I then determined the ip address of the computer that

This preview shows page 13 - 15 out of 19 pages.

access. I then determined the IP address of the computer that the attack came from and disabled the AP it was connected to. I then verified the computer was off the network by attempting to ping it and not receiving a response. I then went to the area the AP was located at and did a walk through to identify if there was anyone there. When no one was readily apparent, I attempted to locate the device that had performed the attack. Once I found the device, I brought it back took it, shut off the Wi-Fi (on the manual switch), and then logged into the computer. I was able to determine that the device had been compromised and was passing along requests from an ad hoc network from which the attack was originating from. An ad hoc wireless network is a peer to peer network, consisting of sperate computing devices called nodes, which are connected without a central device or infrastructure such as a router (Sparkfun, n.d.). Identifying rogue ad hoc wireless networks can be completed through the Cisco APs that have been put into use on our network (they monitor for rogue ad hoc networks while scanning and identifying rogue APs). The Ad hoc wireless network can threaten our security as it has no central authority for ensuring that devices entering it are completely benign. As it is a peer to peer network, communication must travel through nodes between the client and endpoint for the communication (Patil & Raghatwan, 2014) (which allows for eavesdropping, man-in-the-middle attacks, passing along of malware instead of the intended payload, or message manipulation). Ad hoc networks are prone to intrusion, information disclosure & DOS, requires a high level of security to attempt to counter, requires each device to have access to its neighbor’s symmetric keys to pass along messages, doesn’t guarantee the device is physically protected (allows for hardware manipulation/tampering), and is dynamically changing (nodes could disappear without
Cybersecurity Incident Report 14 notice and create an unbridgeable gap for communication) (Pietro, Guarino, Verde, & Domingo- Ferrer, 2014). While an ad hoc network could be used in theory, and it would reduce infrastructure requirements and costs it would result in a lack of visibility and control for network activity. It would cause vulnerabilities that would greatly outweigh the cost saving – as well as the peer to peer communication slowing down and negatively impacting communication devices might have with outside systems. If an ad hoc network performs signal hiding countermeasures, it would be harder to manually identify and shutdown, but the implementation of the Cisco APs currently in place would be able to identify the traffic occurring and recognize a rogue wireless network on the premises. One signal hiding method that is commonly used is when a network hides its Service Set Identifier (SSID), requiring a device that is trying to connect to it to know both the identifying name (can be upper case or lowercase numbers and symbols up to 32 characters long) as well as the passphrase to connect to it. Other possible methods would be to reduce the signal

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture