Luxemburg event - airtight networks

480 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
480
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Luxemburg event - airtight networks

  1. 1. AirTight Secure Wi-Fi Armed to Defend Your Network Niels Boesten Johan van der Welle Simon Hollister Sepideh Nazemi 2011 AirTight Networks, Inc. 2010 AirTight Networks, Inc. Proprietary & Confidential The Global Leader in Wireless Security Solutions .Proprietary & Confidential Page 1
  2. 2. Why Wireless Security?What is wireless security? • Securing your corporate cabled network against all unwanted Wifi and Wifi threads. 2010 AirTight Networks, Inc. Proprietary & Confidential Page 2
  3. 3. We all think we are safe! Existing security solutions focus on the cabled network 2010 AirTight Networks, Inc. Proprietary & Confidential Page 3
  4. 4. Wifi is the weakest link unseen by the firewall !The weakest linkwill be attacked! 2010 AirTight Networks, Inc. Proprietary & Confidential Page 4
  5. 5. Common Wi-Fi Threat Scenarios Unauthorized Wi-Fi on enterprise LAN Rogue Client Rogue AP Poorly secured enterprise Wi-Fi 3G External AP Mobile HotspotEmployees bypassingenterprise security Evil Twin 2010 AirTight Networks, Inc. Proprietary & Confidential Page 5
  6. 6. Common Wireless Threats 2010 AirTight Networks, Inc. Proprietary & Confidential Page 7
  7. 7. “we have a no-wifi policy or no-wifi zones” 2010 AirTight Networks, Inc. Proprietary & Confidential Page 8
  8. 8. 2010 AirTight Networks, Inc. Proprietary & Confidential Page 10
  9. 9. BYOD Pressure on IT  Wi-Fi access is expected everywhere  Wi-Fi security risks from personal mobile devices  Compliance is tougher to maintain 2011 AirTight Networks, Inc. 2010 AirTight Networks, Inc. Proprietary & Confidential The Global Leader in Wireless Security Solutions .Proprietary & Confidential Page 11
  10. 10. Only Effective BYOD Policy Enforcement Fingerprinting of all smart devices Approved/unapproved classification Blocking unapproved personal devices 2010 AirTight Networks, Inc. Proprietary & Confidential Page 12
  11. 11. Accurate location tracking of any WiFi activity!(2-5mtrs) 2010 AirTight Networks, Inc. Proprietary & Confidential Page 13
  12. 12. Top Rated WIPS Available in 3 Configurations Dedicated Overlay WIPS AP + Dedicated WIPS Dual AP w/ Background Scanning 2010 AirTight Networks, Inc. Proprietary & Confidential Page 15
  13. 13. Complete AirTight Wi-Fi PortfolioDoD Approved WIPS Most Affordable AP Most Flexible & Secure AP New! AT-C10 AT-C50 AT-C60Dual band, dual radio Dual band, single radio Dual band, dual radioDedicated WIPS sensor Two configurations: Multi-modal configuration:  Common Criteria  AP + background scanning  AP + background scanning  FIPS Certified  Dedicated WIPS sensor  Dedicated WIPS sensor  DISA APL  Concurrent AP + WIPS 2010 AirTight Networks, Inc. Proprietary & Confidential Page 16
  14. 14. Multiple Deployment OptionsPublic Cloud Private Cloud VMware Appliance 2010 AirTight Networks, Inc. Proprietary & Confidential Page 17
  15. 15. How does it work?Why is auto-classification essential?  Large number of APs visible in air  New APs come up often  Old APs change configurations  Most of them are not Rogue APs • Neighborhood, municipal, hotspot  How do you know which APs are genuine threats? 2010 AirTight Networks, Inc. Proprietary & Confidential Page 19
  16. 16. The (only) right way to auto-classify:On-wire/off-wire detection Authorized AP All APs visible in air Managed APs (Static Part) Unmanaged APs External AP (Dynamic Part) Not connected to my network Rogue APThe biggest challenge inimplementing such clean workflow is: Robust AP network connectivity Connected to detection my network 2010 AirTight Networks, Inc. Proprietary & Confidential Page 20
  17. 17. 2010 AirTight Networks, Inc. Proprietary & Confidential Page 21
  18. 18. 2010 AirTight Networks, Inc. Proprietary & Confidential Page 22
  19. 19. AirTight Networks’ Competitors’Patented Auto-classification Auto-classification FalseAuthorized positives 50% Rogue (?)External Rogue False 70% Rogue (?) negatives Works “out of the box” You have to configure complex rules and deal with false alarms 2010 AirTight Networks, Inc. Proprietary & Confidential Page 23
  20. 20. AirTight’s automatic policy enforcement logic AP Classification Policy Client Classification GO Authorized Authorized APs Clients STOP Rogue APs STOP Rogue (On Network) Clients Neighborhood Neighborhood APs Clients IGNORE DETECT AND BLOCK RED PATHS! With this in place, your network is protected from all types of threats, vulnerabilities and attack tools! Only SpectraGuard can truly implement this simple workflow because of its ability to automatically and accurately detect if an AP is connected to the enterprise LAN 2010 AirTight Networks, Inc. Proprietary & Confidential Page 24
  21. 21. Carrier Scale Information Management Location-based Policy Management - Users, VLANs, Configuration of APs, Sensors, Alerts, IPS, etc. Location based Administration - Different administrators and rights for each location Regional Office Regional HQ HQ Data Center 25 Location based monitoring & reporting - PCI Compliance, Vulnerability Assessment, Inventory, etc. 2010 AirTight Networks, Inc. Proprietary & Confidential Page 25
  22. 22. One Managed Secure Wi-Fi solutionEliminating Cost, Complexity & Security Riskfrom Distributed Wi-Fi 2010 AirTight Networks, Inc. Proprietary & Confidential Page 26
  23. 23. Patented Marker Packet™ Techniques Wired to Wireless Test Closed Loop AP Connectivity Confirmation Wireless to Wired Test 2010 AirTight Networks, Inc. Proprietary & Confidential Page 27
  24. 24. Thank You! 2010 AirTight Networks, Inc. Proprietary & Confidential Page 29

×