AirTight Networks - Wireless Security 2011
-
Upload
risk-analysis-consultants-sro -
Category
Technology
-
view
2.917 -
download
1
description
Transcript of AirTight Networks - Wireless Security 2011
The Global Leader in Wireless Security Solutions2011 AirTight Networks, Inc.
Proprietary & Confidential.
AirTight Networks The Global Leader in
Wireless Security
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 2
Agenda
Some real life scenarios Wireless security, common perceptions and the solution AirTight Customers and Why Wireless Security AirTight Advantage – Marker Packets Security of smart devices – phones and tablets
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 3
Organization 1: • 52 Unauthorized wireless users• 18 Employees connected to vulnerable WiFi• 23 Ad-hoc connections• 7 Victims of Honeypot attacks• 5 Open connection • 2 Rogue APs
Organization 2• 331 ad-hoc connections• 26 Employees connected to Open APs• 94 Open APs• 375 WEP APs• 28 Vulnerable SSIDs
Organization 3• Sr. Exec laptop connected to wireless printer
Open Connections Unauthorized clientsMis-associating clients Ad-hoc ConnectionsWEP ConnectionsHoney attacks
Open ConnectionsRogue APs
WEP Connections
Vulnerable SSIDs
Wireless Vulnerabilities Observed
L5
L4
L5L4
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 4
Wired Security Broken With Wireless Vulnerability
Weakest link be attacked
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 5
WIPS: A High Security & Compliance Requirement
DISA mandates WIPS (June 2006)
WIDS are required for all DoD wired and wireless local area networks (LAN). WIDS monitoring will ensure full awareness of any wireless activity within DoD network environments. WIDS must continuously scan for and detect authorized and unauthorized activities. Continuous scanning is 24 hours / day, 7 days/week.
PCI DSS requirement 11.1 mandates quarterly wireless scans of all locations that process, transmit or store cardholder data – whether or not wireless is deployed.
PCI DSS Wireless Guideline 2.2
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 7
Risk from WLAN Attacks Most Severe and Urgent
Gartner: “Staying Ahead of Next-Generation Threats and Vulnerabilities,” by John Pescatore, June 28-July 1, 2009
Highest Severity & NOW!!
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 8
Common Perceptions….. & Reality
No WiFi Enterprises
WiFi is officially deployed
“We don’t have WiFi & hence we are not affected”
It doesn’t apply to us
“We have encryption, firewalls, IDS, anti-virus installed and hence
we are already protected”
Our security is good enough
Only valid users are allowed
“We have encryption and authentication so no unauthorized
user can access the networkEmployees use smart phones
Rogue, honey pot APs Users connecting to ext WiFi Ad-hoc, DoS attacks ++
Not good enough; Unmanaged connections
Valid user from unmanaged device is a threat
Loss of smart phone Device hygiene - malware Hotspots, tethering
Rogue, honey pot APs Users connecting to ext WiFi
Not secure; There is WiFi
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 11
Classifying Threats And Enforcing Policy
Authorized
ExternalRogue
Authorized Connected to the network Following the security policy
ExternalNot connected to the network Visible in the air
RogueConnected to the network Violating the security policy
AuthorizedConnected to an authorized AP ExternalConnected to an external AP
Access Points ClientsEvents
Authorized
External
Guest
Guest: Connected to the guest networkFollowing the Guest security policyCan not connect to Authorized APs
Guest
GuestConnected to a Guest AP
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 16
Why Customers Buy AirTight Technology
Quarantine APs if connected to enterprise network Prevent WiFi connections to / from enterprise WiFi clients
Quarantine unmanaged APs if connected to enterprise network Prevent enterprise Wi-Fi clients from connecting to external & Guest Wi-Fi Prevent external Wi-Fi devices from accessing enterprise APs and clients Detect & prevent DoS attacks on enterprise Wi-Fi
Establish RF visibility throughout the enterprise and the neighbourhood WiFi vendor agnostic performance monitoring and forensics
No Wi-Fi
Secure Wi-Fi
PCI, And…SOX, GLBA, ISO 27000 …. Compliance
Monitoring
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 17
Marquis High Security Wins
GovernmentGovernment TransportationTransportationTelcoTelco ManufacturingManufacturing
TechnologyTechnology ServicesServicesFinancialFinancial
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 18
Notable PCI Activity
2010 Customer Wins2009 Customer Wins
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 19
Gartner 2010 WIPS Marketscope
4 Time Winner!
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 20
Gartner on AirTight and Wireless Intrusion Prevention
“..a company with a good vision for what people will buy, and this vision is earning them steady year over year growth in both installed base and new clients.”
“AirTight's drop-in SaaS package is affordable and was well-timed to PCI law fortifications…”
“AirTight is appropriate for buyers that are looking for an easy-to-deploy solution with minimal training/skill…”
…strong security and rapid deployment with reduced overhead to setup and configure.
Customer references report that the product is easy to set up and that it avoids false alarms by using multiple checks to classify rogues.
Gartner on AirTight “Lean back system”
“As new wireless technologies emerge, the overlay systems will provide the most flexible approach for rapidly
incorporating monitoring and intrusion prevention.”
Gartner on AirTight “Lean back system”Gartner on AirTight “Lean back system”
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 22
Innovations by AirTightInnovations by AirTight
20 patents granted/allowed
20+ more pending2005
World’s first fully-automated
WIPS
2010
2009
Comprehensive WLAN, SIM/SEM
integration
2006/7
Usability Scalability Availability
2008
World’s first SaaS WIPS
First 11n WIPS
World’s first cloud Wi-Fi and security
solution
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 23
ARP Request Marker Packets (L2)
Sensor sends periodic ARP Requests with signatures in them
Sensor detects if any AP forwards them to wireless side
VLAN
ARP Requests
VLAN
ARP Request Bridge Rogue AP
Sensor
Sensor
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 24
UDP Marker Packets (L3) – Example 2
UDP packet containing signature
NAT Rogue AP
SGE Server
LAN
VLAN 1
VLAN 2
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 25
How CAM table lookup works?
– Sensor sees Client on wireless– Reports its connection to AP
2
3
1– Client connects thru AP – Client MAC gets in CAM – Server polls CAM tables
2
3
1
– AP marked wired to monitored network
Network Connected Bridge AP (AP1)
WIPS Sensor WIPS
Server
Network Switches
1
2 3
Client
111
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 26
Performance Comparison Summary
Criteria Marker Packets
MAC Correlation
1. False negative on NAT APs Never Often
2. False positive on neighbor AP Never Often
3. Latency of detectionLow
(few minutes)
High
(tens of minutes)
4. Configuration, maintenance Zero High
5. Scalability Infinite Poor
6. Manual intervention for classification None Extensive
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 27
Flood of WiFi Enabled Unmanaged Devices
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 28
Comprehensive wireless security
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 29
67 M
95 M
2010 Smartphones
2011 Smartphones
2011 Smartphones + Tablets
140 M
http://www.eweek.com/c/a/Mobile-and-Wireless/Smartphones-Not-Tablets-Top-Consumer-Shopping-Lists-Gartner-127190/
Smart devices in everyone’s pocketUS Smart phone and Tablet Projections
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 30
What it means for enterprise security
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 31
Smart Devices in Enterprise - Threat Vectors
High exposure to data theft• Lost/stolen devices is a cause of concern; since they will carry large amount of
enterprise data
Compromised devices• Native security controls on devices can be rendered inoperative - iPhone
jailbreaking, Android open source
• Malware, spyware and viruses threats
Network intrusion over wireless backdoors• Backdoor entry/exit in network over “tethering” and honeypots
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 32
More than what meets the naked eye!
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 33
Enterprise Security Perimeter
Internet
3G Network
Backdoor Exit
Backdoor Entry
Tethering: Bridging the two wireless worlds!
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 34
Ban them completely, or use some form of white-listing.
What’s your smart phone security game plan?
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 35
No. How will you monitor the unapproved use?
Is banning or white listing by itself sufficient?
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 36
Wi-Fi: Gateway for unapproved use
Wi-Fi presents zero barrier for unapproved smart devices
to enter enterprise networks!
Voilà! We are on
WPA2 enterprise Wi-Fi.
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 37
Single user – Multiple devices
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 39
RespondAnalyze Violation
Detect Violation
Patented wireless client classification and policy enforcement platform in AirTight WIPS
Define White List Criteria
Monitoring unapproved use with AirTight WIPS
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 41
More than what meets the naked eye!