Enterprise Wireless Security Solutions - Analyzing Wireless Attacks and Defining Security Rules Security Policies

Source: Internet
Author: User
Keywords Security Policy Enterprise Security Enterprise Wireless Security
Tags airports analysis analyzing client console design enterprise enterprise security

Enterprise Wireless Security Solutions - Analysis of Wireless Attacks and Defining Security Rules. Before sending a WIPS design, writing is not very good, not quite sure. A few days ago I heard that new security guards listed wireless security as a compliance requirement. Then a detailed description of it. In fact, the feeling of WIPS after the point of action will be high, for example, in the military, government, companies, airports, hotels, cities, schools, and so densely populated place.

sensor

Sensor is a very important part of WIPS. It serves as a monitor for scanning and execution.

Really read the sensor should be quite small, I found a, feel free to feel:

In fact, this long virtue, with a router almost, of course, you can be handsome point. The layout of the sensor, it is deployed according to your sensor signal effective distance and protective area. Use OepnWrt yourself can engage in a simple model to try, or the company's own hardware engineer IoT engineers can engage in a special. Need to pay attention to is:

A sensor to support the mainstream of 802.11 protocols such as g / n / a

2 To support the 2.4 GHz band and the 5 GHz band

3 Then support the frequency hopping scan.

5 best to get solid point, regardless of indoor or outdoor.

6 You can also get more support for features such as support for other wireless protocols. Or can identify the pseudo-base station, UAV, RF interference what kind of.

This article discusses the detection rules and identification strategies, the sensor how to engage everyone to set it.

Open source WIDS

Snort everyone should be familiar with, a lightweight open source IDS. In fact, it also extends the wireless module, but few people use it, the general business simple point, will be the first choice for wireless alarm system Snort + Kismet. However, this only serves as a warning. And now the feeling is outdated. After all, IDS and IPS difference is still big.

Snorby (Loganalyzer Console, BASE Console) + Snort + Barnyard2. Of course, that front-end console that beautiful. See a Snort running interface. This is one of the people engaged abroad, did not get on OpenWrt, there is no use Kismet. Estimated to be a test. But Snorby's front end I really like, open source IDS more similar, nothing new.

In fact, nothing, I feel Snort in wireless defense will also be a starting point for the study, there is no write to build process, and want to study the private exchange, my Q: 2191995916

Simple to talk about, Kismet, many people think it is a scanning tool, in fact, it is a 802.11 packet capture and protocol analysis framework, the most NB you can generate KML Kismet file, and then read in "Google Earth" Get, you can read GPS data, and can also be through "GISKismet" for visualization.

De-Authentication Flood attack behavior analysis

Deauth is an authentication flood attack that is a denial of service attack on a wireless network. When a client establishes a connection with an AP, the client inserts the forged cancel authorization message through the broadcast. The client considers the message from the AP and disconnects.

This method can not only destroy the AP and cause infinite reconnection, but also achieve the offline hacking attack by scraping Hash for the WPA-WPA2 / enterprise Radius + WPA architecture. There is the attack with the Fake AP, reaching a deeper level of destruction.

Here's a test done under MDK3, which shows a lot of Deauth messages.

Deauth attacks on the wireless network.

Filtering Deauth Frames in Wireshark's Filter:

"Wlan.fc.type == 0 && wlan.fc.type_subtype == 0x0c"

Reason Code is a reason code in the Deauth Frame.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.