Interessante discussione sull'infrastruttura wireless. Il modo migliore (e anche una delle domande che hai postato) è come i venditori come cisco e altri stanno facendo per fornire funzionalità che risolvono alcuni dei problemi che hai elencato con la tecnologia wireless. Spero che conoscendo e comprendendo i fornitori BIG prescrittivi si possa forse rivedere le attuali ipotesi sugli attacchi e sui problemi reali affrontati nei confronti di WIDS. Segue la mia analisi: -
BACKGROUND & LIMITAZIONI
(citazioni tratte da un white paper Cisco )
- Current IDS/IPS systems cannot detect access points
running with proprietary extensions such as Super
G (from Atheros). These readily available devices go undetected. Additionally, it’s possible for a hacker to take standard Wi-Fi equipment (for example, running Linux) and modify it to operate on nonstandard channels or with other nonstandard modulation schemes. These extended or modified devices can be detected only if you analyze
the RF physical layer. As Beyond Wi-Fi devices, many other types of non-Wi-Fi equipment - including Bluetooth access points, access points running older standards such as
802.11FH, and proprietary wireless bridges - can also be used to open up holes in the network
- They do not detect RF layer DoS attacks that can be implemented through jammer devices or Wi-Fi devices that have been set in a diagnostic jamming mode.
- At a fundamental level, a standard Wi-Fi chipset has limited ability to implement Spectrum Intelligence. The reason is that Wi-Fi chipsets are specifically designed to receive Wi-Fi signals only - they do not recognize other types of signals. Standard chipsets are not even designed to pass up enough information for SI to occur at higher levels of software. And there is no ability for software to access the actual data received from the burst for further analysis
SOLUTION
Cisco has created an integrated solution with patented chips and software that has been specifically designed to analyze and classify all RF activity. Cisco Spectrum Analysis Engine (SAgE) hardware core, which has been integrated directly into Wi-Fi chipset.
TECNOLOGIA OFFERTA
Spectrum intelligence (SI) is data about RF spectrum activity derived from advanced interference identification algorithms similar to those used in the military.For every device operating in the unlicensed band, SI reveals : What is it? Where is it? How is it impacting the Wi-Fi network? Cisco has taken the bold step of integrating SI directly into the chipset of new access points.
Utilizzando clean-pipe & MSE (motore di sicurezza della mobilità) accoppiato fornisce la posizione fisica delle interferenze wireless, software sensibile al contesto, dispositivo rogue, dispositivi wire.
I servizi di sicurezza offre i seguenti vantaggi: -
- Posizione, correlazione, cronologia / con contesto forense basato per
intelligenza spettrale pulita
- Software sensibile al contesto per l'individuazione dei dispositivi wireless.
-
Adaptive ips
Gamma completa di attacchi e minacce 802.11 contro i punti di accesso e i client della rete, riconoscimento della rete, intercettazioni telefoniche, autenticazione e cracking della crittografia, MITM, Wireless dos, attacchi del giorno 0.
ESEMPIO di AIPS
Network Reconnaissance and Profiling Detection
Analyzes traffic behavior and performs pattern matching to detect tools and techniques such as Netstumbler, Wellenreiter, Kismet, honeypot access points, and other methods, providing an early alert that a hacker is looking for avenues of attack
Authentication and Encryption
Cracking Detection Analyzes traffic behavior and performs pattern matching
to detect tools and techniques such as AirSnarf, AirCrack, ASLEAP, Chop-Chop, and other methods, providing an alert of potential or attempted data theft