ddurkee connectingpoint biz
play

ddurkee@connectingpoint.biz Security Policies Who has them? Do we - PowerPoint PPT Presentation

Feb 22, 2024 •1.04k likes •1.68k views

Dan Durkee, Executive VP\Partner\Network Engineer Connecting Point Computer Center 303 S Third St, Bismarck, ND 58504 ddurkee@connectingpoint.biz Security Policies Who has them? Do we need them? Wireless Encryption Where have we

  1. Dan Durkee, Executive VP\Partner\Network Engineer Connecting Point Computer Center 303 S Third St, Bismarck, ND 58504 ddurkee@connectingpoint.biz

  2.  Security Policies – Who has them? Do we need them?  Wireless Encryption – Where have we been and were are we going?  The Wireless Spectrum – where does wireless fit?  A Quick Look – Meraki, Ruckus  Encryption Method  Authentication Method  Encryption Algorithm  Network Infrastructure – Better Security  Fun Facts about the Internet of Things – (Time Permitting)

  5.  Encryption Method  Authentication Method  Encryption Algorithm  Network Infrastructure

  7.  The Wireless Spectrum – where does wireless fit?  A Quick Look – Meraki, Ruckus  Encryption Method  WEP – Short for Wired Equivalent Privacy (or Wireless Encryption Protocol)  WPA - Wi-Fi Protected Access  WPA2 - Wi-Fi Protected Access 2  Authentication Method  PSK  Radius Server  Encryption Algorithm  TKIP  AES

  8. Short-Wave Radio FM Broadcast AM Broad- Television Telecommunications Audio cast Frequencies PCS Visible Light Ultra Violet Cosmic Rays Gamma Rays Very High Ultra High Very Low Medium Extremely High Low Microwave Infrared X-rays Low Cellular Telephone, SMR, Packet Radio 1 KHz 1 MHz 1 GHz 1 THz 2.4 GHz ISM (Industrial Scientific, Medical) Band Source: Motorola

  12.  WEP is part of the IEEE 802.11 wireless networking standard and was designed to provide the same level of security as that of a wired LAN. Because wireless networks broadcast messages using radio, they are susceptible to eavesdropping. WEP provides security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another.  WEP was the encryption scheme considered to be the initial standard for first generation wireless networking devices. WEP is used at the two lowest layers of the OSI model - the data link and physical layers; it therefore does not offer end-to-end security. WEP - Wired Equivalent Privacy (WEP) was once the most widely used Wi-Fi security algorithm.  WEP recycles the same key for encrypting all the packets flowing across the network.  WEP was ratified as a Wi-Fi security standard in September of 1999  The Wi-Fi Alliance officially retired WEP in 2004

  13.  Short for Wi-Fi Protected Access, a Wi-Fi standard that was designed to improve upon the security features of WEP. The technology is designed to work with existing Wi-Fi products that have been enabled with WEP (i.e., as a software upgrade to existing hardware), but the technology includes two improvements over WEP:  Improved data encryption through the temporal key integrity protocol (TKIP). TKIP scrambles the keys using a hashing algorithm and, by adding an integrity- checking feature, ensures that the keys haven’t been tampered with.

  14.  User authentication, which is generally missing in WEP, through the extensible authentication protocol (EAP). WEP regulates access to a wireless network based on a computer’s hardware-specific MAC address, which is relatively simple to be sniffed out and stolen. EAP is built on a more secure public-key encryption system to ensure that only authorized network users can access the network.  It should be noted that WPA is an interim standard that will be replaced with the IEEE’s 802.11i standard upon its completion.

  15.  Short for Wi-Fi Protected Access 2, the follow on security method to WPA for wireless networks that provides stronger data protection and network access control. It provides enterprise and consumer Wi-Fi users with a high level of assurance that only authorized users can access their wireless networks. Based on the IEEE 802.11i standard, WPA2 provides government grade security by implementing the National Institute of Standards and Technology (NIST) FIPS 140-2 compliant AES encryption algorithm and 802.1x-based authentication. [Adapted from Wi-Fi.org]  There are two versions of WPA2: WPA2-Personal, and WPA2-Enterprise. WPA2- Personal protects unauthorized network access by utilizing a set-up password. WPA2-Enterprise verifies network users through a server. WPA2 is backward compatible with WPA.

  17.  Short for Wi-Fi Protected Access 2 - Pre-Shared Key, and also called WPA or WPA2 Personal, it is a method of securing your network using WPA2 with the use of the optional Pre-Shared Key (PSK) authentication, which was designed for home users and/or networks without dedicated IT staff who can manage an enterprise authentication server.  To encrypt a network with WPA-PSK you provide your router/AP not with an encryption key, but rather with a plain-English passphrase between 8 and 63 characters long. Using a technology called TKIP (for Temporal Key Integrity Protocol), that passphrase, along with the network SSID, is used to generate unique encryption keys for each wireless client. And those encryption keys are constantly changed.

  18.  A router (or Wi-Fi router) feature that is designed to authenticate individual users to an external server via username and password. WPA Enterprise also gives each PC a unique encryption key, which the user never sees, so they can't share it. To use WPA/WPA2 Enterprise you need a RADIUS server.  Also applies to wireless access points and wireless controllers supporting WPA2

  20.  Temporal Key Integrity Protocol or TKIP was a stopgap security protocol used in the IEEE 802.11 wireless networking standard.  TKIP was designed by the IEEE 802.11i task group and the Wi-Fi Alliance as an interim solution to replace WEP without requiring the replacement of legacy hardware.  This was necessary because the breaking of WEP had left Wi-Fi networks without viable link-layer security, and a solution was required for already deployed hardware. TKIP is no longer considered secure and was deprecated in the 2012 revision of the 802.11 standard

  21.  The Advanced Encryption Standard (AES), also referenced as Rijndael (its original name), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.  AES is based on the Rijndael cipher developed by two Belgian cryptographers, who submitted a proposal to NIST during the AES selection process. Rijndael is a family of ciphers with different key and block sizes.  For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.

  23.  Rogue AP is unmanaged AP plugged into wired enterprise network by unwilling or malicious employees or visitors  Rogue AP can expose wired enterprise network to outsiders over its RF signal spillage  Rogue AP threat is not mitigated by firewalls, WPA2, 802.1x, NAC, anti-virus or wire side scanners  Sensor based wireless intrusion prevention system (WIPS) detects, blocks and locates Rogue APs  Testing of AP’s connectivity to monitored enterprise network is key technology enabler for reliable protection from Rogue APs

  24.  The use of a Radius server for authentication can provide additional security but it will add server and administrator costs and may be the most appropriate for only the larger schools.  RADIUS Centralized User Authentication  Authentication is provided between the wireless client and the RADIUS server, in conjunction with the IEEE 802.1x standard-based network log-in  Any RADIUS supporting EAP-MD5, EAP-TLS, EAP-TTLS  Implemented in conjunction with 802.1x to provide a secure authentication solution for Wireless clients  RADIUS Accounting  Username, start time, stop time, packet input/output

  25.  Segmenting with a Switch – Tagging with VLANS  Segmenting with a Router – Additional LAN Ports or DMZ  Segmenting with Additional Switches and Internet Connection  Identity Management

  26.  In this sample network, VLAN 1 is the Native VLAN, and VLANs 10, 20, 30 and 40 exist, and are trunked to another switch chassis. Only VLANs 10 and 30 are extended into the wireless domain. The Native VLAN is required to provide management capability and client authentications.

  29. Wireless LAN Internet Wired LAN

  30.  Centralize and unify network access policy management to provide consistent, secure access to end users  Gain greater visibility and more accurate device identification  Implement logical network segmentation based on business rules by taking full advantage of Cisco TrustSec technology  Simplify guest experiences for easier guest onboarding and administration  Streamline BYOD and enterprise mobility with easy, out-of-the-box setup for self- service device onboarding and management  Share deep contextual data with third-party ecosystem partner solutions through Cisco Platform Exchange Grid (pxGrid), included within ISE. Contextual data improve the efficacy of partner solutions and accelerate their abilities to identify, mitigate, and remediate network threats.

  32.  Physically hide or secure access points to prevent tampering. In many buildings, access points can be installed in the plenum space above the ceiling, providing optimal coverage in a secure location.  Use video surveillance cameras to monitor your office building and site for suspicious activity.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

WiFi$Direct$in$Android$ $ Mobile$Compu5ng$ MEIC/MERC$2014/15$ $ Nuno$Santos$

WiFi$Direct$in$Android$ $ Mobile$Compu5ng$ MEIC/MERC$2014/15$ $ Nuno$Santos$

WiFi$Direct$in$Android$ $ Mobile$Compu5ng$ MEIC/MERC$2014/15$ $ Nuno$Santos$ WiFi$Direct:$What$Is$It?$ Client$1$ WiGFi$Direct$allows$devices$to$ connect$directly$to$each$ Acts$as$SoMware$ other$using$methods$similar$ Access$Point$

642 views • 17 slides
Requirements for Quick Network Construction Mechanisms for the On-Site Emergency Rescue Activity

Requirements for Quick Network Construction Mechanisms for the On-Site Emergency Rescue Activity

Requirements for Quick Network Construction Mechanisms for the On-Site Emergency Rescue Activity Keiichi Shima, Yojiro Uo Internet Initiative Japan Inc. Background Increasing threats of natural disasters in urbanized cities

515 views • 27 slides
Enabling TDMA for Todays Wireless LANs Zhice Yang 1 *, Jiansong Zhang 2 *, Kun Tan 2 , Qian

Enabling TDMA for Todays Wireless LANs Zhice Yang 1 *, Jiansong Zhang 2 *, Kun Tan 2 , Qian

Enabling TDMA for Todays Wireless LANs Zhice Yang 1 *, Jiansong Zhang 2 *, Kun Tan 2 , Qian Zhang 1 , Yongguang Zhang 2 1 CSE, Hong Kong University of Science and Technology 2 Microsoft Research Asia * Co-Primary Author Motivation AP1 AP2

813 views • 43 slides
Europeana: A Multilingual Trailblazer Juliane Stiller, Marlies Olensky Berlin School of Library

Europeana: A Multilingual Trailblazer Juliane Stiller, Marlies Olensky Berlin School of Library

Europeana: A Multilingual Trailblazer Juliane Stiller, Marlies Olensky Berlin School of Library and Information Science Humboldt-Universitt zu Berlin Multilingual Web Workshop June 11, 2012, Dublin Europeana facts A digital library that

639 views • 15 slides
Wireless Router at Home 192.168.1.2 192.168.1.1 Modem 192.168.1.3 120.6.46.15 telephone line

Wireless Router at Home 192.168.1.2 192.168.1.1 Modem 192.168.1.3 120.6.46.15 telephone line

Wireless Router at Home 192.168.1.2 192.168.1.1 Modem 192.168.1.3 120.6.46.15 telephone line to ISP 192.168.1.5 192.168.1.4 Internet connection with public IP internal LAN with private IPs Wireless All-in-one Router at Home 192.168.1.2

326 views • 18 slides
Technology, especially wireless devices, has immensely grown over the past few decades. Most

Technology, especially wireless devices, has immensely grown over the past few decades. Most

Technology, especially wireless devices, has immensely grown over the past few decades. Most of these wireless devices rely on Wi-Fi for Internet Connectivity. It may seem as if connection to a Wi-Fi network is harmless, however sometimes

593 views • 10 slides
WPA Migration Mode: WEP is back to haunt you Leandro Meiners (lmeiners@coresecurity.com /

WPA Migration Mode: WEP is back to haunt you Leandro Meiners (lmeiners@coresecurity.com /

Black Hat USA 2010 WPA Migration Mode: WEP is back to haunt you Leandro Meiners (lmeiners@coresecurity.com / @gmail.com) Diego Sor (dsor@coresecurity.com / diegos@gmail.com)

491 views • 37 slides
IEEE Infocom 2006 A secure and performant token-based authentication for infrastructure and mesh

IEEE Infocom 2006 A secure and performant token-based authentication for infrastructure and mesh

IEEE Infocom 2006 A secure and performant token-based authentication for infrastructure and mesh 802.1X networks Leonardo Maccari - maccari@lenst.det.unifi.it Romani Fantacci - fantacci@lenst.det.unifi.it Tommaso Pecorella -

714 views • 19 slides
Privacy-Preserving Indexing for eHealth Information Networks Yuzhe Tang, Ting Wang, Ling Liu,

Privacy-Preserving Indexing for eHealth Information Networks Yuzhe Tang, Ting Wang, Ling Liu,

Privacy-Preserving Indexing for eHealth Information Networks Yuzhe Tang, Ting Wang, Ling Liu, Shicong Meng, and Balaji Palanisamy College of Computing, Georgia Institute of Technology Talk Overview Motivation Content Privacy issues in

963 views • 33 slides
draft-ietf-ecrit- additional-data-22 IETF 90 ecrit WG 14 July 2014 slides v1 23 July

draft-ietf-ecrit- additional-data-22 IETF 90 ecrit WG 14 July 2014 slides v1 23 July

draft-ietf-ecrit- additional-data-22 IETF 90 ecrit WG 14 July 2014 slides v1 23 July 2014 Wednesday, July 23, 2014 Purpose of draft Establishes a mechanism for transferring related data with an emergency call A general mechanism for

446 views • 7 slides
Peering and CDNs Arturo Servin Google Imagine youre a Content Provider Content Provider

Peering and CDNs Arturo Servin Google Imagine youre a Content Provider Content Provider

Peering and CDNs Arturo Servin Google Imagine youre a Content Provider Content Provider Imagine youre a Content Provider User ISP Content Provider Imagine youre a Content Provider User Transit ISP Provider Content Provider

584 views • 29 slides
Mass HIway Webmail February 2020 Todays Presenter Keely Benson Account Management Project

Mass HIway Webmail February 2020 Todays Presenter Keely Benson Account Management Project

Commonwealth of Massachusetts Executive Office of Health and Human Services Mass HIway Webmail February 2020 Todays Presenter Keely Benson Account Management Project Director, MeHI benson@masstech.org This presentation has been reviewed

505 views • 26 slides
DATA MANAGEMENT Phase 1 CTP: Data access Use of 4.x data files BDBs BOI support

DATA MANAGEMENT Phase 1 CTP: Data access Use of 4.x data files BDBs BOI support

BLAISE NG DATA MANAGEMENT Phase 1 CTP: Data access Use of 4.x data files BDBs BOI support only if Blaise 4.8 installed Access to data files exclusively through Blaise NG API service and Blaise 4.8 API service Phase1(CTP) :

533 views • 20 slides
Master Summary (PSPS) File in Microsoft Access Erin Mann, ResDAC Technical Advisor Opening the

Master Summary (PSPS) File in Microsoft Access Erin Mann, ResDAC Technical Advisor Opening the

Opening the Physician Supplier Master Summary (PSPS) File in Microsoft Access Erin Mann, ResDAC Technical Advisor Opening the PSPS File Background See also: ResDACs knowledgebase article on opening the PSPS file available at:

269 views • 5 slides
From ISP/ICP Business Models to Internet Economics Dah Ming Chiu Chinese University of Hong Kong

From ISP/ICP Business Models to Internet Economics Dah Ming Chiu Chinese University of Hong Kong

From ISP/ICP Business Models to Internet Economics Dah Ming Chiu Chinese University of Hong Kong Dec 2011 DM Chiu, CUHK DM Chiu, CUHK Self introduction ~20 years in industry (Bell Labs, DEC, Sun Labs) in US and ~10 years as a

383 views • 20 slides
P rot ect ion Prot ect ing processes/ users f rom each 17: P rot ect ion/ Securit y ot her

P rot ect ion Prot ect ing processes/ users f rom each 17: P rot ect ion/ Securit y ot her

P rot ect ion Prot ect ing processes/ users f rom each 17: P rot ect ion/ Securit y ot her is one of t he core OS responsibilit ies Cont rol access of processes or users t o resources of t he comput er syst em (HW Last Modif ied:

384 views • 11 slides
Challenges in Access Right Assignment for Secure Home Networks

Challenges in Access Right Assignment for Secure Home Networks

Challenges in Access Right Assignment for Secure Home Networks Tiffany Hyun-Jin Kim, Lujo Bauer, James Newsome, Adrian Perrig (CMU) Jesse Walker

484 views • 17 slides
Windows Not just for houses Everyone Uses Windows! Users - Accounts to separate people on a

Windows Not just for houses Everyone Uses Windows! Users - Accounts to separate people on a

Windows Not just for houses Everyone Uses Windows! Users - Accounts to separate people on a computer - Multiple user accounts on a computer - Ex) shared family computer - Access level can be set differently for each user - Ex) parent

1.09k views • 66 slides
ACCESS RIGHTS From Start to Finish Access Rights: Start to Finish Kerry O. Irwin

ACCESS RIGHTS From Start to Finish Access Rights: Start to Finish Kerry O. Irwin

ACCESS RIGHTS From Start to Finish Access Rights: Start to Finish Kerry O. Irwin Dinsmore & Shohl LLP 250 West Main St., Suite 1400 Lexington, Kentucky 40507 (859) 425-1034 Kerry.irwin@dinsmore.com 3 Access

720 views • 42 slides
Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data Weichao Wang, Zhiwei Li, Rodney Owens, Bharat Bhargava CCSW 2009: The ACM Cloud Computing Security Workshop 1 The Problem Providing secure and

414 views • 19 slides
Mostafa Z. Ali Mostafa Z. Ali mzali@just.edu.jo 1 1 The Linux FileSystem A filesystem is

Mostafa Z. Ali Mostafa Z. Ali mzali@just.edu.jo 1 1 The Linux FileSystem A filesystem is

Fall 2009 Lecture 6 Operating Systems: Configuration & Use CIS345 The Linux Filesystem Mostafa Z. Ali Mostafa Z. Ali mzali@just.edu.jo 1 1 The Linux FileSystem A filesystem is a set of data structures that usually resides on part

898 views • 50 slides
The Ponder Policy Specification Language Markus Lorch CS 6204, Spring 2005 1 Motivation

The Ponder Policy Specification Language Markus Lorch CS 6204, Spring 2005 1 Motivation

The Ponder Policy Specification Language Markus Lorch CS 6204, Spring 2005 1 Motivation (security) management for large scale IT systems challenging topic - number of components in enterprise-wide networks and distributed systems is high

366 views • 14 slides
Race Conditions A common cause of security bugs Usually involve multiprogramming or

Race Conditions A common cause of security bugs Usually involve multiprogramming or

Race Conditions A common cause of security bugs Usually involve multiprogramming or multithreaded programs Caused by different threads of control operating in unpredictable fashion When programmer thought theyd work in a

649 views • 21 slides
Collaborative Ontology Development with Protg Tania Tudorache, Natasha Noy Jennifer

Collaborative Ontology Development with Protg Tania Tudorache, Natasha Noy Jennifer

Collaborative Ontology Development with Protg Tania Tudorache, Natasha Noy Jennifer Vendetti, Timothy Redmond Stanford Center for Biomedical Informatics Tutorial at the Protg conference 2009 Amsterdam, June 23, 2009 Outline

878 views • 57 slides

More recommend