!!! :
(Internet) : Attacker
(802.11) AP AP: Access Point, AP
AP
Drive by Hacking NoteBook 12 AP / 12 AP Personnel Records Trade Secrets Financials WiFi (802.11)
LAN
802.11 MAC Address : AP MAC Address : WEP ( ) MAC MAC Address
802.11 (Close Network): Service Set ID(SSID) : SSID, AP SSID AP SSID SSID SSID
802.11 WEP (Wired Equivalent Privacy) 802.11 RC4 64 128 ( ) bit key : AP Key Code 1 4M Frame Key( )
: & AP : AP scanner, Net Stumbler War driving : Airsnort, Airopeek (DoS) : MAC Address AP: (Man in Middle attack)
AP Scanner
War Driving Scan
: default, linksys
Network Stumbler
AiroPeek IP Addresses Clear Text Passwords Company Data
AP War Driving
AP AP AP
AP AP AP
: AP AP Radius, VPN AP AP
AP (Handover)? IP QoS(Quality of service)??? AP?
(Authentication) (Authorization) (Privacy), : : PDA Scanner :
: : Web ( FTP) ( : ) Guest / Visitor
Wi-Fi WEP(Wired Equivalent Privacy) 802.1x (PEAP, Cisco-LEAP, TLS, TTLS, MD5) Key Exchange Wi-Fi Protected Access (WPA) 802.1x key Wi-Fi Alliance Pre-802.11i ( IEEE 802.11 ) /, 802.11i AES (2004 ), VPN (IPSec),
WLAN BlueSecure Intrusion Protection System & Bluesocket Wireless Gateway RF WLAN
WLAN Gateways: Authentication, Encryption, Policy Management, Secure Mobility PPTP Executive IPsec Finance access point 802.1x Admin Clear Visitor access point access point X access point Enterprise LAN ACS LDAP Radius NT Domain
Bluesocket Wireless Gateway Authentication, Encryption, Policy Management, Secure Mobility Open, Standards-based Interoperability for Multi-vendor Networks PPTP Executive IPsec Finance access point Bluesocket Wireless Gateway 802.1x Admin Clear Visitor access point access point X access point Enterprise LAN ACS LDAP Radius NT Domain
RF (Unauthorized Access) (Eavesdrop) AP (Malicious AP) AP (Rogue AP) User Wireless Link Enterprise LAN Eavesdropper Rogue Access Point Malicious Access Point Enterprise Access Point
802.11i?
, AP Switch Airespace, Aruba, Cisco, Proxim, Symbol, Trapeze
Bluesocket Your Secure WLAN Develop Wireless Policy 5. RF Intrusion Protection continuous real-time monitoring of the airwaves 4. Network-based Virus Detection, Worm Protection 3. Policy Enforcement, Bandwidth Management 2. Strong Encryption 1. Universal Authentication Plan for Protection
802.11 (Probe Attack): AP : AP: Man in middle Attack (DoS): Storms : Worm
BlueSecure RF Sensor AP WLAN AP BlueSecure Server 802.11 a/b/g
BlueSecure Server BlueSecure RF Sensors 802.11 AP Rogue AP Alert Windows
BlueSecure IPS Deployed 802.11 RF Monitoring System for: Rogue Detection Vulnerability Assessment Intrusion Detection Usage Auditing Troubleshooting Performance Management Usage Planning Make sure your WLANs are hack-proof Security Operations Ensure the service levels of your WLANs Network Operations
BlueSecure WLAN : BlueSecure Intrusion Protection System: RF Policy Bluesocket Wireless Gateway: RF Monitoring Sensor : Multi-Method, Correlated, RapidScan : Plug-n-Play (Total Cost of Ownership), (ROI)
Bluesocket Wireless Gateway Plug-n-Play Enterprise WLAN Security/Control Mobile Devices: NIC or Built-In 802.11 802.11 Access Points: 802.11b, 802.11g, 802.11a/b, etc. Bluesocket Wireless Gateway Authentication Servers: LDAP, Radius, NT Domain Server
Bluesocket WG: / Smart Card Token Local (LDAP RADIUS NT Domain) Role-based VPN PPTP L2TP IPSec
Bluesocket WG: (Secure Mobility TM) Web-base QoS (Quality of Service)
Secure Mobility TM Matrix 12 Mobile Devices + Off-the-shelf APs + Wireless Gateways + Unchanged Legacy Network R&D/Engineering Wiring Closet Internet Wiring Closet Finance and IT 802.11 AP 802.11 AP 802.11 AP 802.11 AP 802.11 AP Wired Network Sales and Marketing 802.11 AP Wiring Closet Corporate Network Wiring Closet 802.11 AP Operations 802.11 AP Radius, LDAP, Active Directory, NT Domain Server Corporate Servers 802.11 AP 802.11 AP 802.11 AP
Bluesocket WG: WLAN (role) QoS AP
Many Components = High Operational Expense Authentication Encryption Firewall Mobility Single Component, Multiple Functions QOS/ BWM Policy Interoperability Bandwidth Mgt
Bluesocket WG WG-5000 High WG-2100 Data Density Medium Low WG-1100-SOE WG-1100 15-100 Users 1-20 APs Medium 50-500 Users 10-50 APs Large Up to 1000 Users Hundreds of APs Very large 1-15 Users 1-3 APs 100 Mbps Clear 15 Mbps 3DES Small 100 Mbps Clear 30 Mbps 3DES Performance 400 Mbps Clear 150 Mbps 3DES 1 Gbps Clear 400 Mbps 3DES
Multi-Layered Security Enterprise User WEP Keyed Access IPSec Security Corporate Wired Network Industrial User MAC ACL Entry RADIUS/ LDAP Authentication VPN Certificate PKI Credentials Internet / Web Services Intruder FW Session Controls Virus Controls/ IDP
Bluesocket Wireless Gateway 4.0 Cisco Cisco 802.1x EAP-FAST ( LEAP, PEAP, TLS, TTLS) Voice over WLAN WLAN Load Sharing HP OpenView
Zero-Day Attack OS
Bluesocket WLAN Zero-Day : Name of User signature Attacking or Infected Ports being used in WLAN attack/worm exploit IDS State (ex: Blocked or Monitored )
Cisco Cisco AP-Base Cisco 802.1x EAP-FAST ( LEAP, PEAP, TLS, TTLS) Cisco Cisco APs AP Cisco Firmware AP Name, Location and MAC Cisco CDP Which user is on the AP What Cisco Model and Firmware
Bluesocket WLAN WLAN WLAN WLAN : (AP,,, )
Education Healthcare Government Enterprise
Singapore Polytechnic
: : VPN Email :,
Thank You!