96%(95)91 out of 95 people found this document helpful
This preview shows page 8 - 10 out of 19 pages.
devices unique identifying address). This is an attack method that tries to obfuscate possibly useful information for identifying an attacker on the network and tracking them down). In order to gain the MAC address, the targets computer may have communicated it on a network where the attacker was eavesdropping. To prevent MAC spoofing, it is important to have proper security systems in place, such as those already mentioned (Cisco ISE and Cisco Adaptive Wireless IPS), which can identify or fingerprint systems, track anomalous behavior, and identify inconsistencies. These cisco products, use methods such as determining if a device is suddenly using another connection type (e.g. if is usually communicates via WLAN but starts using the LAN), if the DHCP class id has changed (the type of client or vendor being used), or attributes such as endpoint policy (if a device ID suddenly changes from a printer to an IP phone or workstation (Cisco, 2017a). These inconsistencies add up and allow for the attacker to be identified and stopped before damage is done or the attack completes.The monitoring systems such as Cisco ISE can also be used to assist in whitelisting device types. A whitelist is a list of approved devices on the network that are allowed network access, devices that do not match up to the list would be denied access (they never enter or connect to it). Cisco ISE fingerprinting is perfect for this, as during the fingerprinting process, it does not allow network access in order to protect verified systems and network resources. The whitelisted devices would be those in use currently (and implemented after the incident): our
Cybersecurity Incident Report9cisco switches, cisco ISE system, the cisco APs, firewalls, servers in use (our web server, DNS server, domain controller, and certificate authority). Continuous Improvement PlanIn order to improve our security, it is important to review protocols used, available, and their pros and cons. Doing so makes it apparent in hindsight, mistakes rooted in not ensuring newer and proper protocols (we were using the WPA communication protocol) are being used onour WLAN. There are three recently common protocols used for Wi-Fi protocols. They are the Wired Equivalent Privacy (WEP), Wi-Fi protected access (WPA), and WPA2. The WEP was the first major encrypted protocol used for Wi-Fi. It uses encryption based in a RC4 stream cipher, which uses a 40-bit key, with a 24-bit initialization vector to create the encryption scheme that is “random”. While it was an attempt at securing the Wi-Fi, there are inherent flaws that allow for exploitation and penetration of the security. WPA was released as a fix for the flawed WEP protocol, and uses a 128-bit key, the MAC address, and a 48-bit initialization vector, in addition to the message integrity check, and authentication using 802.1.x (IEEE standard protocol for authentication) (altogether it is much more secure than WEP) (Nyakomitta, Cheruiyot, & Mindila, 2015). Lastly, there is the WPA2 protocol, which uses AES instead off an RC4 cipher, or CCMP (a type of encryption cipher blockchain protocol) instead of the keys and vectors from WPA’s encryption) (Diffen, n.d.). Of the three, WEP is the least secure, while WPA2 is the most