S5068 Presentation Live

Strategies for Delivering Secure Wireless Guest Access

Cisco Mobility TV Mobility TV Host Chris Kozup Marketing Manager, Mobility Solutions, Cisco Scott Pope Manager, Guest Access Product Management, Cisco Tony Diep IT Theater Service Manager for US & Canada, Cisco

Thank You for Joining Us Today
The next wireless and mobility videocast event will take place on May 8, 2007 at 10:00 AM Pacific
The featured subject will be Outdoor Wireless
To register visit: http://www.cisco.com/go/semreg/mobilitytvepisodes/142299_3

Wireless in the News

Cisco Mobility Express Solution
Affordable business-class mobility solution announced for small and medium businesses
Application-Based Access Points, Controllers, plus Application Servers Cisco Mobility Express Solution Controller-Based Access Points Plus Controllers Offer a Mobile Foundation for All Standalone Access Points Grow with Your Business Adapt to Your Level of Sophistication

Cisco Empowers the Wireless Branch Office
Cisco introduces new WLAN Controller Module for the ISR and new 3G WAN interface to create the Empowered Wireless Branch
Empowered Wireless Branch Integrated 3G Wireless WAN ISR Wireless LAN

Cisco Wins TechTarget’s 2007 Gold Award
Cisco awarded TechTarget Gold Award for Product Leadership in the Wireless Category
Gold Award: Cisco WiSM/WLSM

Cisco Teams with the NBA
The NBA partners with Cisco to transform the experience of sports through the use of technology

Upcoming Cisco Wireless Events
Interop
Las Vegas, Nevada
May 20–26, 2007
Cisco Secure Wireless Road Show
Sixteen cities in North America
Ask your account rep for details

Agenda Why Secure Guest Access? 1 Cisco on Cisco: Guest Access Case Study 2 Cisco’s Secure Wireless Guest Access Solution 3

Business Trends and Challenges
Trends
Widespread wireless deployment
Over 65% of businesses use WLAN
Mobility services new business imperative
67% of businesses reported up to 50 visitors per month requiring network access*
Increased pressure to reduce network operational cost and complexity
Research case revealed ROI of up to 328%*
Challenges
Optimize partner, vendor and customer interactions with wireless access to network resources
Deliver guest access without exposing internal resources to security threats
Security ranks as #1 wireless network concern
Source: WLAN Adoption Study, Forrester Research, 2006

Wireless Guest Access Is Changing Business
Retail
Providing customers real-time product or service information for an enhanced, better informed consumer experience Healthcare Allowing suppliers to place refill orders on the premises to minimize inventory shortages Financial Enabling consultants to complete audits more accurately efficiently Carpeted Office Providing secure access to business partners and consultants to ensure faster decision making and increased business agility

Cisco on Cisco Guest Access
Build a policy and architecture in which:
Non-Cisco employees can access the Internet
Where and when Cisco deems appropriate
With Cisco's permission
From Cisco’s infrastructure
Secure, authenticated, recorded
Objectives and Constraints

Cisco on Cisco Guest Access Architecture WWW Guest Data Guest traffic tunneled in GRE BBSM “ hotspot.cisco.com” Employee generates access code via portal Corporate Current – Layer 3 Architecture WWW Guest Data Guest traffic tunneled in GRE NAC Appliance “ hotspot.cisco.com” Corporate Planned – Strategic

Cisco on Cisco Wireless SSID Architecture Wireless voice SSID EAP-FAST authentication WPA encryption QoS Broadcast = NO Guest networking SSID Open authentication No encryption Broadcast = YES Two production data SSIDs EAP-FAST authentication CKIP encryption on one WPA encryption on the other Broadcast = NO Cisco wireless voice users Cisco wireless data users NON-Cisco, guest WLAN users Common SSID configuration for all access points

Cisco on Cisco Guest Usage Trends - Global
Average of 19,000 users per month (and rising)
Over 228,000 guests past 12 months
Over 330 buildings with wired & wireless guest services
Guest Users

Cisco on Cisco Support Cost Analysis – FY 2007 $14,450 Support Case Cost ($25 per case) $162,450 or $0.71 per guest Total Support Cost $148,000 Tier 2/3 Support (Est. 1 FTE) 578 # IT Support Cases (Annual) 228,048 Number of Guest Codes (Annual) FY 2007 Support Cost of Hotspot.cisco.com $162,450 Cost of “Hotspot.cisco.com” (see above) $5,538,750 Cost Avoidance $5,701,200 Total cost of support ($25 x 228,048) 228,048 # of helpdesk calls required (without guest service) FY 2007 Support Cost Pre-Hotspot.cisco.com

Cisco on Cisco Hotspot Benefits
Access codes can be generated within 15 seconds
Batch codes can be generated for large groups
IT administrative overhead avoided
Improved Turnaround
Branded network experience – Cisco viewed as technology leader
“ No hassle” network access
Guest Experience
Visitor sponsors responsible for generating code – no IT support needed
Staff Empowerment
Users must digitally sign acceptable use policy with legal disclaimer
Legal Protection
Controlled network access
Uncontrolled, non-corporate clients segmented from enterprise network
Improved Security
Over $5M in potential support/administrative overhead avoided
Cost Avoidance

Mobility Services … Beyond Connectivity Security Guest Voice Location
Guest networks for customers, partners and auditors
Vendor replenishment networks
Public access networks
Automatic, 24 x 7 security and compliance monitoring for breaches via wireless medium
Network access control based on user location
Asset management
Location-based content distribution
Streamlined workflow using historical location data
Real-time mobile voice communications
Improved collaboration via mobile unified communications
Faster customer service response
Pervasive Wireless Network

Types of Network Users Corporate Employees
Need internal network access
Can be role based to allow granular access if needs require
Need restricted internal access
Printers
File Shares
Specific Applications
Device Support
Contractors/ Consultants Guest Users
Internet Access Only
No need to access internal systems
Segment Access Completely
Full Access Internet Only Cisco Guest Services Give You Control

Cisco Solutions for Secure Guest Access
Lobby admin portal for user provisioning
End-user registration page
Network partitioning using tunneling
User authentication and authorization in local database or AAA server
Usage logging and reporting
Core features, plus…
Network privileges based on roles
End-user security posture assessment
Full policy-based end-user portal customization using partners
Unification of wireless and wired guest access
Versatile Solutions for Diverse Deployment Environments Wireless Guest Access in Cisco Unified Wireless Enhanced Wired and Wireless Guest Access Core and Enhanced Options

Wireless Guest Access
Back-end segmentation (mobility anchor)
Separate the guest traffic from the corporate internal traffic via EoIP tunnels
Lobby ambassador/ host portal
Guest user creation and token generation
Served from WLAN Controller or WCS
Customizable guest screen
Served from WLAN Controller or external server
Back-end authentication
Local WLAN Controller user database or external AAA
Wired/Wireless VLANs Campus Core LWAPP LWAPP WCS Ether IP “ Guest Tunnel” Emp Emp Internet Ether IP “ Guest Tunnel” DMZ WLAN Controller Guest Emp Guest Emp

Lobby Ambassador Feature
Simple and Fast
Lobby Ambassador feature enables any staff member to enable guests
Integrated Solution
Runs on any controller and WCS
Secure
Generate individual guest name, unique password and duration of access

Enhanced Wired and Wireless Guest Access
Cisco NAC Appliance Provides:
Very granular role-based access
Endpoint posture assessment and remediation
OS and posture restrictions
QoS policy for guest users
Integration with broader AAA servers
Uniform guest access for wired/wireless
Cisco “GuestNet” Customized Portal:
Cisco developed portal services for “one-stop” shop
Basic portal customization, per-user customization
Partner User Portals Provide:
Extensive portal customization
Customizable logging, reporting, billing
Temporary user accounts for email, printing, etc.
Campus Core LWAPP LWAPP WCS Ether IP “ Guest Tunnel” Emp Emp Internet Ether IP “ Guest Tunnel” DMZ WLAN Controller NAC Appliance Wired/Wireless VLANs Guest Emp Guest Emp

Role-Based Access Control
Validates authorization policies and privileges
Layer 3/Layer 4 role-based access control (RBAC) to permit access to specific port, protocol, or subnet
Supports multiple user roles
Customized portals per guest user group – redirection to a pre-defined page for acceptable user policy notice
Bandwidth throttling for each user role by assigning shared or dedicated bandwidth usage
Secures internal wired Ethernet ports
Scans for Security Requirements
Guest session access scheduling
Pre-configured Windows critical hot fixes and anti-virus application checks
Performs repair and update
Self remediation for quarantined users

Implementation Considerations
Ensure guest access to only Internet and authorized network resources
Eliminate IT administrator involvement with user authorizations
Leverage integration of wired and wireless network (policies and administration)
Ensure internal users and applications have priority over guests
Monitor network use and prohibit services on location or per-user basis
Whatever the Business Reason for Guest Access, Implementation and Security Goals Should:

With Wireless… Now You Can

Now You Can…
Enhance your customer’s retail experience
Increase the time and money customers spend on site
Improve vendor productivity and accuracy
Allow suppliers to update inventory or restocking data real-time
Provide a virtual support network for hospitalized patients
Enable connectivity to the outside world with online access to family, friends, research, entertainment
Track when and where users access the network
Ensure the security of your facility and critical business data

S5068 Presentation Live

by Insight24 on Oct 30, 2007

Accessibility

Categories

Upload Details

Usage Rights

2 Embeds 3

Statistics

S5068 Presentation Live Presentation Transcript

http://www.slideshare.net	2
http://start.freifunk.net	1