Trusted Wireless Environment (TWE)
•Download as PPTX, PDF•
1 like•64 views
Wi-Fi hacking leads to stolen passwords, email, social accounts, malware, and identity theft. The worst part is that 20 year old attacks still work today and nearly no one has the technology to detect Wi-Fi hacks making hotspots and office Wi-Fi easy targets for cybercriminals. Food, medicine, even toothpaste has minimum safety standards but Wi-Fi has nothing. The Trusted Wireless Environment (TWE) Framework is the industry's first safety standard for Wi-Fi explaining the six Wi-Fi threats that a WLAN network needs to be protected from to meet the TWE standards.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Trusted Wireless Environment (TWE)
Similar to Trusted Wireless Environment (TWE) (20)
Recently uploaded
Recently uploaded (20)
Trusted Wireless Environment (TWE)
- 1. Copyright ©2019 WatchGuard Technologies,Inc. All Rights Reserved 1 Ryan Orsi Director Product Management, Wi-Fi WatchGuard Technologies
- 2. Copyright ©2019 WatchGuard Technologies,Inc. All Rights Reserved The Wi-Fi industry lacks sufficient standards around Layer 2 Wi-Fi security. For 20 years, 6 Wi-Fi threat categories have existed. Anyone can learn how to hack in 20min on YouTube. The Trusted Wireless Environment is a Framework for industry players that defines a new minimum Layer 2 security standard needed to protect the world. VPN “Virtual Private Network” ”Valentine Party Network” Webinar Series: Secure Wi-Fi with Ryan Orsi
- 3. Copyright ©2019 WatchGuard Technologies,Inc. All Rights Reserved 6 Known Wi-Fi Threat Categories Rogue AP Allows attackers to bypass perimeter security Evil Twin AP Lures users to connect to it so as to spy on traffic, steal data, and infect systems Neighbor AP Risks infection from connecting to other SSIDs while in range of the authorized AP Rogue Client Delivers malware payloads to the network after connecting to malicious APs Ad-Hoc Network Uses peer-to-peer connections to evade security controls Misconfigured AP Opens networks to attack as a result of configuration errorsKRACK (WPA2) Dragonblood (WPA3)
- 4. Copyright ©2019 WatchGuard Technologies,Inc. All Rights Reserved Is the SSID Broadcasted from a Legitimate Source? 2019 2 downgrade attacks aka Evil Twin Dragonblood 2017 MAC spoofing aka Evil Twin WPA2 2018 Russian GRU attacks Battery powered, LTE equipped Evil Twin attacks: US/Canada/EU/Brazil Full video: watchguard.com/wips Security education, latest news:
- 5. Copyright ©2019 WatchGuard Technologies,Inc. All Rights Reserved Building a Trusted Wireless Environment Install WLAN infrastructure that meets 3 requirements: MARKET-LEADING PERFORMANCE You should never be forced to compromise security to achieve adequate performance to support your environment with speed, connections and device density that it needs SCALABLE MANAGEMENT With easy set-up and management, you should be able to control your entire wireless network from a single interface and execute key processes to safeguard the environment and its users VERIFIED COMPREHENSIVE SECURITY You need proof that your security solution defends your business against Wi-Fi attacks and can deliver on the following benefits: • Provide automatic protection from the six known Wi-Fi threat categories • Allow legitimate external access points to operate in the same airspace • Restrict users from connecting to unsanctioned Wi-Fi access points
- 6. Copyright ©2019 WatchGuard Technologies,Inc. All Rights Reserved Trusted Wireless Environment from the Users’ Perspective Legitimate AP with Security running • Constantly monitors for threats • Breaks OTA client association to threats • Blocks wired traffic from threats Office laptop ARP poisoning, tar-pitting, etc.. OTA de-auth, cell-splitting, etc… Mom-friendly
- 7. Copyright ©2019 WatchGuard Technologies,Inc. All Rights Reserved How about from the admin/SP/WISP perspective? 7 • Managed security service • WLAN security assessments • Pre-Compliance (PCI, etc.) Wi-Fi Performance or Security? You Can Finally Offer Both. New Source of Service Revenue
- 8. Copyright ©2019 WatchGuard Technologies,Inc. All Rights Reserved Wi-Fi You Can Trust Follow #TrustYourWiFi Sign the petition: TrustedWirelessEnvironment.com Swing by the booth and let’s talk
- 9. Copyright ©2019 WatchGuard Technologies,Inc. All Rights Reserved www.TrustedWirelessEnvironment.com
Editor's Notes
- Here to raise awareness and ask a favor of my fellow technology builders: standards and testing organizations, chipset developers, AP vendors! Wi-Fi hacking has not been solved for the everyday persos and it’s an incredibly vague area of technology Lacks common language… lacks clarity of exact problems, exact threats, exact ways to prevent them.. The favor is… let’s talk, let’s collaborate, let’s band together to impact changes in the 802.11 protocol standard so wi-fi hacking can be put behind us as we grow to the future. This problem is bigger than WG, bigger than any of in the room
- Rogue AP: big box retailer..anyone with access to a switch closet… or the bank in latin America Evil Twin AP: san diego airport or anyone nearby an office EVERYONE PULL OUT YOUR PHONE!! Neighbor AP: health care person with a tablet trying to get around a web URL filter connecting to hotspot next door…but could be evil twin Rogue client: think about that health care person who accidentally connected to an evil twin, hit an evil splash portal which ran a browser exploit to load malware on the host… Ad hoc: certain industries have to track all shares of a file… (CASB) Misconfigured AP: distributed sites like quick serve restaurants, retail branches, local staff not with a lot of IT experience. Evil twin is the worst IMHO and next slide shows why
- This is typically one of the lightbulb moments when I’m speaking with an audience, journalist, colleague: how can you (the human), or your client device know for certain the SSID is broadcasted from a legit/safe source and not my friend there with a shifty device?
- - Auto detection and prevention – must allow legitimate external APs to co-exist peacefully in the same airspace - Wi-Fi Alliance, Miercom’s doing it now, but perhaps an opportunity for WFA too Performance vs security – dedicated security radios, enough horse power in the AP Scalable management – cloud ideally, no limit to number of APs
- - WG does it our own way This is bigger than WG, than any of us in the room Here’s an example of what it looks like from the users’ perspective
- This is our vision of the future: a symbol/icon that everyday users like my mom can visually see and know that they can trust this particular Wi-Fi. Join us by signing the petition at twe.com. Everyone’s voice counts. We need to stand together to demand change and everyone here can help us in this mission
- We want to join forces, discuss ways to implement TWE at the protocol/standards level Help spread the education. In this truest sense, knowledge is power Edgar: wi-fi alliance (testing!) Qualcomm, chipsets: implementation Other WLAN infrastructure vendors: join movement and educate the market with us Client devices: implementation, consumer experience