Oliver Roeschke
Type of lecture: lecture
Language: EN
Held on 2010-07-10 14:00:00 (length: 50 min)
Location: WerkzeugH
Enterprise WLAN solutions depict complex setups that should support security and managability by combining several technologies and protocols. This complexity needs distinguished design patterns to ensure all security goals. Usage of insecure mechanisms can result in total breakdown regarding security. One prominent example is Cisco's Structured Wireless-Aware Network (SWAN) architecture, composed of autonomous access points combined with some components for centralized management. This architecture is still deployed in a number of early corporate wireless networks. The proprietary 'Wireless LAN Context Control Protocol' (WLCCP) plays a major role in here.
Unfortunately, the protocol design is debatable in several aspects, leading to practical attacks that impose high risk to wireless networks. A second example is Cisco's current solution, called 'Unified Wireless Networks'. It consists of several entities with interesting communication patterns. Additionally it is built on a broken trust model.
In this talk we will describe the inner workings of these pieces, dissect the vulnerable parts and have some discussion on good or bad protocol design. As usual, some demos will demonstrate the issues.
Oliver Roeschke is a seasoned pentester and hacker with vast experience in corporate environments. Over the years, he developed his own approach to attack technologies. For the last two years his research focused on enterprise WLAN environments. Protocol design flaws and crucial implementation failures are most interesting to him in order to bring down security of large-scale WLAN deployments.