AirTight Networks - Wireless Security 2011

3,196 views

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,196
On SlideShare
0
From Embeds
0
Number of Embeds
75
Actions
Shares
0
Downloads
151
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • You are not quite ready Unaware, WiFi security risks can throw you off guard before you realize And…all investments in IT Security Infrastructure comes to naught as WiFi opens a backdoor entry into your enterprise infrastructure. Some examples:
  • Government and industry Standards have existed mandating WIDS / WIPS for wired and wireless corporate environments such as DISA and PCI DSS Wireless guidelines. There are other Government guidelines such as Ministry of Home Affairs, Govt. of India and others that mandate use of WIPS to block malicious use of WiFi. It is noted that WIPS is needed whether or not WiFi is deployed. Because, a rogue AP can show up anywhere. Similarly, a user with corporate laptop most of which have WiFi today can connect to external WiFi, create ad-hoc and compromise self and enterprise network security.
  • 06/29/11
  • That is precisely why Gartner has ranked WLAN attacks as most severe and one that needs most immediate attention!
  • No WiFi so no security: This is first barrier to getting WiFi security accepted. Its like saying, I don’t have chest pain and hence I am not vulnerable. The slide “Layered Approach to WiFi Security” illustrate scenarios when WiFi threats exist in spite of these conditions. Secure WiFi: Competition, all WiFi vendors down play need for overlay security and convince an uninitiated customer that proper encryption and authentication is best practice which it is and they have built in WIPS for rogue APs. Significant threats are left out. Smart phones have added concern on security. Mobile Device Management is being considered by many enterprise. Our sensors help block an unapproved device, block tethering and provide 1 st level of security hygiene for these devices as they use WiFi for connectivity.
  • Key Take Questions
  • Rogue APs on your network can open your network to outsider. Many network administrators think that shutting down the ports, locking ports and using 802.1x can eliminate this threat. Consider a corporate user who has turned his Windows 7 laptop into an AP or some one has inserted a USB like AP into his / her computer and bridged wired / wireless interface. Rogue APs does not mean getting an AP into the Ethernet jack. Its lot more sophisticated than that. Enterprise users can connect to external APs that can hijack the laptop and with it enterprise data. Many IT admin think that NAC solution. NAC can not prevent a corporate user who is in premises but has disconnected wired side and wireless from wandering to neighbouring devices. And remember neighbouring device is not just your harmless, benign neighbour. It can be a hacker parked just outside the building snooping on you. WiFishing is easy. Employees having WiFi at home will bring laptop to the office. The laptop will look for home connection while in office. A smart hacker will provide the handshake and get hold of the laptop. Ad-hoc peer to peer connections can be tapped easily. These are mostly unencrypted. IT Admin have a limited knowledge of WiFi and think ad-hoc is only between two laptops. Think of the following: Someone downloading files from laptops to iPhone; connecting to a WiFi enabled printer or projector in ad-hoc modes. In a real life wireless vulnerability assessment carried out by AirTight for a global multinational, it found 52 unauthorized wireless users connected to enterprise wireless, 18 Employees connected to vulnerable WiFi, 23 Ad-hoc connections, 7 Victims of Honeypot attacks, 5 Open connection and 2 Rogue APs. Rogue APs and iPhones, iPADs are routinely found connected to wireless printers, laptops using peer to peer unsecure ad-hoc connections. AirTight SpectraGuard technology determines unmanaged devices on enterprise networks and external devices and blocks all unauthorized connections (RED) while allowing authorized users to connect to enterprise APs and not disturbing all external connections that are visible in the enterprise space.
  • Key points to note: 1. Rogue Access point: If an access point is connected to the wired corporate network but is NOT in compliance with the authorized corporate WLAN set up defined for those specific VLAN(s) or subnets is a rogue access point on those specific VLAN(s) or subnets 2. Authorized Access Point: If an access point is connected to the wired corporate network and IS IN compliance with the authorized corporate WLAN set up defined for those specific VLAN(s) or subnets is a potentially authorised access point on those specific VLAN(s) or subnets. A GUEST access point is a specific case of authorised AP. Typically these APs provide internet connectivity and are separated from corporate VLANs. 3. Misconfigured Access Point: If an access point is connected to the wired corporate network, recognised as an authorised access point for specific VLAN(s) or subnets but is now NOT in compliance with the authorized corporate WLAN set up defined for those specific VLAN(s) or subnets is a misconfigured access point on those specific VLAN(s) or subnets.
  • 06/29/11
  • 06/29/11
  • SpectraGuard system of wireless security sensors is an overlay over WiFi access points and is WiFi vendor neutral as is depicted. SAFE protects wireless users when mobile and hence outside the surveillance of SpectraGuard sensors
  • Four reasons organizations acquire AirTight SpectraGuard technology. No WiFi is often the policy at Government organizations, Defence and security sensitive enterprises. Organizations having No WiFi policy have people with WiFi enabled laptops and smart devices such as phones. Unmanaged APs can be plugged in any time by any one. The system will basically not allow any WiFi connection from corporate users and quarantine any AP on the network. Secure WiFi is adopted by companies who have WiFi have put proper encryption on their WiFi but want comprehensive protection against WiFi. Threats such as those from rogue APs, users connecting to external un-trusted APs, ad-hoc connections can not be prevented without a WIPS. Many organizations have multiple policies in operations. For example No WiFi in select locations, data centers etc but WiFi else where. SpectraGuard will help enforce multiple polices at the same time. Among the compliances, PCI DSS v1.2 Wireless Guideline is the most potent for wireless IPS. It mandates quarterly scanning and / or deployment of WIPS. In fact for large user base, it strongly recomends WIPS. Many Defence and sensitive organizations would like to capture and analyse wireless activities in and around their air space. Police, Military and sensitive Government offices often this requirement.
  • All geographies All verticals Major companies Global deployment for many – Example: TI, TCS, Conexant, WL Gore
  • Major chains – retail and hospitality.
  • AirTight is the only vendor to be given highest rating in all Gartner Marketscope documents. Secondly, Gartner now endorses the notion of a WiFi vendor agnostic wireless security overlay system. AirTight is the only vendor in the market that has overlay WiFi security. Gartner also compliments AirTight for zero false alarms, ease of use and ease of deployment. This is enabled by active packet injection technology developed and patented by AirTight.
  • WIPS is today a $xxx market – Gartner’s forecast
  • Today smart phones, note book computers, wireless printers, overhead projectors and cameras are being enabled with WiFi. These are devices are flooding corporate environment. ‘Bring Your Own Device’ is getting popular whereby organizations encourage employees to use their personal tablet and Smart phone at work Following WiFi connections are often observed these days in corporate environment: Smart phone to Laptop for data transfer Smart phone or laptop to wireless printers or projectors These are per to peer ad-hoc connections and are mostly unencrypted.
  • We offer smart device monitoring and threat remediation in addition to all other WiFi threats
  • WiFi enabled smart devices are growing at phenomenal rate in corporate environments. Except company issued BlackBerry devices, these are typically personal smart phones or tablets and not known, supported or managed by the IT administration. Unless client side certificates are used, any device with, WiFi can be used to access corporate data through corporate WiFi as long as user name and password are correct. So an employee who has access to corporate WiFi using WPA2 and 802.1x based authentication, can use the same credentials to connect to corporate network from her iPhone, Android phone, iPAD what have you. Now corporate data - presentations, spreadsheets, text documents, contact details can be copied, downloaded to personal devices, not with malicious intent but for convenience and ease of use. Three security issues: Loss of such a device means corporate data is gone with it. A personal device may have malware as it is not administered by the corporate IT. Tethering by smart phones that have two wireless interfaces and can be used to transport enterprise data out of enterprise without going thru the firewall. Bridging network interfaces wired to wireless is another way the same can happen. Biggest worry is that Corporate IT Administration is often unaware of these threat scenarios and hence don’t plan proper defence mechanisms.
  • Employees have credentials to connect to the Enterprise network – User Name / Password. However, Enterprise security can not differentiate if an employee is connecting from her corporate laptop or personal iPhone. So iPhone is connected to Enterprise network and corporate information gets transferred to this unknown, unmanaged device, owned by a trusted employee. The enterprise security risks due to smart devices are three types. - risk of lost or stolen devices (apparent to all), risk of various types of malware on these devices; and finally from tethering and honey-pots. 1. Lost devices: Small form factor, portability of smart phones. If people carry smart phones to enterprise networks, download enterprise data and loose these devices, Enterprise data has leaked. 2. Risk of Malware or compromised devices: An iPhone can be jailbroken. There are tools and websites which allow you to do it pretty easily. Similarly, Android is open source and hence people find a back door into the device – like ‘rooting’ in Android. You get access to the root and then can do anything. 3. Tetherings and Honeypots: Smart phones have two simultaneous wireless interfaces open (WiFi and cellular). WiFi is connected to trusted WiFi and cellular is connected to un-trusted cellular. Bridging between these means trusted corporate network is bridged to un-trusted external network bypassing your firewall. In case of honeypots, we know an Android phone can be converted to AndroidAP in 2 clicks. It will be on network thru a trusted interface. And for a jailbroken iPhone there is a utility called My Y -- M-Y-Y -- to achieve the same kind of thing. So basically what happens here is that the phone acts like an AP on the WiFi side, and then uses this 3G link to forward traffic to the cloud. Personal honeypots create the possibility that your legitimate devices can connect to them and go to the cloud, bypassing enterprise firewall.
  • Smartphones can camouflage an access point. For example, one can convert an Android phone into an access point. Imagine a phone is connected using its USB cable to a desktop computer. People may think you are syncing the phone to Outlook address book, charging it etc. In reality, this phone may be functioning as an AP and connected to the enterprise network using the wired connection of the computer to which its connected. An outsider connects to enterprise network thru this Android phone which is now a Rogue AP. You can do the same with Connectify WiFi utility on a Win 7 laptop, a Windy 31 USB stick connected to any Windows machine. The issue is same when someone uses an iPAD or other PDAs like Samsung and others that are in the market. Its just diff utility that converts this into an AP. Another major issue with smart phones is that a corporate user can enter valid user name and password to access corporate WiFi but from an unapproved WiFi phone and download corporate data. This device can get lost, can have malware and, can provide a back door entry / exit to / from this device. Current Enterprise security infrastructure and best practices can not stop this.
  • Bridging / Tethering: A smart phone is connected to corporate network via corporate AP. Now the smart phone is also connected to cellular wireless and these are bridged. The data through this bridge exits to the external world via 3G connection BYPASSING corporate firewalls. Personal Hotspot: External un-trusted user accesses corporate network thru the smart phone. Personal Hotspot: You can create a WiFi hotspot on an Android phone. This is a built-in feature called a Mobile AP to achieve this. And for a jailbroken iPhone there is a utility called My Y -- M-Y-Y -- to achieve the same. No the phone acts as an AP on the WiFi side, and then uses 3G link to forward traffic to the cloud. Now there is a possibility that your legitimate corporate laptops can connect to the personal hotspot and go to the cloud, bypassing corporate firewall. .
  • Game plan for smart devices: Be a dictator and BAN these devices Selectively allow a few or white list or put more bluntly, play favouritism. Use some form of MDM None of these approaches solve the problem. All 3 approaches are kind of white-listing. Ban means white list is NULL. MDM is also a white list. Devices with MDM are part of the white list
  • If a new device pops up and tries to connect. How do we monitor. It is still possible for an employee to bring an unapproved device and connect.
  • Put in User Name and Password to the desired network. 802.1x with PEAP. It presents User Name / Password. Employee has to only enter the User Name and PW, the device is connected, no barrier. WiFi presents zero barrier for an unapproved employee owned smart device to connect. Using client side certificate can stop specific devices from connecting. However, it requires more work and many enterprise do not use client side cerificate. A wireless intrusion prevention system with sensors is a much easier solution that will not only solve this problem but all other wireless security threats.
  • A user can connect all there to connect to corporate NW. What u want: Laptop yes, BB yes, but iPhone: NO. Current access control mechanisms can not classify the type of end user device – whether it’s a laptop, BB or an iPhone .
  • People often mention MAC address based filtering – either a ban list or a white list. However, access control in WiFi has moved away from Access Control List or MAC list (ACL) to higher level and for good reasons. ACL management is tedious. You need higher level policy definition as above examples show. Such as policy should be easier to manage, must be flexible, intuitive and incremental. An example of an incremental Policy. Current Policy” BB is allowed but no iPhone and no Android Phone. Incremental policy: BB is allowed; No iPhone except on Executive Floor and Board Room and for today. . .
  • Definition of smart device policy needs to be at high level than ACL based filtering. Smart phone policy examples: Don’t want to allow any smart device Permit BB but don’t allow iPhones MDM: Don’t allow any unmanaged devices White Areas: Allow smart devices in Executive areas but not anywhere else Means are needed to enforce these and detect violation Example: Employee is outside the white-list, detect the violation. Ability to drill down and analyze, then respond. Selective allow to various network pieces
  • Take way: Policy – Allow based on a criteria and not a list. Flexible, easy to implement and incremental Visibility into intrusions – what type of devoice, who is the user, which AP, what location etc. Block if needed,
  • Smartphones can camouflage an access point. For example, one can convert an Android phone into an access point. Imagine a phone is connected using its USB cable to a desktop computer. People may think you are syncing the phone to Outlook address book, charging it etc. In reality, this phone may be functioning as an AP and connected to the enterprise network using the wired connection of the computer to which its connected. An outsider connects to enterprise network thru this Android phone which is now a Rogue AP. You can do the same with Connectify WiFi utility on a Win 7 laptop, a Windy 31 USB stick connected to any Windows machine. The issue is same when someone uses an iPAD or other PDAs like Samsung and others that are in the market. Its just diff utility that converts this into an AP. Another major issue with smart phones is that a corporate user can enter valid user name and password to access corporate WiFi but from an unapproved WiFi phone and download corporate data. This device can get lost, can have malware and, can provide a back door entry / exit to / from this device. Current Enterprise security infrastructure and best practices can not stop this.
  • 06/29/11
  • AirTight Networks - Wireless Security 2011

    1. 1. AirTight Networks The Global Leader in Wireless Security
    2. 2. Agenda <ul><li>Some real life scenarios </li></ul><ul><li>Wireless security, common perceptions and the solution </li></ul><ul><li>AirTight Customers and Why Wireless Security </li></ul><ul><li>AirTight Advantage – Marker Packets </li></ul><ul><li>Security of smart devices – phones and tablets </li></ul>
    3. 3. Wireless Vulnerabilities Observed <ul><li>Organization 1: </li></ul><ul><ul><li>52 Unauthorized wireless users </li></ul></ul><ul><ul><li>18 Employees connected to vulnerable WiFi </li></ul></ul><ul><ul><li>23 Ad-hoc connections </li></ul></ul><ul><ul><li>7 Victims of Honeypot attacks </li></ul></ul><ul><ul><li>5 Open connection </li></ul></ul><ul><ul><li>2 Rogue APs </li></ul></ul><ul><li>Organization 2 </li></ul><ul><ul><li>331 ad-hoc connections </li></ul></ul><ul><ul><li>26 Employees connected to Open APs </li></ul></ul><ul><ul><li>94 Open APs </li></ul></ul><ul><ul><li>375 WEP APs </li></ul></ul><ul><ul><li>28 Vulnerable SSIDs </li></ul></ul><ul><li>Organization 3 </li></ul><ul><ul><li>Sr. Exec laptop connected to wireless printer </li></ul></ul>L5 L4 L5 L4 Open Connections Unauthorized clients Mis-associating clients Ad-hoc Connections WEP Connections Honey attacks Open Connections Rogue APs WEP Connections Vulnerable SSIDs
    4. 4. Wired Security Broken With Wireless Vulnerability Weakest link be attacked
    5. 5. WIPS: A High Security & Compliance Requirement <ul><li>DISA mandates WIPS (June 2006) </li></ul>PCI DSS requirement 11.1 mandates quarterly wireless scans of all locations that process, transmit or store cardholder data – whether or not wireless is deployed . <ul><li>PCI DSS Wireless Guideline 2.2 </li></ul>WIDS are required for all DoD wired and wireless local area networks (LAN). WIDS monitoring will ensure full awareness of any wireless activity within DoD network environments. WIDS must continuously scan for and detect authorized and unauthorized activities. Continuous scanning is 24 hours / day, 7 days/week.
    6. 6. TJX - The Tip of the Iceberg <ul><li>BJ’s Wholesale </li></ul><ul><li>OfficeMax </li></ul><ul><li>Boston Market </li></ul><ul><li>DSW </li></ul><ul><li>Barnes and Noble </li></ul><ul><li>Sports Authority </li></ul><ul><li>Marshalls </li></ul><ul><li>Forever 21 </li></ul><ul><li>Hannaford’s </li></ul><ul><li>Heartland </li></ul><ul><li>7-Eleven </li></ul>
    7. 7. Risk from WLAN Attacks Most Severe and Urgent Gartner: “Staying Ahead of Next-Generation Threats and Vulnerabilities,” by John Pescatore, June 28-July 1, 2009 Highest Severity & NOW!!
    8. 8. Common Perceptions….. & Reality No WiFi Enterprises WiFi is officially deployed “ We don’t have WiFi & hence we are not affected” It doesn’t apply to us “ We have encryption, firewalls, IDS, anti-virus installed and hence we are already protected” Our security is good enough Only valid users are allowed “ We have encryption and authentication so no unauthorized user can access the network Employees use smart phones <ul><li>Rogue, honey pot APs </li></ul><ul><li>Users connecting to ext WiFi </li></ul><ul><li>Ad-hoc, DoS attacks ++ </li></ul>Not good enough; Unmanaged connections Valid user from unmanaged device is a threat <ul><li>Loss of smart phone </li></ul><ul><li>Device hygiene - malware </li></ul><ul><li>Hotspots, tethering </li></ul><ul><li>Rogue, honey pot APs </li></ul><ul><li>Users connecting to ext WiFi </li></ul>Not secure; There is WiFi
    9. 9. Key questions <ul><li>Does your wired security protect you from wireless based attacks </li></ul><ul><li>You say you don’t have WiFi. How do you know? </li></ul><ul><li>Are you sure your enterprise data is secure when employees are using unmanaged smart phones </li></ul><ul><li>Are your employees using neighbouring WiFi to access social media and IM that is not allowed from your enterprise network </li></ul><ul><li>Can your wired network vendor or Firewall vendor protect you from wireless based attacks </li></ul>
    10. 10. Layered Approach to Wireless Security Rogue AP Misconfigured AP Re-establishing network security perimeter Guest Access Firewall Wired IPS SPAM/AV URL filtering Protecting mobile wireless user WEP, WPA, WPA2 External APs Ad hoc connections Wi-Phishing Honeypots Other network interfaces: Bluetooth, Infrared, 1394 etc. Detachable interfaces: 2.5G/3G data-cards, WiFi adapters Eavesdropping Unauthorized Access Cracking Exploits MAC spoofing attacks Denial of Service Wi-Phishing Honeypots External Users External APs ~ ~
    11. 11. Classifying Threats And Enforcing Policy Authorized Connected to the network Following the security policy External Not connected to the network Visible in the air Rogue Connected to the network Violating the security policy Authorized Connected to an authorized AP External Connected to an external AP Access Points Clients Events Guest : Connected to the guest network Following the Guest security policy Can not connect to Authorized APs Guest Connected to a Guest AP Authorized External Rogue Authorized External Guest Guest
    12. 12. SpectraGuard Product Family Complete Wireless Intrusion Prevention SpectraGuard Enterprise Wireless Security for Mobile Users SpectraGuard SAFE Industry’s Only Wireless Security Service SpectraGuard Online WLAN Coverage & Security Planning SpectraGuard Planner
    13. 13. SpectraGuard Advanced WIPS Capabilities Applied AirTight’s approach of simplicity and ease of use to WLAN performance management and forensics Predictive Performance Smart Forensics TM Comprehensive Integration Dashboards and Reporting
    14. 14. SpectraGuard SAFE - Wireless Endpoint Security <ul><li>Location based security policy (Work/Home/Road) </li></ul><ul><li>All wired/wireless interfaces covered </li></ul><ul><li>“ No bridging” policy enforcement </li></ul><ul><li>Windows Zero Configuration Audit and Clean-up </li></ul><ul><li>USB interface & CD/DVD drive policy enforcement </li></ul><ul><li>Stealth mode operation (audit only, no enforcement) </li></ul><ul><li>API-based integration with McAfee ePO </li></ul><ul><li>Microsoft Active Directory Integration </li></ul>
    15. 15. SpectraGuard Enterprise Overlay + SAFE Building - A Building - B No WiFi Premise Internet SpectraGuard Network Detector Corporate Firewall Enterprise Servers SpectraGuard Enterprise Appliance
    16. 16. Why Customers Buy AirTight Technology <ul><li>Quarantine APs if connected to enterprise network </li></ul><ul><li>Prevent WiFi connections to / from enterprise WiFi clients </li></ul><ul><li>Quarantine unmanaged APs if connected to enterprise network </li></ul><ul><li>Prevent enterprise Wi-Fi clients from connecting to external & Guest Wi-Fi </li></ul><ul><li>Prevent external Wi-Fi devices from accessing enterprise APs and clients </li></ul><ul><li>Detect & prevent DoS attacks on enterprise Wi-Fi </li></ul><ul><li>Establish RF visibility throughout the enterprise and the neighbourhood </li></ul><ul><li>WiFi vendor agnostic performance monitoring and forensics </li></ul><ul><li>PCI, And…SOX, GLBA, ISO 27000 …. </li></ul>No Wi-Fi Secure Wi-Fi Compliance Monitoring
    17. 17. Marquis High Security Wins Government Transportation Telco Manufacturing Technology Services Financial
    18. 18. Notable PCI Activity 2010 Customer Wins 2009 Customer Wins
    19. 19. Gartner 2010 WIPS Marketscope 4 Time Winner!
    20. 20. Gartner on AirTight and Wireless Intrusion Prevention <ul><li>“ ..a company with a good vision for what people will buy, and this vision is earning them steady year over year growth in both installed base and new clients.” </li></ul><ul><li>“ AirTight's drop-in SaaS package is affordable and was well-timed to PCI law fortifications… ” </li></ul><ul><li>“ AirTight is appropriate for buyers that are looking for an easy-to-deploy solution with minimal training/skill…” </li></ul><ul><li>… strong security and rapid deployment with reduced overhead to setup and configure . </li></ul><ul><li>Customer references report that the product is easy to set up and that it avoids false alarms by using multiple checks to classify rogues. </li></ul>Gartner on AirTight “Lean back system” “ As new wireless technologies emerge, the overlay systems will provide the most flexible approach for rapidly incorporating monitoring and intrusion prevention.” Gartner on AirTight “Lean back system” Gartner on AirTight “Lean back system”
    21. 21. Gartner on AirTight in Y2010 Marketscope on WIPS <ul><li>AirTight showed strong revenue growth in 2008 and all of 2009, continuing to prove that a stand-alone IPS company can buck the trend of infrastructure vendors selling bundled IPS . </li></ul><ul><li>Customer references report that the product is easy to set up and that AirTight's methodology for classifying events avoids false alarms when identifying rogues. Feedback from Gartner clients and reference customers continues to praise overall ease of use. </li></ul><ul><li>AirTight holds patents for a method of using marker packets … This method is very fast and efficient for accurate determination of rogue versus foreign/neighbouring wireless activity. </li></ul><ul><li>AirTight is appropriate for buyers that are looking for an easy-to-deploy solution and that are willing to take on a second wireless vendor to provide WIPS in exchange for strong security and rapid deployment with reduced overhead to setup and configure . </li></ul>Ease of Use, Zero False Alarms, Differentiating Technology and Dedicated Wireless Security Sensor Gartner on AirTight “Lean back system”
    22. 22. Innovations by AirTight Innovations by AirTight 2005 World’s first fully-automated WIPS 2010 2009 Comprehensive WLAN, SIM/SEM integration 2006/7 Usability Scalability Availability World’s first SaaS WIPS First 11n WIPS World’s first cloud Wi-Fi and security solution 20 patents granted/allowed 20+ more pending 2008
    23. 23. ARP Request Marker Packets (L2) <ul><ul><li>Sensor sends periodic ARP Requests with signatures in them </li></ul></ul><ul><ul><li>Sensor detects if any AP forwards them to wireless side </li></ul></ul>VLAN ARP Requests VLAN ARP Request Bridge Rogue AP Sensor Sensor
    24. 24. UDP Marker Packets (L3) – Example 2 UDP packet containing signature NAT Rogue AP SGE Server LAN VLAN 1 VLAN 2
    25. 25. How CAM table lookup works? – Sensor sees Client on wireless – Reports its connection to AP 2 3 – Client connects thru AP – Client MAC gets in CAM – Server polls CAM tables 2 3 – AP marked wired to monitored network Network Connected Bridge AP (AP1) WIPS Sensor WIPS Server Network Switches 1 2 3 Client 1 1 1 1 1
    26. 26. Performance Comparison Summary Extensive None 6. Manual intervention for classification Poor Infinite 5. Scalability High Zero 4. Configuration, maintenance High (tens of minutes) Low (few minutes) 3. Latency of detection Often Never 2. False positive on neighbor AP Often Never 1. False negative on NAT APs MAC Correlation Marker Packets Criteria
    27. 27. Flood of WiFi Enabled Unmanaged Devices
    28. 28. Comprehensive wireless security
    29. 29. Smart devices in everyone’s pocket US Smart phone and Tablet Projections 67 M 95 M 2010 Smartphones 2011 Smartphones 2011 Smartphones + Tablets 140 M http://www.eweek.com/c/a/Mobile-and-Wireless/ Smartphones-Not-Tablets-Top-Consumer-Shopping-Lists-Gartner-127190/
    30. 30. What it means for enterprise security
    31. 31. Smart Devices in Enterprise - Threat Vectors <ul><li>High exposure to data theft </li></ul><ul><ul><li>Lost/stolen devices is a cause of concern; since they will carry large amount of enterprise data </li></ul></ul><ul><li>Compromised devices </li></ul><ul><ul><li>Native security controls on devices can be rendered inoperative - iPhone jailbreaking, Android open source </li></ul></ul><ul><ul><li>Malware, spyware and viruses threats </li></ul></ul><ul><li>Network intrusion over wireless backdoors </li></ul><ul><ul><li>Backdoor entry/exit in network over “tethering” and honeypots </li></ul></ul>
    32. 32. More than what meets the naked eye!
    33. 33. Tethering: Bridging the two wireless worlds! Enterprise Security Perimeter Internet 3G Network Backdoor Exit Backdoor Entry
    34. 34. What’s your smart phone security game plan? Ban them completely, or use some form of white-listing .
    35. 35. Is banning or white listing by itself sufficient? No. How will you monitor the unapproved use?
    36. 36. Wi-Fi: Gateway for unapproved use <ul><ul><li>Wi-Fi presents zero barrier for unapproved smart devices </li></ul></ul><ul><ul><li>to enter enterprise networks! </li></ul></ul>Voilà! We are on WPA2 enterprise Wi-Fi.
    37. 37. Single user – Multiple devices
    38. 38. How do we monitor the unapproved devices? <ul><ul><li>Any takers for MAC ACL? </li></ul></ul><ul><ul><ul><li>Lot of initial work/change in existing process </li></ul></ul></ul><ul><ul><ul><li>Inflexible </li></ul></ul></ul><ul><ul><ul><li>Tedious to manage </li></ul></ul></ul><ul><ul><li>Desirable approach should be: </li></ul></ul><ul><ul><ul><li>Easier to manage </li></ul></ul></ul><ul><ul><ul><li>Flexible </li></ul></ul></ul><ul><ul><ul><li>Incremental </li></ul></ul></ul>
    39. 39. Monitoring unapproved use with AirTight WIPS Respond Analyze Violation Detect Violation Patented wireless client classification and policy enforcement platform in AirTight WIPS Define White List Criteria
    40. 40. Take Away <ul><li>Smart device security is an major issue </li></ul><ul><li>Define policy for approved use </li></ul><ul><ul><li>Ban them </li></ul></ul><ul><ul><li>Allow selective devices </li></ul></ul><ul><ul><li>Device management </li></ul></ul><ul><li>Use Wi-Fi monitoring to stop unapproved use </li></ul><ul><ul><li>AirTight WIPS helps you with this </li></ul></ul><ul><li>AirTight WIPS also blocks over-the-air attacks on approved devices </li></ul>
    41. 41. More than what meets the naked eye!
    42. 42. AirTight Summary <ul><li>WIPS is now recognized “best practice” technology </li></ul><ul><li>AirTight: strongest wireless security & easiest to use </li></ul><ul><li>The “Go-to” WIPS partner for WLAN & security leaders </li></ul><ul><li>Leading enterprises of all types and sizes trust AirTight </li></ul>
    43. 43. For more information, please visit www.airtightnetworks.com blog.airtightnetworks.com Thank You [email_address]

    ×