NETW 05A: APPLIED WIRELESS SECURITY Functional Policy: Monitoring & Response By Mohammad Shanehsaz Spring 2005 This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Objectives Security management : Explain the necessary criteria for regular wireless LAN security reporting and documentation Implement and conduct timely and consistent reporting procedures Implement & maintain wireless LAN security checklist This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Objectives Explain how to identify and prevent social engineering Educate staff and security personnel Implementation and enforcement of corporate policy regarding social engineering Security marketing and propaganda campaigns to heighten awareness This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. This lecture covers Physical Security Social Engineering Reporting Response Procedures This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Physical Security Physical security begins with allowing only authorized personnel into and out of the organization’s premises, by implementing security and educating staff about the risks prevent placement of Rogue access points and Ad Hoc networks on the wired network, and data flooding. RF jamming is more difficult to prevent, detect, or block, but it can be done by putting up high fences that block RF transmissions around facility, or using mesh substances in the wall This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Physical Security Security policy must include documentation on physical security, procedures for authorizing visitors or technicians who show up to repair and upgrade systems, how rogues will be found, how often the area will be scanned and what to do when rogues are found This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Social Engineering By training employees and help desk staff we can raise their awareness to recognize and prevent social engineering. Social engineering attacks come in many forms such as: Dumpster diving - searching through the trash Phone calls - attackers try to locate willing and helpful people from whom to obtain information such as usernames and password Email and IM (instant messaging ) - a social engineer gathers a phone directory and information on the standard naming conventions for IM, and then masquerades as a legitimate employee This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Social Engineering Prevention Some of the procedures support and administrative personnel should adhere to are: Positively identify the person that is calling or requesting help Use established, secure channels for passing security information Report suspicious activity or phone calls Establish procedures that eliminate password exchanges Shred company documents before throwing them in the trash This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Social Engineering Prevention A well-educated employee is the best defense against social engineering attempts, they must become familiar with what types of attacks may occur, what to look for, and how to respond to incident An organization’s security policy should dictate proper response procedures for social engineering threat This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Social Engineering Audits To reduce the threat of social engineering have defenses tested for weaknesses by penetration tests, including social engineering attacks against organizational staff, performed by security professionals This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Reporting Reports that are generated as part of security monitoring procedures can provide valuable information on how the network is being utilized as well as where attacks are occurring. A proper reporting policy will include information on who is accountable for generating the reports and who is responsible for reading the reports in a timely manner Training should also be required for the reviewers System logs and IDS logs can be used to detect anomalies and attacks on a network Traffic baselining of data flow establishes which users or devices are utilizing the most WLAN bandwidth This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Response Procedures Response procedures endeavor to detect and properly react to intrusions A security policy should define the steps to take after an intrusion has been recognized, to prevent the attack from occurring again This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Recommended steps for response procedures Positive identification Administrator must be properly trained to distinguish between an attack and false positives Confirmed attack After an attack has taken place, damage must be assessed and confirmed, and appropriate managers should be notified This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Recommended steps for response procedures Immediate action If an attack has taken place follow the documented security policy to implement the appropriate procedures for each type of attack scenario Documentation Document all attack findings in a standard form generated by the organization and add to the security policy Reporting Notify the appropriate authorities, Corporate legal counsel, police and even IT forensics experts This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Resources CWSP certified wireless security professional, from McGraw-Hill This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.