A security assessment of Cisco Enterprise WLAN components

March 11, 2010 (at 4 p.m.) in Attack & Research

The world of “Enterprise WLAN solutions” is full of obscure and “non-standard” elements and technologies. One prominent example is Cisco’s Structured Wireless-Aware Network (SWAN) architecture, which features a flawed-by-design™ protocol called “Wireless Context Control Protocol” (WLCCP). Further obscurities and design-flaws can be found when digging into newer concepts like the so-called “Cisco Unified Wireless Network”. This talk will give an overview of the concepts themselves, discuss secure protocol design and associated vulnerabilities when disobeying these.

Oliver Roeschke

Oliver Roeschke is a seasoned pentester and hacker with vast experience in corporate environments. Over the years he developed his own approach to attack technologies. For the last two years his research focuses on enterprise WLAN environments. Protocol design flaws and crucial implementation failures are most interesting for him to bring down security of large-scale WLAN deployments. In his free time he’s coding hacking tools that implement practical attacks on the vulnerabilities he found. Oliver is a frequent speaker at international security conferences and will happily share his knowledge with the audience.