Considerations for a secure enterprise wlan data connectors 2013

533 views

Published on

Considerations for a Secure Enterprise WLAN - DataConnectors 2013 by Kaustubh Phanse

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
533
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
25
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Considerations for a secure enterprise wlan data connectors 2013

  1. 1. © 2013 AirTight Networks, Inc. All rights reserved.Considerations for a Secure Enterprise WLANKaustubh Phanse, Ph.D.Chief Wireless Architect & EvangelistAirTight Networks
  2. 2. © 2013 AirTight Networks, Inc. All rights reserved.(Re)Considering Wireless Security2We don’t have “that” problem because…A “No Wi-Fi” policy without enforcementWhat does not work?
  3. 3. © 2013 AirTight Networks, Inc. All rights reserved.Managing the “Unmanaged”3WPA2/802.1x cannot prevent unauthorized devicesfrom accessing the enterprise network
  4. 4. © 2013 AirTight Networks, Inc. All rights reserved.Managing the “Unmanaged”4
  5. 5. © 2013 AirTight Networks, Inc. All rights reserved.BYOD Survey Results511%20%69%16%34%50%Do you see an increasing trendof employees bringing Rogue Wi-Fi APs?Are you concerned about employees usingmobile hotspots to bypass corporate policies?
  6. 6. © 2013 AirTight Networks, Inc. All rights reserved.Wireless Intrusion Prevention System (WIPS)6AutomaticDevice ClassificationComprehensiveThreat CoverageReliableThreat PreventionAccurateLocation TrackingBYODPolicy Enforcement
  7. 7. © 2013 AirTight Networks, Inc. All rights reserved.Automatic Device Classification7Rogue  External  Authorized  Rogue  AP?    (High  RSSI)  Rogue  AP?  (SSIDs)  Undetected  Rogue  APs  Rogue  AP?  (Vendor)  Rogue  AP    (on  wire)  
  8. 8. © 2013 AirTight Networks, Inc. All rights reserved.Signature-based Approach = False Alarms!8
  9. 9. © 2013 AirTight Networks, Inc. All rights reserved.Blueprint for Reliable Threat Prevention9§  Surgical threat prevention without interfering with legitimatecommunication (yours or your neighbor’s)§  Simultaneous prevention of multiple threats across multiplechannelsExternal  APs  Rogue  APs    (On  Network)  Authorized    APs  AP  Classifica?on  STOP  Client  Classifica?on  Policy  Mis-­‐config  GO  STOP  IGNORE  DoS  External  Clients  Authorized  Clients  Rogue    Clients  
  10. 10. © 2013 AirTight Networks, Inc. All rights reserved.What Good is a Feature that Cannot be Turned On?10Many WLAN vendors offering “so-called WIPS” recommendtheir customers to NOT turn on automatic threat prevention!
  11. 11. © 2013 AirTight Networks, Inc. All rights reserved.Comprehensive Threat Coverage11True WIPS ApproachProtects against thefundamental wireless threatbuilding blocksPrevalentWIDS ApproachCat and mousechase of exploits,tools and signatures
  12. 12. © 2013 AirTight Networks, Inc. All rights reserved.Signature-based Approach = False Alarms!12
  13. 13. © 2013 AirTight Networks, Inc. All rights reserved.Accurate Location Tracking13No need for RF site surveyNo search squads to locate Wi-Fi devicesDefinitive location tracking within 10-15 ft.
  14. 14. © 2013 AirTight Networks, Inc. All rights reserved.BYOD Policy Enforcement14§  MDM and NAC unable to provide thefirst line of defense§  WIPS complements these solutions tofully automate secure BYOD
  15. 15. © 2013 AirTight Networks, Inc. All rights reserved.WIPS Architectures15§  Integrated•  APs repurposed as sensors•  Background scanning and minimal protection•  Cannot co-exist with time-sensitive apps, e.g., VoIP§  Overlay•  Dedicated sensors on top of existing WLAN•  24/7 monitoring and protection§  Combo•  APs repurposed as sensors•  24/7 monitoring and protection•  Able to support all types of apps, including VoIPWi-­‐Fi  AP  with  background  scanning  2.4  GHZ  5  GHz  2.4  GHZ  5  GHz  2.4  GHZ  5  GHz  Wi-­‐Fi  AP   WIPS  Sensor  Wi-­‐Fi  AP  with    Concurrent  WIPS  sensor  2.4  /  5  GHZ  2.4  +  5  GHZ  
  16. 16. © 2013 AirTight Networks, Inc. All rights reserved.AT-C60: Industry’s Most Flexible Wi-Fi Platform16§  Software-defined, band-unlocked radios– an industry first§  Concurrent Wi-Fi access and 24/7 WIPS– an industry first
  17. 17. © 2013 AirTight Networks, Inc. All rights reserved.AirTight Wi-Fi – Key Features17Built-in WIPS, Content Filtering,Firewall and BYOD OnboardingSupport for Multiple SSIDs & VLANs,QoS and Traffic ShapingHigh speed 802.11n accessincl. 3x3:3 on 802.3af PoEGuest Wi-Fi access with CaptivePortal and Walled GardenCentralized Management fromsingle HTML5 consoleSocial Wi-Fi and Analyticsfor Business Intelligence!
  18. 18. © 2013 AirTight Networks, Inc. All rights reserved.AirTight WIPS – Key Features18AutomaticDevice ClassificationComprehensiveThreat CoverageReliableThreat PreventionAccurateLocation TrackingBYODPolicy Enforcement
  19. 19. © 2013 AirTight Networks, Inc. All rights reserved.Secure Enterprise WLAN Checklist19ü  Accurately detect all types of Rogue APs without you having todefine any signatures?ü  Not flood you with false alerts?ü  Let you reliably turn on the P in WIPS?ü  Automate BYOD policy enforcement and onboarding?ü  Accurately track physical location of detected Wi-Fi devices?ü  Do all of the above without compromising on Wi-Fi access featuresand ripping off your IT budget?Can your enterprise WLAN solution:
  20. 20. © 2013 AirTight Networks, Inc. All rights reserved.Thank You!20Cloud Managed Secure Wi-Fi Solutionswww.airtightnetworks.cominfo@airtightnetworks.com@AirTight+1 877 424 7844US DoD Approved

×