Руководство По Проектированию для Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter
4-37
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 4 Cisco Unified Wireless Network Architecture—Base Security Features
Cisco Integrated Security Features
DHCP Rogue Server Attack
The DHCP rogue server event may be the result of a purposeful attack, or a user may have accidentally
brought up a DHCP server on a network segment and begun to inadvertently issue IP addresses. An
intruder may bring up a DHCP server and offer IP addresses representing a DNS server or default
gateway that redirects unsuspecting user traffic to a computer under the control of the intruder.
brought up a DHCP server on a network segment and begun to inadvertently issue IP addresses. An
intruder may bring up a DHCP server and offer IP addresses representing a DNS server or default
gateway that redirects unsuspecting user traffic to a computer under the control of the intruder.
DHCP Starvation Attack
DHCP starvation attacks are designed to deplete all of the addresses within the DHCP scope on a
particular segment. Subsequently, a legitimate user is denied an IP address requested via DHCP and thus
is not able to access the network. Gobbler is a public domain hacking tool that performs automated
DHCP starvation attacks. DHCP starvation may be purely a DoS mechanism or may be used in
conjunction with a malicious rogue server attack to redirect traffic to a malicious computer ready to
intercept traffic.
particular segment. Subsequently, a legitimate user is denied an IP address requested via DHCP and thus
is not able to access the network. Gobbler is a public domain hacking tool that performs automated
DHCP starvation attacks. DHCP starvation may be purely a DoS mechanism or may be used in
conjunction with a malicious rogue server attack to redirect traffic to a malicious computer ready to
intercept traffic.
ARP Spoofing-based Man-In-the-Middle Attack
A man-in-the-middle (MIM) attack is a network security breach in which a malicious user intercepts
(and possibly alters) data traveling along a network. One MIM attack uses ARP spoofing, in which a
gratuitous Address Resolution Protocol (ARP) request is used to misdirect traffic to a malicious
computer such that the computer becomes the “man in the middle” of IP sessions on a particular LAN
segment. The hacking tools ettercap, dsniff, and arpspoof may be used to perform ARP spoofing.
Ettercap in particular provides a sophisticated user interface that displays all the stations on a particular
LAN segment and includes built-in intelligent packet capturing to capture passwords on a variety of IP
session types.
(and possibly alters) data traveling along a network. One MIM attack uses ARP spoofing, in which a
gratuitous Address Resolution Protocol (ARP) request is used to misdirect traffic to a malicious
computer such that the computer becomes the “man in the middle” of IP sessions on a particular LAN
segment. The hacking tools ettercap, dsniff, and arpspoof may be used to perform ARP spoofing.
Ettercap in particular provides a sophisticated user interface that displays all the stations on a particular
LAN segment and includes built-in intelligent packet capturing to capture passwords on a variety of IP
session types.
IP Spoofing Attack
IP spoofing attacks spoof the IP address of another user to perform DoS attacks. For example, an attacker
can ping a third-party system while sourcing the IP address of the second party under attack. The ping
response is directed to the second party from the third-party system.
can ping a third-party system while sourcing the IP address of the second party under attack. The ping
response is directed to the second party from the third-party system.
CISF for Wireless Deployment Scenarios
This section describes the various unified wireless deployment scenarios used. The following section
describes how the WLC or CISF features defend against wireless attacks.
describes how the WLC or CISF features defend against wireless attacks.
CISF is currently available only on the access switch, not directly on the access point (AP); thus, the
benefits of these features are available only if the traffic from the wireless attacker goes through the
switch.
benefits of these features are available only if the traffic from the wireless attacker goes through the
switch.
The definition of an access switch is slightly different in the Unified Wireless solution, because three
locations can be considered an access switch:
locations can be considered an access switch:
•
The point that a controller interface terminates on the network
•
The point that a standard LAP terminates on the network
•
The point that an hybrid remote edge access point (H-REAP) terminates on the network
These locations are illustrated in
.