S5068 Presentation Live


Published on

Cisco presentation on the benefits of the Guest Access and network security associated with WLAN

Published in: Business, Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • S5068 Presentation Live

    1. 1. Strategies for Delivering Secure Wireless Guest Access
    2. 2. Cisco Mobility TV Mobility TV Host Chris Kozup Marketing Manager, Mobility Solutions, Cisco Scott Pope Manager, Guest Access Product Management, Cisco Tony Diep IT Theater Service Manager for US & Canada, Cisco
    3. 3. Thank You for Joining Us Today <ul><li>The next wireless and mobility videocast event will take place on May 8, 2007 at 10:00 AM Pacific </li></ul><ul><li>The featured subject will be Outdoor Wireless </li></ul><ul><li>To register visit: http://www.cisco.com/go/semreg/mobilitytvepisodes/142299_3 </li></ul>
    4. 4. Wireless in the News
    5. 5. Cisco Mobility Express Solution <ul><li>Affordable business-class mobility solution announced for small and medium businesses </li></ul>Application-Based Access Points, Controllers, plus Application Servers Cisco Mobility Express Solution Controller-Based Access Points Plus Controllers Offer a Mobile Foundation for All Standalone Access Points Grow with Your Business Adapt to Your Level of Sophistication
    6. 6. Cisco Empowers the Wireless Branch Office <ul><li>Cisco introduces new WLAN Controller Module for the ISR and new 3G WAN interface to create the Empowered Wireless Branch </li></ul>Empowered Wireless Branch Integrated 3G Wireless WAN ISR Wireless LAN
    7. 7. Cisco Wins TechTarget’s 2007 Gold Award <ul><li>Cisco awarded TechTarget Gold Award for Product Leadership in the Wireless Category </li></ul>Gold Award: Cisco WiSM/WLSM
    8. 8. Cisco Teams with the NBA <ul><li>The NBA partners with Cisco to transform the experience of sports through the use of technology </li></ul>
    9. 9. Upcoming Cisco Wireless Events <ul><li>Interop </li></ul><ul><ul><li>Las Vegas, Nevada </li></ul></ul><ul><ul><li>May 20–26, 2007 </li></ul></ul><ul><li>Cisco Secure Wireless Road Show </li></ul><ul><ul><li>Sixteen cities in North America </li></ul></ul><ul><ul><li>Ask your account rep for details </li></ul></ul>
    10. 10. Agenda Why Secure Guest Access? 1 Cisco on Cisco: Guest Access Case Study 2 Cisco’s Secure Wireless Guest Access Solution 3
    11. 11. Business Trends and Challenges <ul><li>Trends </li></ul><ul><ul><li>Widespread wireless deployment </li></ul></ul><ul><ul><ul><li>Over 65% of businesses use WLAN </li></ul></ul></ul><ul><ul><li>Mobility services new business imperative </li></ul></ul><ul><ul><ul><li>67% of businesses reported up to 50 visitors per month requiring network access* </li></ul></ul></ul><ul><ul><li>Increased pressure to reduce network operational cost and complexity </li></ul></ul><ul><ul><ul><li>Research case revealed ROI of up to 328%* </li></ul></ul></ul><ul><li>Challenges </li></ul><ul><ul><li>Optimize partner, vendor and customer interactions with wireless access to network resources </li></ul></ul><ul><ul><li>Deliver guest access without exposing internal resources to security threats </li></ul></ul><ul><ul><ul><li>Security ranks as #1 wireless network concern </li></ul></ul></ul>Source: WLAN Adoption Study, Forrester Research, 2006
    12. 12. Wireless Guest Access Is Changing Business <ul><li>Retail </li></ul>Providing customers real-time product or service information for an enhanced, better informed consumer experience Healthcare Allowing suppliers to place refill orders on the premises to minimize inventory shortages Financial Enabling consultants to complete audits more accurately efficiently Carpeted Office Providing secure access to business partners and consultants to ensure faster decision making and increased business agility
    13. 13. Cisco Mobility TV Mobility TV Host Chris Kozup Marketing Manager, Mobility Solutions, Cisco Scott Pope Manager, Guest Access Product Management, Cisco Tony Diep IT Theater Service Manager for US & Canada, Cisco
    14. 14. Cisco on Cisco Guest Access <ul><li>Build a policy and architecture in which: </li></ul><ul><ul><li>Non-Cisco employees can access the Internet </li></ul></ul><ul><ul><ul><li>Where and when Cisco deems appropriate </li></ul></ul></ul><ul><ul><ul><li>With Cisco's permission </li></ul></ul></ul><ul><ul><ul><li>From Cisco’s infrastructure </li></ul></ul></ul><ul><ul><ul><li>Secure, authenticated, recorded </li></ul></ul></ul>Objectives and Constraints
    15. 15. Cisco on Cisco Guest Access Architecture WWW Guest Data Guest traffic tunneled in GRE BBSM “ hotspot.cisco.com” Employee generates access code via portal Corporate Current – Layer 3 Architecture WWW Guest Data Guest traffic tunneled in GRE NAC Appliance “ hotspot.cisco.com” Corporate Planned – Strategic
    16. 16. Cisco on Cisco Wireless SSID Architecture Wireless voice SSID EAP-FAST authentication WPA encryption QoS Broadcast = NO Guest networking SSID Open authentication No encryption Broadcast = YES Two production data SSIDs EAP-FAST authentication CKIP encryption on one WPA encryption on the other Broadcast = NO Cisco wireless voice users Cisco wireless data users NON-Cisco, guest WLAN users Common SSID configuration for all access points
    17. 17. Cisco on Cisco Guest Usage Trends - Global <ul><li>Average of 19,000 users per month (and rising) </li></ul><ul><li>Over 228,000 guests past 12 months </li></ul><ul><li>Over 330 buildings with wired & wireless guest services </li></ul>Guest Users
    18. 18. Cisco on Cisco Support Cost Analysis – FY 2007 $14,450 Support Case Cost ($25 per case) $162,450 or $0.71 per guest Total Support Cost $148,000 Tier 2/3 Support (Est. 1 FTE) 578 # IT Support Cases (Annual) 228,048 Number of Guest Codes (Annual) FY 2007 Support Cost of Hotspot.cisco.com $162,450 Cost of “Hotspot.cisco.com” (see above) $5,538,750 Cost Avoidance $5,701,200 Total cost of support ($25 x 228,048) 228,048 # of helpdesk calls required (without guest service) FY 2007 Support Cost Pre-Hotspot.cisco.com
    19. 19. Cisco on Cisco Hotspot Benefits <ul><li>Access codes can be generated within 15 seconds </li></ul><ul><li>Batch codes can be generated for large groups </li></ul><ul><li>IT administrative overhead avoided </li></ul>Improved Turnaround <ul><li>Branded network experience – Cisco viewed as technology leader </li></ul><ul><li>“ No hassle” network access </li></ul>Guest Experience <ul><li>Visitor sponsors responsible for generating code – no IT support needed </li></ul>Staff Empowerment <ul><li>Users must digitally sign acceptable use policy with legal disclaimer </li></ul>Legal Protection <ul><li>Controlled network access </li></ul><ul><li>Uncontrolled, non-corporate clients segmented from enterprise network </li></ul>Improved Security <ul><li>Over $5M in potential support/administrative overhead avoided </li></ul>Cost Avoidance
    20. 20. Mobility Services … Beyond Connectivity Security Guest Voice Location <ul><li>Guest networks for customers, partners and auditors </li></ul><ul><li>Vendor replenishment networks </li></ul><ul><li>Public access networks </li></ul><ul><li>Automatic, 24 x 7 security and compliance monitoring for breaches via wireless medium </li></ul><ul><li>Network access control based on user location </li></ul><ul><li>Asset management </li></ul><ul><li>Location-based content distribution </li></ul><ul><li>Streamlined workflow using historical location data </li></ul><ul><li>Real-time mobile voice communications </li></ul><ul><li>Improved collaboration via mobile unified communications </li></ul><ul><li>Faster customer service response </li></ul>Pervasive Wireless Network
    21. 21. Cisco Mobility TV Mobility TV Host Chris Kozup Marketing Manager, Mobility Solutions, Cisco Scott Pope Manager, Guest Access Product Management, Cisco Tony Diep IT Theater Service Manager for US & Canada, Cisco
    22. 22. Types of Network Users Corporate Employees <ul><li>Need internal network access </li></ul><ul><li>Can be role based to allow granular access if needs require </li></ul><ul><li>Need restricted internal access </li></ul><ul><li>Printers </li></ul><ul><li>File Shares </li></ul><ul><li>Specific Applications </li></ul><ul><li>Device Support </li></ul>Contractors/ Consultants Guest Users <ul><li>Internet Access Only </li></ul><ul><li>No need to access internal systems </li></ul><ul><li>Segment Access Completely </li></ul>Full Access Internet Only Cisco Guest Services Give You Control
    23. 23. Cisco Solutions for Secure Guest Access <ul><li>Lobby admin portal for user provisioning </li></ul><ul><li>End-user registration page </li></ul><ul><li>Network partitioning using tunneling </li></ul><ul><li>User authentication and authorization in local database or AAA server </li></ul><ul><li>Usage logging and reporting </li></ul><ul><li>Core features, plus… </li></ul><ul><li>Network privileges based on roles </li></ul><ul><li>End-user security posture assessment </li></ul><ul><li>Full policy-based end-user portal customization using partners </li></ul><ul><li>Unification of wireless and wired guest access </li></ul>Versatile Solutions for Diverse Deployment Environments Wireless Guest Access in Cisco Unified Wireless Enhanced Wired and Wireless Guest Access Core and Enhanced Options
    24. 24. Wireless Guest Access <ul><li>Back-end segmentation (mobility anchor) </li></ul><ul><ul><li>Separate the guest traffic from the corporate internal traffic via EoIP tunnels </li></ul></ul><ul><li>Lobby ambassador/ host portal </li></ul><ul><ul><li>Guest user creation and token generation </li></ul></ul><ul><ul><li>Served from WLAN Controller or WCS </li></ul></ul><ul><li>Customizable guest screen </li></ul><ul><ul><li>Served from WLAN Controller or external server </li></ul></ul><ul><li>Back-end authentication </li></ul><ul><ul><li>Local WLAN Controller user database or external AAA </li></ul></ul>Wired/Wireless VLANs Campus Core LWAPP LWAPP WCS Ether IP “ Guest Tunnel” Emp Emp Internet Ether IP “ Guest Tunnel” DMZ WLAN Controller Guest Emp Guest Emp
    25. 25. Lobby Ambassador Feature <ul><li>Simple and Fast </li></ul><ul><ul><li>Lobby Ambassador feature enables any staff member to enable guests </li></ul></ul><ul><li>Integrated Solution </li></ul><ul><ul><li>Runs on any controller and WCS </li></ul></ul><ul><li>Secure </li></ul><ul><ul><li>Generate individual guest name, unique password and duration of access </li></ul></ul>
    26. 26. Enhanced Wired and Wireless Guest Access <ul><li>Cisco NAC Appliance Provides: </li></ul><ul><li>Very granular role-based access </li></ul><ul><li>Endpoint posture assessment and remediation </li></ul><ul><li>OS and posture restrictions </li></ul><ul><li>QoS policy for guest users </li></ul><ul><li>Integration with broader AAA servers </li></ul><ul><li>Uniform guest access for wired/wireless </li></ul><ul><li>Cisco “GuestNet” Customized Portal: </li></ul><ul><li>Cisco developed portal services for “one-stop” shop </li></ul><ul><li>Basic portal customization, per-user customization </li></ul><ul><li>Partner User Portals Provide: </li></ul><ul><li>Extensive portal customization </li></ul><ul><li>Customizable logging, reporting, billing </li></ul><ul><li>Temporary user accounts for email, printing, etc. </li></ul>Campus Core LWAPP LWAPP WCS Ether IP “ Guest Tunnel” Emp Emp Internet Ether IP “ Guest Tunnel” DMZ WLAN Controller NAC Appliance Wired/Wireless VLANs Guest Emp Guest Emp
    27. 27. Role-Based Access Control <ul><li>Validates authorization policies and privileges </li></ul><ul><ul><li>Layer 3/Layer 4 role-based access control (RBAC) to permit access to specific port, protocol, or subnet </li></ul></ul><ul><li>Supports multiple user roles </li></ul><ul><ul><li>Customized portals per guest user group – redirection to a pre-defined page for acceptable user policy notice </li></ul></ul><ul><ul><li>Bandwidth throttling for each user role by assigning shared or dedicated bandwidth usage </li></ul></ul><ul><ul><li>Secures internal wired Ethernet ports </li></ul></ul><ul><li>Scans for Security Requirements </li></ul><ul><ul><li>Guest session access scheduling </li></ul></ul><ul><ul><li>Pre-configured Windows critical hot fixes and anti-virus application checks </li></ul></ul><ul><li>Performs repair and update </li></ul><ul><ul><li>Self remediation for quarantined users </li></ul></ul>
    28. 28. Implementation Considerations <ul><li>Ensure guest access to only Internet and authorized network resources </li></ul><ul><li>Eliminate IT administrator involvement with user authorizations </li></ul><ul><li>Leverage integration of wired and wireless network (policies and administration) </li></ul><ul><li>Ensure internal users and applications have priority over guests </li></ul><ul><li>Monitor network use and prohibit services on location or per-user basis </li></ul>Whatever the Business Reason for Guest Access, Implementation and Security Goals Should:
    29. 29. With Wireless… Now You Can
    30. 30. Now You Can… <ul><li>Enhance your customer’s retail experience </li></ul><ul><ul><li>Increase the time and money customers spend on site </li></ul></ul><ul><li>Improve vendor productivity and accuracy </li></ul><ul><ul><li>Allow suppliers to update inventory or restocking data real-time </li></ul></ul><ul><li>Provide a virtual support network for hospitalized patients </li></ul><ul><ul><li>Enable connectivity to the outside world with online access to family, friends, research, entertainment </li></ul></ul><ul><li>Track when and where users access the network </li></ul><ul><ul><li>Ensure the security of your facility and critical business data </li></ul></ul>