.securedistrict.cosn.org
Cyber Security for the Digital DistrictCyber Security for the Digital District:a CoSN Leadership InitiativeIn partnership with Mass Networks Education Partnership (MNEP)
www.securedistrict.cosn.org
Chris Seiberling / Mass Networks Boston, MA
Find a framework for decision Find a framework for decision making…making… quicklyquickly
Find a framework for decision Find a framework for decision making…making… quicklyquickly
Wireless Wireless SecuritySecurityWireless SecurityWireless Wireless SecuritySecurity
SecurityWirelessWireless
CoSN/MNEP © 2004 www.securedistrict.cosn.org
Wireless growth challenges the security-minded Changes in standards perplex strategic planners New IT accessibility exposes network limitations
Context for decision making
OverviewOverview
Security Protocol
Security GoalsRisk AnalysisRisk ReductionCrisis
Management
Security Context
Wild WildWireless
StandardsReadiness
SecurityWirelessWireless
CoSN/MNEP © 2004 www.securedistrict.cosn.org
http://www.wigle.net/images/PointsOverTime.png
OverviewOverview
Security Protocol
Security GoalsRisk AnalysisRisk ReductionCrisis
Management
Security Context
Wild WildWireless
StandardsReadiness
Total unique networks listed with location: 1,629,532 Total networks without WEP:
527,326Total networks with default SSID: 533,281 New networks listed TODAYTODAY with location: 736As of August 25, 2004
Access Point Explosion Access Point Explosion Access Point Explosion Access Point Explosion
SecurityWirelessWireless
CoSN/MNEP © 2004 www.securedistrict.cosn.org
It’s a contest!
So
urc
e: w
igle
.ne
t 2/2
0/2
00
4
Rank Username
DiscoveredNetworkswith GPS
NetworksThis Monthwith GPS Most Recent Post
PercentageQuality
Locations
1 bigezy105,298 1,489 18-Feb-2004 88%
2 hratch69,827 4,702 20-Feb-2004 79%
3 blackwave66,406 0 21-Dec-2003 88%
4 anonymous29,492 569 19-Feb-2004 81%
5 arkasha26,847 3,375 17-Feb-2004 92%
6 mentat18,214 264 18-Feb-2004 85%
7 eyecannon14,165 384 01-Feb-2004 84%
8 rve00113,373 0 10-Jan-2004 83%
9 bobzilla12,942 849 07-Feb-2004 87%
10 Carnager10,824 974 14-Feb-2004 94%
OverviewOverview
Security Protocol
Security GoalsRisk AnalysisRisk ReductionCrisis
Management
Security Context
Wild WildWireless
StandardsReadiness
SecurityWirelessWireless
CoSN/MNEP © 2004 www.securedistrict.cosn.org
Access Points are
everywhere
OverviewOverview
BostonBoston
Security Protocol
Security GoalsRisk AnalysisRisk ReductionCrisis
Management
Security Context
Wild WildWireless
StandardsReadiness
SecurityWirelessWireless
CoSN/MNEP © 2004 www.securedistrict.cosn.org
Not in my backyard?
OverviewOverview
Security Protocol
Security GoalsRisk AnalysisRisk ReductionCrisis
Management
Security Context
Wild WildWireless
StandardsReadiness
SecurityWirelessWireless
CoSN/MNEP © 2004 www.securedistrict.cosn.org
OverviewOverview
Not in my backyard?
Security Protocol
Security GoalsRisk AnalysisRisk ReductionCrisis
Management
Security Context
Wild WildWireless
StandardsReadiness
SecurityWirelessWireless
CoSN/MNEP © 2004 www.securedistrict.cosn.org
OverviewOverview
Not in my backyard?
What’s in youryour WLAN?
Security Protocol
Security GoalsRisk AnalysisRisk ReductionCrisis
Management
Security Context
Wild WildWireless
StandardsReadiness
Netid Ssid Flag WEPTriLatTriLong
Last update
Ch
Active
Bcinterval Qos
00:02:2d:21:9f:4a Heights Library 0001
N 42.10518646 N-71.20593262 W
2003-09-27 1 Y 02
00:02:2d:22:47:b6 Heights Lab 2 0001
N 42.10519028 N-71.20605469 W
2003-09-27 18
Y 02
00:02:2d:29:9b:2b Heights Lab 3 0001
N 42.10523224 N-71.20604706 W
2003-09-27 8 Y 00
00:30:65:03:36:e1 Heights0001
N 42.10526657 N-71.20570374 W
2003-09-27 6 Y 00
00:03:93:e9:fc:33 Cottage Wireless 1025
N 42.11931229 N-71.17268372 W
2003-09-27 Y100 0
00:02:2d:21:9e:9d Cottage Lab 2 1 Y42.11932755 N-71.17259979 W
2003-09-27 Y100 0
SecurityWirelessWireless
CoSN/MNEP © 2004 www.securedistrict.cosn.org
(Some) Standards in the news…
802.11b an aging standard?
WEP (Wired Equivalent Privacy)
WPA (Wi-Fi Protected Access) – Late 2002
802.11g faster but no safer than .11b -- June 2003
PEAP (Protected Extensible Authentication Protocol) – 2004? a client/server-based end-to-end authentication protocol to be included in WLAN gear as well as client software, authentication servers and online directories.
802.11i June 2004. Uses 128-bit NIST-sanctioned Advanced Encryption Standard (AES) which replaces Digital Encryption Standard (DES)
OverviewOverview
What’s next?
Security Protocol
Security GoalsRisk AnalysisRisk ReductionCrisis
Management
Security Context
Wild WildWireless
StandardsReadiness
SecurityWirelessWireless
CoSN/MNEP © 2004 www.securedistrict.cosn.org
Other new opportunities…will come with new challenges
Voice over WiFi Camera-enabled, text-enabled cell
phones Wireless PDAs Cellular-Wireless integration
OverviewOverview
Security Protocol
Security GoalsRisk AnalysisRisk ReductionCrisis
Management
Security Context
Wild WildWireless
StandardsReadiness
SecurityWirelessWireless
CoSN/MNEP © 2004 www.securedistrict.cosn.org
ReadinessReadiness
Before deploying wireless networking, can you…
1. Management• Develop a district wireless policy?
• Budget time and staff…
• to perform regular intrusion testing and monitoring?
• to stay informed of new vulnerabilities to wireless networking and appropriate countermeasures?
•to train users in wireless security awareness?
Security Protocol
Security GoalsRisk AnalysisRisk ReductionCrisis
Management
Security Context
Wild WildWireless
StandardsReadiness
SecurityWirelessWireless
CoSN/MNEP © 2004 www.securedistrict.cosn.org
ReadinessReadiness
Before deploying wireless networking, can you…
2. Technology• Make sure secure locations indoors are available for
placing APs?
• Deploy a second layer of authentication, e.g. smart cards or biometrics?
• Install virus protection and personal firewall on client computers?
• Disable file sharing on all wireless clients?
• Verify that passwords are being being changed on wireless clients?
Security Protocol
Security GoalsRisk AnalysisRisk ReductionCrisis
Management
Security Context
Wild WildWireless
StandardsReadiness
SecurityWirelessWireless
CoSN/MNEP © 2004 www.securedistrict.cosn.org
2. Changing Standards
1. Exploding Access
3. Readiness
Recommendations from NIST’s Wireless and Network Security (publication 800-48)
OverviewOverview
Context for decision making
Security Protocol
Security GoalsRisk AnalysisRisk ReductionCrisis
Management
Security Context
Wild WildWireless
StandardsReadiness
SecurityWirelessWireless
CoSN/MNEP © 2004 www.securedistrict.cosn.org
1. Set Security Goals
Establish framework for decision making on security
Security ProtocolSecurity Protocol
Security Protocol
Security GoalsRisk AnalysisRisk ReductionCrisis
Management
Security Context
Wild WildWireless
StandardsReadiness
SecurityWirelessWireless
CoSN/MNEP © 2004 www.securedistrict.cosn.org
2. Risk Analysis Identify IT assets that could be affected by introduction of new technology (e.g. wireless) Determine their vulnerabilities (e.g. WEP) and threats (e.g. whackers) Test the defenses
1. Set Security Goals
Security ProtocolSecurity Protocol
Security Protocol
Security GoalsRisk AnalysisRisk ReductionCrisis
Management
Security Context
Wild WildWireless
StandardsReadiness
SecurityWirelessWireless
CoSN/MNEP © 2004 www.securedistrict.cosn.org
2. Risk AnalysisSolve security gaps
with initiatives in: technology policy IT management
practice training communication
1. Set Security Goals
3. Risk Reduction
Security ProtocolSecurity Protocol
Security Protocol
Security GoalsRisk AnalysisRisk ReductionCrisis
Management
Security Context
Wild WildWireless
StandardsReadiness
SecurityWirelessWireless
CoSN/MNEP © 2004 www.securedistrict.cosn.org
2. Risk Analysis1. Set Security Goals
3. Risk Reduction4. Crisis ManagementPrepare for crises
associated with the technology newly added to the district’s set of IT assets.
Security ProtocolSecurity Protocol
Security Protocol
Security GoalsRisk AnalysisRisk ReductionCrisis
Management
Security Context
Wild WildWireless
StandardsReadiness
SecurityWirelessWireless
CoSN/MNEP © 2004 www.securedistrict.cosn.org
Tame growth, control access:Current deployments: enable WEP, test your network.
SummarySummary
Planning a new network? Check for readiness.
Ready to sign a purchase order? consider waiting for standards to shake out.
Security Protocol
Security GoalsRisk AnalysisRisk ReductionCrisis
Management
Security Context
Wild WildWireless
StandardsReadiness
SecurityWirelessWireless
CoSN/MNEP © 2004 www.securedistrict.cosn.org
Thanks!We need your feedback:
SummarySummary
www.securedistrict.cosn.org
Security Protocol
Security GoalsRisk AnalysisRisk ReductionCrisis
Management
Security Context
Wild WildWireless
StandardsReadiness