Bypassing NAC v2.0 - OSSIR

More documents

Recommendations

Info

Broadcast ListenersWeaknesses• Software must be deployed on each and every subnet– A lot of moving parts• Prior knowledge regarding the enterprise network must beobtained prior to deployment– What are the enterprise subnets?– Where are the locations to be deployed?– The approach of “the client tells us where to install the software”simply does not work• Must integrate with switches in order to perform quarantine– No knowledge who these switches are– In most cases this might be a manual process– Switches may reside on their own VLAN/Subnet– Switches serving a certain subnet may reside on different subnets– In many cases switches can be accessed only from a managementnetwork (a sever deployment issue)
Broadcast ListenersWeaknesses• No knowledge on actual network topology lead existence ofother, uncovered venues to access the network– Other subnets which may not be monitored– Forgotten switches• Not able to detect masquerading elements hiding behind anallowed elements (i.e. NAT)– Virtualization as a major issue (i.e. Freebee virtualization softwaresuch as Virtual PC, Vmware, etc.)• Exceptions needs to be manually inputted– There is no knowledge about the exception element (i.e. OS, exactlocation, and other properties)– It is possible to spoof the MAC address and/or the IP address of anexception is order to receive its access to the enterprise network• Cannot be extended to include remote users
Page 4 and 5:
Introduction
Page 6 and 7: IntroductionThe Problem• An enter
Page 8 and 9: Introduction“My” NAC is not “
Page 10 and 11: Capabilities
Page 12 and 13: CapabilitiesNAC Functions• The fo
Page 14 and 15: CapabilitiesNAC Functions- Remediat
Page 16 and 17: Attack Vectors
Page 18 and 19: Bypassing NACBackground
Page 20 and 21: Element DetectionQuestions to Ask
Page 22 and 23: BasicsQuarantine• There are a var
Page 24 and 25: QuarantineQuestions to Ask• How d
Page 26 and 27: Enforcement• How is enforcement p
Page 28 and 29: End-point Compliance Assessment•
Page 30 and 31: End Point Compliance AssessmentAgen
Page 32 and 33: Bypassing NACExamples
Page 34 and 35: Bypassing NACExamples• The exampl
Page 36 and 37: DHCP ProxyArchitecture
Page 38 and 39: DHCP ProxyInformation Exchange
Page 40 and 41: DHCP ProxyWeaknesses• Detected el
Page 42 and 43: DHCP ProxyWeaknesses• Not able to
Page 44 and 45: Authenticated DHCPorDHCP In-a-Box
Page 46 and 47: DHCP In-A-BoxArchitecture
Page 48 and 49: DHCP In-A-BoxStrengths• Theoretic
Page 50 and 51: DHCP In-A-BoxRogue DHCP Server
Page 52 and 53: Broadcast Listeners
Page 54 and 55: Broadcast ListenersArchitecture: Ma
Page 58 and 59: Broadcast ListenersWeaknesses• Un
Page 60 and 61: Switch IntegrationSNMP Traps
Page 62 and 63: SNMP TrapsWeaknesses• Must rely o
Page 64 and 65: 802.1x
Page 66 and 67: 802.1x• Exceptions- Hosts that do
Page 68 and 69: Architecture• Components- Cisco T
Page 70 and 71: Cisco NAC FrameworkInformation Exch
Page 72 and 73: Cisco NAC FrameworkWeaknesses• Wo
Page 74 and 75: Cisco NAC Framework• Static Excep
Page 76 and 77: Cisco NAC FrameworkWeaknesses• No
Page 78 and 79: In-Line Devices
Page 80 and 81: In-Line DevicesWeaknesses• No kno
Page 82 and 83: In-Line DevicesWeaknesses• Not ab
Page 84 and 85: Out-of-Band DevicesArchitecture
Page 86 and 87: Out-of-Band DevicesWeaknesses• In
Page 88 and 89: The End-Result• A (very) confused
Page 90 and 91: Resources• Microsoft NAPhttp://ww
show all

Bypassing NAC v2.0 - OSSIR

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?