SlideShare a Scribd company logo

Skyjacking A Cisco WLAN - What it means and how to protect against it?

Samir Palnitkar
Samir Palnitkar

A flaw in the Cisco WLAN operation was announced in late Aug 2009 that allows a hacker to "skyjack" or take control of a Cisco lightweight access point. The vulnerability is rooted in the over-the-air-provisioning (OTAP) feature used by Cisco lightweight access points to discover and connect to a Cisco WLAN controller. This webinar presentation will deconstruct the skyjacking vulnerability - explaining why the vulnerability occurs in Cisco WLANs, which Cisco access points are affected, how skyjacking can be exploited to launch potent attacks, and what are the best practices to proactively protect your enterprise network against such zero-day vulnerabilities and attacks.

TechnologyEducation
1 of 29
Download to read offline
Webinar held on 02 Sept, 2009 *Webinar Press Release URL : http://digg.com/d3130SK ! " !
In the News Cisco wireless LAN vulnerability could open ‘back door’ Cisco wireless LANs at risk of attack, ‘skyjacking’ Newly discovered vulnerability could threaten Cisco wireless LANs
What Cisco says Severity = Mild “No risk of data loss or interception” “Could allow an attacker to cause a denial of service (DoS) condition” It’s not a big deal!
Hmm… How severe is the exploit? What exactly is skyjacking? ? ? Do I need to worry about it? ?
What you will learn today The risk from skyjacking vulnerability is much bigger than stated How to assess if you are vulnerable Countermeasures for skyjacking and other zero-day attacks
Five ways a LAP can discover WLCs Subnet-level broadcast Configured Over-the-air provisioning (OTAP) DNS DHCP
Three criteria a LAP uses to select a WLC Step 1 Primary, Secondary, Tertiary Step 2 Master mode Step 3 Maximum excess capacity
Over-the-air provisioning (OTAP)
OTAP exploited for “skyjacking”
Skyjacked LAP denies service to wireless users
Secure WLAN enterprise access Before SSID Security VLAN Comment Corp WPA2 20 Internal to corporate network AP Physically 30 Internal to corporate network Connected To
Authorized LAP skyjacked – DoS Before SSID Security VLAN Comment DoS Corp WPA2 20 Internal to corporate network AP Physically 30 Internal to corporate network Connected To
Authorized LAP turned into Open Rogue AP Before Rogue on SSID Security VLAN Comment Network Corp OPEN 30 Internal to corporate network AP Physically 30 Internal to corporate network Connected To
Camouflaged Rogue LAP: a backdoor to your enterprise network!
Wolf in Sheep Clothing Before Rogue on SSID Security VLAN Comment Network Corp WPA2 30 Internal to corporate network AP Physically 30 Internal to corporate network Connected To
Wolf in Sheep Clothing – Scenario 2 Before SSID Security VLAN Comment DoS Corp WPA2 20 Internal to corporate network Guest OPEN 30 Internal to corporate network Rogue on AP Physically 30 Internal to corporate network Network Connected To
SpectraGuard® Enterprise WLAN policy set-up Guest WLAN SSID Allowed Subnet (VLAN) for Guest SSID
Normal WLAN operation Device list displayed on SpectraGuard Enterprise console Authorized SSIDs are seen in “Green” color and are detected with VLAN identifier to which they connect
Skyjacking on guest access 1 Change in the VLAN is detected SSID marked as “misconfigured” 2 (Background changes to amber) Automatic Prevention started 3 ( Shield icon appears )
Summary AirTight’s unique wireless- Type of Skyjacking attack Only over-air wired correlation based Open rogue threat detection threat detection Authorized SSID as Open Rogue AP WPA2 rogue Authorized SSID as “Privileged” Rogue AP X (Wolf in Sheep clothing) Open guest Guest access as Open rogue Rogue AP (Wolf in Sheep clothing – X scenario 2)
AirTight’s SpectraGuard Enterprise The only WIPS that can provide zero-day protection against the most potent form of skyjacking attack Thanks to patented marker packet technology for accurate wired connectivity detection and unique VLAN Policy Mapping™ architecture
Which LAPs can be skyjacked? Type of Cisco LAP Vulnerable? LAPs using auto discovery Yes Configured with “preferred” WLCs ? (primary, secondary, tertiary) Mostly No Configured with locally significant No certificates (LSC)
Countermeasures Turn off OTAP on WLC Ineffective! Manually configure LAPs with preferred Primarily HA and load WLCs (primary, secondary, tertiary) balancing feature Manually configure LAPs with LSCs Impractical Block outgoing traffic from UDP ports Not a common 12222 and 12223 on your firewall practice
Practical difficulties: Do you know If all LAPs are configured with primary, secondary and tertiary WLC? If all LAPs are indeed connected to configured WLCs? If your outgoing UDP ports on the firewall are blocked? Did you test it today? How many VLANs do you have authorized for wireless access? Are all SSIDs mapped to the correct VLANs? When was the last time your LAPs rebooted? When was the last time your WLC taken down for maintenance? If all your APs are compliant with your security policies? How do you know?
One mistake and you could be exposed!
Adding second, independent layer of WIPS protection Zero-day attacks Misconfigurations Undesirable connections Zero-day attacks Undesirable Misconfigurations connections Designed for security Designed for WLAN access
AirTight’s SpectraGuard product family Complete Wireless Intrusion Prevention Industry’s Only Wireless Security Service Wireless Security for Mobile Users WLAN Coverage & Security Planning
About AirTight Networks For more information on wireless security risks, best practices, and solutions, visit: http://www.airtightnetworks.com The Global Leader in Wireless Security and Compliance Visit our blog to read the root cause analysis of “Skyjacking: What Went Wrong?” http://blog.airtightnetworks.com

Recommended

WPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitWPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitAirTight Networks
 
Ngfw overview
Ngfw overviewNgfw overview
Ngfw overviewMotty Ben Atia
 
CCNA Security - Chapter 7
CCNA Security - Chapter 7CCNA Security - Chapter 7
CCNA Security - Chapter 7Irsandi Hasan
 
Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Shamal Abeyrathne
 
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISECHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISEAlexander Kravchenko
 
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...Alexander Kravchenko
 
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...Alexander Kravchenko
 
CCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asaCCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asaAhmed Habib
 

Recommended

WPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitWPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitAirTight Networks
 
Ngfw overview
Ngfw overviewNgfw overview
Ngfw overviewMotty Ben Atia
 
CCNA Security - Chapter 7
CCNA Security - Chapter 7CCNA Security - Chapter 7
CCNA Security - Chapter 7Irsandi Hasan
 
Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Shamal Abeyrathne
 
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISECHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISEAlexander Kravchenko
 
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...Alexander Kravchenko
 
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...Alexander Kravchenko
 
CCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asaCCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asaAhmed Habib
 
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityFeb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityCasey Dunham
 
WIFI Hacking
WIFI HackingWIFI Hacking
WIFI HackingSuraj Bohara
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngOpen Knowledge Nepal
 
CCNA Security - Chapter 2
CCNA Security - Chapter 2CCNA Security - Chapter 2
CCNA Security - Chapter 2Irsandi Hasan
 
CCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsCCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsAhmed Habib
 
Ccna security comparison
Ccna security comparisonCcna security comparison
Ccna security comparisonthongams2000
 
Aircrack
AircrackAircrack
AircrackMuhammadHanzalah6
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityAhmad Yar
 
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testing
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration TestingMr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testing
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testingnooralmousa
 
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)ClubHack
 
CCNA Security - Chapter 5
CCNA Security - Chapter 5CCNA Security - Chapter 5
CCNA Security - Chapter 5Irsandi Hasan
 
SonicWall
SonicWallSonicWall
SonicWallNEOTD Tech Events .
 
Accelerating incident response in organizations of any size
Accelerating incident response in organizations of any sizeAccelerating incident response in organizations of any size
Accelerating incident response in organizations of any sizeCisco Canada
 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Mohamed Loey
 
Routers
RoutersRouters
RoutersGuranna Biradar
 
Wireless Security
Wireless SecurityWireless Security
Wireless SecuritysiDz
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitationbarcamp.my
 
I psec cisco
I psec ciscoI psec cisco
I psec ciscoDeepak296
 
Jatinder Singh
Jatinder SinghJatinder Singh
Jatinder SinghJatinder Virk
 
The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95
The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95
The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95Justrassity996
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresAirTight Networks
 
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentestingYunfei Yang
 

More Related Content

What's hot

Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityFeb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityCasey Dunham
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngOpen Knowledge Nepal
 
CCNA Security - Chapter 2
CCNA Security - Chapter 2CCNA Security - Chapter 2
CCNA Security - Chapter 2Irsandi Hasan
 
CCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsCCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsAhmed Habib
 
Ccna security comparison
Ccna security comparisonCcna security comparison
Ccna security comparisonthongams2000
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityAhmad Yar
 
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testing
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration TestingMr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testing
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testingnooralmousa
 
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)ClubHack
 
CCNA Security - Chapter 5
CCNA Security - Chapter 5CCNA Security - Chapter 5
CCNA Security - Chapter 5Irsandi Hasan
 
Accelerating incident response in organizations of any size
Accelerating incident response in organizations of any sizeAccelerating incident response in organizations of any size
Accelerating incident response in organizations of any sizeCisco Canada
 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Mohamed Loey
 
Wireless Security
Wireless SecurityWireless Security
Wireless SecuritysiDz
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitationbarcamp.my
 
I psec cisco
I psec ciscoI psec cisco
I psec ciscoDeepak296
 
The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95
The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95
The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95Justrassity996
 

What's hot (20)

Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityFeb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
 
WIFI Hacking
WIFI HackingWIFI Hacking
WIFI Hacking
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ng
 
CCNA Security - Chapter 2
CCNA Security - Chapter 2CCNA Security - Chapter 2
CCNA Security - Chapter 2
 
CCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsCCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ips
 
Ccna security comparison
Ccna security comparisonCcna security comparison
Ccna security comparison
 
Aircrack
AircrackAircrack
Aircrack
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
 
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testing
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration TestingMr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testing
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testing
 
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
 
CCNA Security - Chapter 5
CCNA Security - Chapter 5CCNA Security - Chapter 5
CCNA Security - Chapter 5
 
SonicWall
SonicWallSonicWall
SonicWall
 
Accelerating incident response in organizations of any size
Accelerating incident response in organizations of any sizeAccelerating incident response in organizations of any size
Accelerating incident response in organizations of any size
 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2
 
Routers
RoutersRouters
Routers
 
Wireless Security
Wireless SecurityWireless Security
Wireless Security
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
 
I psec cisco
I psec ciscoI psec cisco
I psec cisco
 
Jatinder Singh
Jatinder SinghJatinder Singh
Jatinder Singh
 
The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95
The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95
The-Cisco-Aironet-1130AG-Series-Access-Point-Is-An95
 

Similar to Skyjacking A Cisco WLAN - What it means and how to protect against it?

Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresAirTight Networks
 
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentestingYunfei Yang
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutionshemantchaskar
 
Vfm security with aruba wireless
Vfm security with aruba wirelessVfm security with aruba wireless
Vfm security with aruba wirelessvfmindia
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Yury Chemerkin
 
Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)Ryan Orsi
 
Ch20 Wireless Security
Ch20 Wireless SecurityCh20 Wireless Security
Ch20 Wireless Securityphanleson
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsAirTight Networks
 
ht-f02-inside-the-world-of-java-applets_final
ht-f02-inside-the-world-of-java-applets_finalht-f02-inside-the-world-of-java-applets_final
ht-f02-inside-the-world-of-java-applets_finalAbhishek Singh
 
Protect your guest wifi - NOW
Protect your guest wifi - NOWProtect your guest wifi - NOW
Protect your guest wifi - NOWJoshua Sibaja
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssueIshan Girdhar
 
Fudcon 2015...Wireless: From Basics to Internals
Fudcon 2015...Wireless: From Basics to InternalsFudcon 2015...Wireless: From Basics to Internals
Fudcon 2015...Wireless: From Basics to InternalsKiran Divekar
 
FAQ - Rogue AP - What is Rogue Access Point?
FAQ - Rogue AP - What is Rogue Access Point?FAQ - Rogue AP - What is Rogue Access Point?
FAQ - Rogue AP - What is Rogue Access Point?Tũi Wichets
 
physical and hardware security(http://4knet.ir)
physical and hardware security(http://4knet.ir)physical and hardware security(http://4knet.ir)
physical and hardware security(http://4knet.ir)Azad Kaki
 
[SOS 2009] D-Link: Red Segura L2 L3
[SOS 2009] D-Link: Red Segura L2 L3[SOS 2009] D-Link: Red Segura L2 L3
[SOS 2009] D-Link: Red Segura L2 L3Chema Alonso
 
Tired of rogues_-_solutions_for_detecting_and_eliminating_rogue_wireless_netw...
Tired of rogues_-_solutions_for_detecting_and_eliminating_rogue_wireless_netw...Tired of rogues_-_solutions_for_detecting_and_eliminating_rogue_wireless_netw...
Tired of rogues_-_solutions_for_detecting_and_eliminating_rogue_wireless_netw...Advantec Distribution
 

Similar to Skyjacking A Cisco WLAN - What it means and how to protect against it? (20)

Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
 
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentesting
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
 
Vfm security with aruba wireless
Vfm security with aruba wirelessVfm security with aruba wireless
Vfm security with aruba wireless
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
 
Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)
 
Ch20 Wireless Security
Ch20 Wireless SecurityCh20 Wireless Security
Ch20 Wireless Security
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
 
ht-f02-inside-the-world-of-java-applets_final
ht-f02-inside-the-world-of-java-applets_finalht-f02-inside-the-world-of-java-applets_final
ht-f02-inside-the-world-of-java-applets_final
 
Protect your guest wifi - NOW
Protect your guest wifi - NOWProtect your guest wifi - NOW
Protect your guest wifi - NOW
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
 
FIREWALL
FIREWALLFIREWALL
FIREWALL
 
Wlan security
Wlan securityWlan security
Wlan security
 
Fudcon 2015...Wireless: From Basics to Internals
Fudcon 2015...Wireless: From Basics to InternalsFudcon 2015...Wireless: From Basics to Internals
Fudcon 2015...Wireless: From Basics to Internals
 
FAQ - Rogue AP - What is Rogue Access Point?
FAQ - Rogue AP - What is Rogue Access Point?FAQ - Rogue AP - What is Rogue Access Point?
FAQ - Rogue AP - What is Rogue Access Point?
 
physical and hardware security(http://4knet.ir)
physical and hardware security(http://4knet.ir)physical and hardware security(http://4knet.ir)
physical and hardware security(http://4knet.ir)
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
 
[SOS 2009] D-Link: Red Segura L2 L3
[SOS 2009] D-Link: Red Segura L2 L3[SOS 2009] D-Link: Red Segura L2 L3
[SOS 2009] D-Link: Red Segura L2 L3
 
609 618
609 618609 618
609 618
 
Tired of rogues_-_solutions_for_detecting_and_eliminating_rogue_wireless_netw...
Tired of rogues_-_solutions_for_detecting_and_eliminating_rogue_wireless_netw...Tired of rogues_-_solutions_for_detecting_and_eliminating_rogue_wireless_netw...
Tired of rogues_-_solutions_for_detecting_and_eliminating_rogue_wireless_netw...
 

More from Samir Palnitkar

Palnitkar - JMT, 230 miles (370 km) - Aug 11-30, 2021
Palnitkar - JMT, 230 miles (370 km) - Aug 11-30, 2021Palnitkar - JMT, 230 miles (370 km) - Aug 11-30, 2021
Palnitkar - JMT, 230 miles (370 km) - Aug 11-30, 2021Samir Palnitkar
 
Order confirmation email
Order confirmation emailOrder confirmation email
Order confirmation emailSamir Palnitkar
 
Facebook shopping community_app
Facebook shopping community_appFacebook shopping community_app
Facebook shopping community_appSamir Palnitkar
 
Skyjacking A Cisco WLAN - What it means and how to protect against it?
Skyjacking A Cisco WLAN - What it means and how to protect against it?Skyjacking A Cisco WLAN - What it means and how to protect against it?
Skyjacking A Cisco WLAN - What it means and how to protect against it?Samir Palnitkar
 

More from Samir Palnitkar (7)

Palnitkar - JMT, 230 miles (370 km) - Aug 11-30, 2021
Palnitkar - JMT, 230 miles (370 km) - Aug 11-30, 2021Palnitkar - JMT, 230 miles (370 km) - Aug 11-30, 2021
Palnitkar - JMT, 230 miles (370 km) - Aug 11-30, 2021
 
Social login scenarios
Social login scenariosSocial login scenarios
Social login scenarios
 
Order confirmation page
Order confirmation pageOrder confirmation page
Order confirmation page
 
Order confirmation email
Order confirmation emailOrder confirmation email
Order confirmation email
 
Facebook shopping community_app
Facebook shopping community_appFacebook shopping community_app
Facebook shopping community_app
 
Social analytics module
Social analytics moduleSocial analytics module
Social analytics module
 
Skyjacking A Cisco WLAN - What it means and how to protect against it?
Skyjacking A Cisco WLAN - What it means and how to protect against it?Skyjacking A Cisco WLAN - What it means and how to protect against it?
Skyjacking A Cisco WLAN - What it means and how to protect against it?
 

Recently uploaded

Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 

Recently uploaded (20)

Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 

Skyjacking A Cisco WLAN - What it means and how to protect against it?

  • 1. Webinar held on 02 Sept, 2009 *Webinar Press Release URL : http://digg.com/d3130SK ! " !
  • 2. In the News Cisco wireless LAN vulnerability could open ‘back door’ Cisco wireless LANs at risk of attack, ‘skyjacking’ Newly discovered vulnerability could threaten Cisco wireless LANs
  • 3. What Cisco says Severity = Mild “No risk of data loss or interception” “Could allow an attacker to cause a denial of service (DoS) condition” It’s not a big deal!
  • 4. Hmm… How severe is the exploit? What exactly is skyjacking? ? ? Do I need to worry about it? ?
  • 5. What you will learn today The risk from skyjacking vulnerability is much bigger than stated How to assess if you are vulnerable Countermeasures for skyjacking and other zero-day attacks
  • 6. Five ways a LAP can discover WLCs Subnet-level broadcast Configured Over-the-air provisioning (OTAP) DNS DHCP
  • 7. Three criteria a LAP uses to select a WLC Step 1 Primary, Secondary, Tertiary Step 2 Master mode Step 3 Maximum excess capacity
  • 9. OTAP exploited for “skyjacking”
  • 10. Skyjacked LAP denies service to wireless users
  • 11.
  • 12. Secure WLAN enterprise access Before SSID Security VLAN Comment Corp WPA2 20 Internal to corporate network AP Physically 30 Internal to corporate network Connected To
  • 13. Authorized LAP skyjacked – DoS Before SSID Security VLAN Comment DoS Corp WPA2 20 Internal to corporate network AP Physically 30 Internal to corporate network Connected To
  • 14. Authorized LAP turned into Open Rogue AP Before Rogue on SSID Security VLAN Comment Network Corp OPEN 30 Internal to corporate network AP Physically 30 Internal to corporate network Connected To
  • 15. Camouflaged Rogue LAP: a backdoor to your enterprise network!
  • 16. Wolf in Sheep Clothing Before Rogue on SSID Security VLAN Comment Network Corp WPA2 30 Internal to corporate network AP Physically 30 Internal to corporate network Connected To
  • 17. Wolf in Sheep Clothing – Scenario 2 Before SSID Security VLAN Comment DoS Corp WPA2 20 Internal to corporate network Guest OPEN 30 Internal to corporate network Rogue on AP Physically 30 Internal to corporate network Network Connected To
  • 18. SpectraGuard® Enterprise WLAN policy set-up Guest WLAN SSID Allowed Subnet (VLAN) for Guest SSID
  • 19. Normal WLAN operation Device list displayed on SpectraGuard Enterprise console Authorized SSIDs are seen in “Green” color and are detected with VLAN identifier to which they connect
  • 20. Skyjacking on guest access 1 Change in the VLAN is detected SSID marked as “misconfigured” 2 (Background changes to amber) Automatic Prevention started 3 ( Shield icon appears )
  • 21. Summary AirTight’s unique wireless- Type of Skyjacking attack Only over-air wired correlation based Open rogue threat detection threat detection Authorized SSID as Open Rogue AP WPA2 rogue Authorized SSID as “Privileged” Rogue AP X (Wolf in Sheep clothing) Open guest Guest access as Open rogue Rogue AP (Wolf in Sheep clothing – X scenario 2)
  • 22. AirTight’s SpectraGuard Enterprise The only WIPS that can provide zero-day protection against the most potent form of skyjacking attack Thanks to patented marker packet technology for accurate wired connectivity detection and unique VLAN Policy Mapping™ architecture
  • 23. Which LAPs can be skyjacked? Type of Cisco LAP Vulnerable? LAPs using auto discovery Yes Configured with “preferred” WLCs ? (primary, secondary, tertiary) Mostly No Configured with locally significant No certificates (LSC)
  • 24. Countermeasures Turn off OTAP on WLC Ineffective! Manually configure LAPs with preferred Primarily HA and load WLCs (primary, secondary, tertiary) balancing feature Manually configure LAPs with LSCs Impractical Block outgoing traffic from UDP ports Not a common 12222 and 12223 on your firewall practice
  • 25. Practical difficulties: Do you know If all LAPs are configured with primary, secondary and tertiary WLC? If all LAPs are indeed connected to configured WLCs? If your outgoing UDP ports on the firewall are blocked? Did you test it today? How many VLANs do you have authorized for wireless access? Are all SSIDs mapped to the correct VLANs? When was the last time your LAPs rebooted? When was the last time your WLC taken down for maintenance? If all your APs are compliant with your security policies? How do you know?
  • 26. One mistake and you could be exposed!
  • 27. Adding second, independent layer of WIPS protection Zero-day attacks Misconfigurations Undesirable connections Zero-day attacks Undesirable Misconfigurations connections Designed for security Designed for WLAN access
  • 28. AirTight’s SpectraGuard product family Complete Wireless Intrusion Prevention Industry’s Only Wireless Security Service Wireless Security for Mobile Users WLAN Coverage & Security Planning
  • 29. About AirTight Networks For more information on wireless security risks, best practices, and solutions, visit: http://www.airtightnetworks.com The Global Leader in Wireless Security and Compliance Visit our blog to read the root cause analysis of “Skyjacking: What Went Wrong?” http://blog.airtightnetworks.com