Upload
insight24
View
2.362
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Cisco presentation on the benefits of the Guest Access and network security associated with WLAN
Citation preview
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Strategies for Delivering Secure Wireless Guest Access
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Cisco Mobility TV
Mobility TV HostChris KozupMarketing Manager, Mobility Solutions,Cisco
Scott PopeManager,
Guest Access Product Management,
Cisco
Tony DiepIT Theater Service Manager for US &
Canada, Cisco
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Thank You for Joining Us Today
The next wireless and mobility videocast event will take place on May 8, 2007 at 10:00 AM Pacific
The featured subject will be Outdoor Wireless
To register visit:http://www.cisco.com/go/semreg/mobilitytvepisodes/142299_3
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Wireless in the News
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Cisco Mobility Express Solution
Affordable business-class mobility solution announced for small and medium businesses
Application-BasedAccess Points, Controllers, plus Application Servers
Cisco Mobility Express Solution
Controller-BasedAccess Points Plus Controllers
Offer a Mobile Foundation for All
StandaloneAccess Points
Grow with Your Business
Adapt to Your Level of Sophistication
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Cisco Empowers the Wireless Branch Office
Cisco introduces new WLAN Controller Module for the ISR and new 3G WAN interface to create the Empowered Wireless Branch
EmpoweredWireless Branch
Integrated3GWirelessWAN
ISRWireless
LAN
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Cisco Wins TechTarget’s 2007Gold Award
Cisco awarded TechTarget Gold Award for Product Leadership in the Wireless Category
Gold Award:Cisco WiSM/WLSM
7
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Cisco Teams with the NBA
The NBA partners with Cisco to transform the experience of sports through the use of technology
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Upcoming Cisco Wireless Events
InteropLas Vegas, Nevada
May 20–26, 2007
Cisco Secure Wireless Road ShowSixteen cities in North America
Ask your account rep for details
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Agenda
Why Secure Guest Access?1Cisco on Cisco: Guest Access Case Study2Cisco’s Secure Wireless Guest Access Solution3
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Business Trends and Challenges
Trends Widespread wireless deployment
Over 65% of businesses use WLAN
Mobility services new business imperative
67% of businesses reported up to 50 visitors per month requiring network access*
Increased pressure to reduce network operational cost and complexity
Research case revealed ROI of up to 328%*
ChallengesOptimize partner, vendor and customer interactions with wireless access to network resources
Deliver guest access without exposing internal resources to security threats
Security ranks as #1 wireless network concern
Source: WLAN Adoption Study, Forrester Research, 200611
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Wireless Guest Access Is Changing Business
RetailProviding customers real-time product or service information for an enhanced, better informed consumer experience
HealthcareAllowing suppliers to place refill orders on the premises to minimize inventory shortages
FinancialEnabling consultants to complete audits more accurately efficiently
Carpeted Office
Providing secure access to business partners and consultants to ensure faster decision making and increased business agility
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Cisco Mobility TV
Mobility TV HostChris KozupMarketing Manager, Mobility Solutions,Cisco
Scott PopeManager,
Guest Access Product Management,
Cisco
Tony DiepIT Theater Service Manager for US &
Canada, Cisco
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Cisco on Cisco Guest Access
Build a policy and architecture in which:Non-Cisco employees can access the Internet
a) Where and when Cisco deems appropriate
b) With Cisco's permission
c) From Cisco’s infrastructure
d) Secure, authenticated, recorded
Objectives and Constraints
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Cisco on CiscoGuest Access Architecture
WWW
Guest Data
Guest traffictunneled in GRE
BBSM
“hotspot.cisco.com”
Employee generates
access code via portal
Corporate
Current – Layer 3 Architecture
WWW
Guest Data
Guest traffictunneled in GRE
NAC Appliance
“hotspot.cisco.com”Corporate
Planned – Strategic
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Wireless voice SSIDEAP-FAST authenticationWPA encryptionQoSBroadcast = NO
Guest networking SSIDOpen authentication
No encryptionBroadcast = YES
Two production data SSIDsEAP-FAST authenticationCKIP encryption on oneWPA encryption on the otherBroadcast = NO
Cisco wireless voice users
Cisco wireless data users
NON-Cisco, guest WLAN users
Cisco on CiscoWireless SSID Architecture
Common SSID configuration for all access points
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Cisco on CiscoGuest Usage Trends - Global
0
5000
10000
15000
20000
25000
30000
Jan-0
5
Mar
-05
May
-05
Jul-0
5
Sep-0
5
Nov-05
Jan-0
6
Mar
-06
May
-06
Jul-0
6
Sep-0
6
Nov-06
Jan-0
7
Mar
-07
Guest Users
Average of 19,000 users per month (and rising)
Over 228,000 guests past 12 months
Over 330 buildings with wired & wireless guest services
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Cisco on CiscoSupport Cost Analysis – FY 2007
Support Cost of Hotspot.cisco.com FY 2007
Number of Guest Codes (Annual) 228,048
# IT Support Cases (Annual) 578
Support Case Cost ($25 per case) $14,450
Tier 2/3 Support (Est. 1 FTE) $148,000
Total Support Cost$162,450
or$0.71 per guest
Support Cost Pre-Hotspot.cisco.com FY 2007
# of helpdesk calls required (without guest service) 228,048
Total cost of support ($25 x 228,048) $5,701,200
Cost of “Hotspot.cisco.com” (see above) $162,450
Cost Avoidance $5,538,750
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Cost Avoidance
Over $5M in potential support/administrative overhead avoided
Improved Security
Controlled network access
Uncontrolled, non-corporate clients segmented from enterprise network
Improved Turnaround
Access codes can be generated within 15 seconds
Batch codes can be generated for large groups
IT administrative overhead avoided
Staff Empowerment
Visitor sponsors responsible for generating code – no IT support needed
Guest Experience
Branded network experience – Cisco viewed as technology leader
“No hassle” network access
Legal Protection
Users must digitally sign acceptable use policy with legal disclaimer
Cisco on CiscoHotspot Benefits
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Mobility Services … Beyond Connectivity
Security Guest Voice Location
• Guest networks for customers, partners and auditors
• Vendor replenishment networks
• Public access networks
• Automatic, 24 x 7 security and compliance monitoring for breaches via wireless medium
• Network access control based on user location
• Asset management
• Location-based content distribution
• Streamlined workflow using historical location data
• Real-time mobile voice communications
• Improved collaboration via mobile unified communications
• Faster customer service response
Pervasive Wireless Network
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Cisco Mobility TV
Mobility TV HostChris KozupMarketing Manager, Mobility Solutions,Cisco
Scott PopeManager,
Guest Access Product Management,
Cisco
Tony DiepIT Theater Service Manager for US &
Canada, Cisco
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Types of Network Users
CorporateEmployees
• Need internal network access
• Can be role based to allow granular access if needs require
• Need restricted internal access
• Printers
• File Shares
• Specific Applications
• Device Support
Contractors/Consultants
GuestUsers
• Internet Access Only
• No need to access internal systems
• Segment Access Completely
FullAccess
InternetOnly
Cisco Guest Services Give You Control
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Cisco Solutions for Secure Guest Access
Lobby admin portal for user provisioning
End-user registration page
Network partitioning using tunneling
User authentication and authorization in local database or AAA server
Usage logging and reporting
Core features, plus… Network privileges based
on roles
End-user security posture assessment
Full policy-based end-user portal customization using partners
Unification of wireless and wired guest access
Versatile Solutions for Diverse Deployment Environments
Wireless Guest Access in Cisco Unified Wireless
Enhanced Wired and Wireless Guest Access
Core and Enhanced Options
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Wireless Guest Access
1. Back-end segmentation (mobility anchor)
Separate the guest traffic from the corporate internal traffic via EoIP tunnels
2. Lobby ambassador/host portal
Guest user creation and token generation
Served from WLAN Controller or WCS
3. Customizable guest screenServed from WLAN Controller or external server
4. Back-end authenticationLocal WLAN Controller user database or external AAA
Wired/WirelessVLANs
Campus Core
LWAPP LWAPP
SiSi
SiSi SiSi
WCS
EtherIP“Guest Tunnel”
Emp Emp
Internet
Guest Emp Guest Emp
EtherIP“Guest
Tunnel”
DMZ WLAN Controller
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Lobby Ambassador Feature
Simple and Fast Lobby Ambassador feature enables any staff member to enable guests
Integrated Solution Runs on any controller and WCS
Secure Generate individual guest name, unique password and duration of access
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Enhanced Wired and Wireless Guest Access
Cisco NAC Appliance Provides: Very granular role-based access
Endpoint posture assessment and remediation
OS and posture restrictions
QoS policy for guest users
Integration with broader AAA servers
Uniform guest access for wired/wireless
Cisco “GuestNet” Customized Portal: Cisco developed portal services for
“one-stop” shop
Basic portal customization, per-user customization
Partner User Portals Provide: Extensive portal customization
Customizable logging, reporting, billing
Temporary user accounts for email, printing, etc.
Campus Core
LWAPP LWAPP
SiSi
SiSi SiSi
WCS
EtherIP“Guest Tunnel”
Emp Emp
Internet
Guest Emp Guest Emp
EtherIP“Guest
Tunnel”
DMZ WLAN Controller
NAC Appliance
Wired/WirelessVLANs
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Role-Based Access Control Validates authorization policies
and privilegesLayer 3/Layer 4 role-based access control (RBAC) to permit access to specific port, protocol, or subnet
Supports multiple user rolesCustomized portals per guest user group – redirection to a pre-defined page for acceptable user policy notice
Bandwidth throttling for each user role by assigning shared or dedicated bandwidth usage
Secures internal wired Ethernet ports
Scans for Security RequirementsGuest session access scheduling
Pre-configured Windows critical hot fixes and anti-virus application checks
Performs repair and update Self remediation for quarantined users
2727
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Implementation Considerations
Ensure guest access to only Internet and authorized network resources
Eliminate IT administrator involvement with user authorizations
Leverage integration of wired and wireless network (policies and administration)
Ensure internal users and applications have priority over guests
Monitor network use and prohibit services on location or per-user basis
Whatever the Business Reason for Guest Access, Implementation and Security Goals Should:
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
With Wireless…Now You Can
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1
Now You Can…
Enhance your customer’s retail experienceIncrease the time and money customers spend on site
Improve vendor productivity and accuracyAllow suppliers to update inventory or restocking data real-time
Provide a virtual support network for hospitalized patients
Enable connectivity to the outside world with online access to family, friends, research, entertainment
Track when and where users access the network
Ensure the security of your facility and critical business data
30
© 2007 Cisco Systems, Inc. All rights reserved.
13490_03_2007_c1