• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Considerations for a secure enterprise wlan   data connectors 2013
 

Considerations for a secure enterprise wlan data connectors 2013

on

  • 373 views

Considerations for a Secure Enterprise WLAN - DataConnectors 2013 by Kaustubh Phanse

Considerations for a Secure Enterprise WLAN - DataConnectors 2013 by Kaustubh Phanse

Statistics

Views

Total Views
373
Views on SlideShare
371
Embed Views
2

Actions

Likes
0
Downloads
17
Comments
0

1 Embed 2

https://twitter.com 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Considerations for a secure enterprise wlan   data connectors 2013 Considerations for a secure enterprise wlan data connectors 2013 Presentation Transcript

    • © 2013 AirTight Networks, Inc. All rights reserved.Considerations for a Secure Enterprise WLANKaustubh Phanse, Ph.D.Chief Wireless Architect & EvangelistAirTight Networks
    • © 2013 AirTight Networks, Inc. All rights reserved.(Re)Considering Wireless Security2We don’t have “that” problem because…A “No Wi-Fi” policy without enforcementWhat does not work?
    • © 2013 AirTight Networks, Inc. All rights reserved.Managing the “Unmanaged”3WPA2/802.1x cannot prevent unauthorized devicesfrom accessing the enterprise network
    • © 2013 AirTight Networks, Inc. All rights reserved.Managing the “Unmanaged”4
    • © 2013 AirTight Networks, Inc. All rights reserved.BYOD Survey Results511%20%69%16%34%50%Do you see an increasing trendof employees bringing Rogue Wi-Fi APs?Are you concerned about employees usingmobile hotspots to bypass corporate policies?
    • © 2013 AirTight Networks, Inc. All rights reserved.Wireless Intrusion Prevention System (WIPS)6AutomaticDevice ClassificationComprehensiveThreat CoverageReliableThreat PreventionAccurateLocation TrackingBYODPolicy Enforcement
    • © 2013 AirTight Networks, Inc. All rights reserved.Automatic Device Classification7Rogue  External  Authorized  Rogue  AP?    (High  RSSI)  Rogue  AP?  (SSIDs)  Undetected  Rogue  APs  Rogue  AP?  (Vendor)  Rogue  AP    (on  wire)  
    • © 2013 AirTight Networks, Inc. All rights reserved.Signature-based Approach = False Alarms!8
    • © 2013 AirTight Networks, Inc. All rights reserved.Blueprint for Reliable Threat Prevention9§  Surgical threat prevention without interfering with legitimatecommunication (yours or your neighbor’s)§  Simultaneous prevention of multiple threats across multiplechannelsExternal  APs  Rogue  APs    (On  Network)  Authorized    APs  AP  Classifica?on  STOP  Client  Classifica?on  Policy  Mis-­‐config  GO  STOP  IGNORE  DoS  External  Clients  Authorized  Clients  Rogue    Clients  
    • © 2013 AirTight Networks, Inc. All rights reserved.What Good is a Feature that Cannot be Turned On?10Many WLAN vendors offering “so-called WIPS” recommendtheir customers to NOT turn on automatic threat prevention!
    • © 2013 AirTight Networks, Inc. All rights reserved.Comprehensive Threat Coverage11True WIPS ApproachProtects against thefundamental wireless threatbuilding blocksPrevalentWIDS ApproachCat and mousechase of exploits,tools and signatures
    • © 2013 AirTight Networks, Inc. All rights reserved.Signature-based Approach = False Alarms!12
    • © 2013 AirTight Networks, Inc. All rights reserved.Accurate Location Tracking13No need for RF site surveyNo search squads to locate Wi-Fi devicesDefinitive location tracking within 10-15 ft.
    • © 2013 AirTight Networks, Inc. All rights reserved.BYOD Policy Enforcement14§  MDM and NAC unable to provide thefirst line of defense§  WIPS complements these solutions tofully automate secure BYOD
    • © 2013 AirTight Networks, Inc. All rights reserved.WIPS Architectures15§  Integrated•  APs repurposed as sensors•  Background scanning and minimal protection•  Cannot co-exist with time-sensitive apps, e.g., VoIP§  Overlay•  Dedicated sensors on top of existing WLAN•  24/7 monitoring and protection§  Combo•  APs repurposed as sensors•  24/7 monitoring and protection•  Able to support all types of apps, including VoIPWi-­‐Fi  AP  with  background  scanning  2.4  GHZ  5  GHz  2.4  GHZ  5  GHz  2.4  GHZ  5  GHz  Wi-­‐Fi  AP   WIPS  Sensor  Wi-­‐Fi  AP  with    Concurrent  WIPS  sensor  2.4  /  5  GHZ  2.4  +  5  GHZ  
    • © 2013 AirTight Networks, Inc. All rights reserved.AT-C60: Industry’s Most Flexible Wi-Fi Platform16§  Software-defined, band-unlocked radios– an industry first§  Concurrent Wi-Fi access and 24/7 WIPS– an industry first
    • © 2013 AirTight Networks, Inc. All rights reserved.AirTight Wi-Fi – Key Features17Built-in WIPS, Content Filtering,Firewall and BYOD OnboardingSupport for Multiple SSIDs & VLANs,QoS and Traffic ShapingHigh speed 802.11n accessincl. 3x3:3 on 802.3af PoEGuest Wi-Fi access with CaptivePortal and Walled GardenCentralized Management fromsingle HTML5 consoleSocial Wi-Fi and Analyticsfor Business Intelligence!
    • © 2013 AirTight Networks, Inc. All rights reserved.AirTight WIPS – Key Features18AutomaticDevice ClassificationComprehensiveThreat CoverageReliableThreat PreventionAccurateLocation TrackingBYODPolicy Enforcement
    • © 2013 AirTight Networks, Inc. All rights reserved.Secure Enterprise WLAN Checklist19ü  Accurately detect all types of Rogue APs without you having todefine any signatures?ü  Not flood you with false alerts?ü  Let you reliably turn on the P in WIPS?ü  Automate BYOD policy enforcement and onboarding?ü  Accurately track physical location of detected Wi-Fi devices?ü  Do all of the above without compromising on Wi-Fi access featuresand ripping off your IT budget?Can your enterprise WLAN solution:
    • © 2013 AirTight Networks, Inc. All rights reserved.Thank You!20Cloud Managed Secure Wi-Fi Solutionswww.airtightnetworks.cominfo@airtightnetworks.com@AirTight+1 877 424 7844US DoD Approved