Embed Size (px)
Citation preview
1
Fortifying Wireless Networks
2
Server
Users
Traditional Wired Network
Well-Defined Network Edge, Straightforward to Manage and
Secure
INTERNET
SECURE INTERNAL NETWORK
3
Users
INTERNET
Trouble Connecting to WLANs
Hacker in Parking Lot
Users Connecting to Neighboring Networks
Rogue AP
Network Edge Blurred, New
Attack Vectors ‘Behind’ the
Firewall
Wireless Changes Everything
Server
4
Electricity Grid in U.S. Penetrated By Spies Wall Street Journal
Cover story: 08/04/2009
WASHINGTON -- Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.
Article By SIOBHAN GORMAN Associated Press
Technology is a Target
5
Wireless – a Critical part of the NetworkThe Reliability Issue
TECHNOLOGYPROBLEMS
Connectivity can be Impacted by Many Outside Factors
Much Wider Variety of Client Settings than Wired Networks
Problems are Transient – Like the Devices
RF is a New Technology forSome Network Engineers
BUSINESS / ORGANIZATIONALPROBLEMS
Wireless is the #1 Culprit – Blamedfor Everything
Too Many Support Calls are Escalated to Wireless Networking Team
Tools Unavailable at Remote Sites Where Issues are Present
Site Visits are Very Expensive
Connectivity ProblemsRoaming Issues
Coverage & CapacityNoise & Interference
6
PROTECTIONFOR ANY
WLAN
Trouble-shooting
Compliance
Security
SECURITYRogue Elimination
Intrusion Detection
Automated Defenses
Forensic Analysis
Legacy Protection
Mobile Protection
COMPLIANCE
24x7 Policy Monitoring
Flexible Definition
Custom Reports
PCI, HIPAA, GLBA, US DoD, SOX Reports
Granular Forensic Records
TROUBLESHOOTING
Solve Issues Remotely
Level 1 Helpdesk
Proactive Monitoring
Spectrum Analysis
Interference Detection
LiveRF Coverage
Remote Packet Capture
Historical Analysis
Wireless Intrusion Prevention Solutions(WIPS)
7
Gartner Group – Wireless / WIPS requirements
From: Gartner Group Marketscope for Wireless Intrusion Prevention Systems John Pescatore, John Girard July 2008
“What you Need
Wireless networks remain a potentially significant vulnerability for enterprises, as a continuing stream of wireless LAN (WLAN)-based security incidents demonstrates. Because most enterprises support WLANs, enterprises must ensure that vulnerability management and intrusion prevention processes are extended o cover wireless and wired networks. WLAN security monitoring is required to ensure that support WLANs are kept secure and the users do not install their technologies where WLAN (or faster technologies, such as 802.11n) are not supported”
8
US DoD – Wireless / WIPS requirements
Wireless Intrusion Detection Systems (WIDS) were then added as a DoD requirement
US DoD Wireless Policy
The Department of Defense (DoD) Directive Number 8100.2 was issued on April 14, 2004. TheDirective covers the use of commercial wireless devices, services, and technologies in the DoDGlobal Information Grid (GIG). The Directive spells out policies for deploying secure wirelessnetworks, and requires monitoring of those wireless networks for compliance. Additionally, theDirective states that wireless networks are banned from use in certain areas, and it coverspolicies for banned and authorized wireless networks.
On June 2, 2006 the DoD issued a supplemental policy and guidance to 8100.2 with the objectiveof enhancing overall security guidance and to create a foundation and roadmap for increasedinteroperability that embraces open standards regarding Wireless LAN (WLAN) technologies.This policy applies directly to IEEE 802.11 based WLAN devices, systems and technologies andexcludes cellular, Bluetooth, WiMax and proprietary RF communication standards.
9
Existing WLAN infrastructure as
overlay
Need to know Security policy is in effect
-- Motorola, Cisco, Aruba, Trapeze…
NEW - Highly cost effective On-board
WLAN/WIPS
Integration AccessPoint und Sensor
Need to know Security policy is in effect
No WLAN Policy
Security policy is NO wireless
But…how do they know?
Issues:Printers, USB WLANs,“Dual Homed Clients”(Ethernet & WLAN),u.a.
Environments needing WIPS
10
Typical WIPS solution Architecture
HEADQUARTERS
WIPS Appliance
Sensor
FIELD OFFICES
FIELD OFFICES
Innovative Add-on Modules
WEP Cloaking
A Migration Step to Protect Legacy
Encryption Protocols. Meet
PCI Requirements While Upgrading to
WPA
Spectrum Analysis
Detect & Classify Common Types of
RF Interference Sources Including
Microwaves, Bluetooth etc.
LiveRFReal-time
Assessment of Wireless Network
Performance. Centrally Analyze & Troubleshoot
Connectivity Issues
Advanced Forensics
Rewind & Review Detailed Wireless Activity Records
for Forensic Investigations & Troubleshooting
Advanced Trouble-shooting
Provides Faster Resolution of
Wireless-related Issues as Well as
Proactive Resolutions
Mobile Workforce Protection
End-point Security to Protect Mobile Users Regardless
of Location
Rogue Detection & Elimination
Intrusion Detection
Automated Termination
Policy Compliance
Wireless Troubleshooting
Forensic Analysis
Location Tracking
Enterprise-class Scalability
Rogue Detection & Elimination
Intrusion Detection
Automated Termination
Policy Compliance
Wireless Troubleshooting
Forensic Analysis
Location Tracking
Enterprise-class Scalability
11
Optimal WIPS Solution Architecture
Centralized, Hardened Appliance
Protection for WLAN Infrastructure and Devices
Secure Layer 3 Connections Between Sensors and Appliance
Minimal WAN Bandwidth Needed by Sensors, < 3Kb/s
Two Types of Sensors:Dedicated Sensors are Separate Devices, Use One for Every 3-5 APs
Integrated Sensors are Built Into Access Points
All Sensors Provide 24x7 Protection for Gap-free Security
NETWORK
Distributed Collaborative Architecture is Highly ScalableDistributed Collaborative Architecture is Highly Scalable
Integrated AP/Sensor
FIELD OFFICE
Central Appliance
Dedicated Sensor
CORPORATE OFFICE
12
Combined AP & SensorOptimal – full-time sensing/WIPS
For years customer have asked for a single device as AP and Sensor
Some solutions were “part-time” – when AP was not busy, would scan some channels. NOT recommended.
New in market – APs with multiple Radios – where 1 radio can be “assigned” a sensor.
Imperative – sensor MUST be full time!
Imperative – if device is sensor and AP – is it scanning all channels?
Reduced Deployment Cost – No Overlay Sensor Deployment
13
Status on – “n”
Requires sensor to have ‘n’ radio – more expensive usually
In the market are some Dual-radio APs to Use One Radio for Dedicated WIPS Sensing – most cost effective option
There are sensors to cover ‘n’
In a no wireless environment ‘n’ can be a new threat
Unless “green-field” ‘n’ – b, g radio sensors will see all traffic
14
Wireless Intrusion Prevention Solutions(WIPS) – what you should require
COMPLIANCE
24x7 Policy Monitoring
Flexible Definition
Custom Reports
PCI, HIPAA, GLBA, US DoD, SOX Reports
Granular Forensic Records
TROUBLESHOOTING
Solve Issues Remotely
Level 1 Helpdesk
Proactive Monitoring
Spectrum Analysis
Interference Detection
LiveRF Coverage
Remote Packet Capture
Historical Analysis
PROTECTIONFOR ANY
WLAN
Trouble-shooting
Compliance
Security
PROTECTIONFOR ANY
WLAN
Trouble-shooting
Compliance
Security
SECURITYRogue Elimination
Intrusion Detection
Automated Defenses
Forensic Analysis
Legacy Protection
Mobile Protection
COMPLIANCE
24x7 Policy Monitoring
Flexible Definition
Custom Reports
PCI, HIPAA, GLBA, US DoD, SOX Reports
Granular Forensic Records
TROUBLESHOOTING
Solve Issues Remotely
Level 1 Helpdesk
Proactive Monitoring
Spectrum Analysis
Interference Detection
LiveRF Coverage
Remote Packet Capture
Historical Analysis
15
Eliminate Rogues on the Network
Differentiate Between Neighbors and Rogue Devices Automatically
Identify Every Type of Rogue Device Connected to the Network
Historical Record of Associations & Traffic
Automatic Elimination
Automatically Finds and Removes All Rogue DevicesAutomatically Finds and Removes All Rogue Devices
REMOTE OFFICE NEIGHBORDETECT - ANALYZE - ELIMINATE
Dedicated Sensor
OpenRogue AP
Encrypted Rogue AP
Rogue APBehind Firewall
Soft AP
Rogue Devices Can be Anywhere on the Network and can be Encrypted
16
Comprehensive Intrusion Detection
Sensors
PROTOCOL ABUSE
ANOMALOUS BEHAVIOR
SIGNATURE ANALYSIS
POLICY MANAGER
Correlation Engines Context-Aware Detection Engines
Broad set of Threats DetectedReconnaissance & Probing
Denial of Service Attacks
Identity Thefts, Malicious Associations
Dictionary Attacks; SecurityPolicy Violations
Minimal False PositivesCorrelation Across Multiple Detection Engines Reduces False Positives
Most Accurate Attack Detection
Powerful Detection with Minimal False PositivesPowerful Detection with Minimal False Positives
DETECTIONDISCOVERY ANALYSIS
17
Automated Wireless Protection
Wireless TerminationTargeted Disruption of Wireless Connections
No Impact to Allowed Network Traffic
Compliant with Applicable Laws & FCC Regulations
Wired Port SuppressionSearch Wired Network to Locate the Switch-port a Rogue Threat is Attached to
Safeguards Ensure Only Threat is Disconnected
Wireless ACLPrevent Wireless Stations from Connecting to the WLAN
Sensor
WIPS Appliance
Switch
Laptop
Neighboring AP
APs
Wireless Station
AP
Terminated: AccidentalAssociation
Port Suppressed: Rogue AP
ACL Enforced: Rogue Station
Comprehensive Threat Mitigation that is Powerful & Safe to UseComprehensive Threat Mitigation that is Powerful & Safe to Use
18
Forensic Analysis
Extensive Forensic DataMonths of Historical Data Accessiblefrom System
325+ Statistics per Device per Minute
Device Connectivity & Activity Logs
Valuable Business InformationAccurate Records for Forensic Analysis & Policy Compliance Reporting
Determine Exact Time & Impact ofAttempted Attacks
Record of Wireless Performance and Connectivity Issues
FORENSIC SUMMARY
ASSOCIATION ANALYSIS
Unrivaled Visibility into Network Activity & Threats
19
SECURITYRogue Elimination
Intrusion Detection
Automated Defenses
Forensic Analysis
Legacy Protection
Mobile Protection
TROUBLESHOOTING
Solve Issues Remotely
Level 1 Helpdesk
Proactive Monitoring
Spectrum Analysis
Interference Detection
LiveRF Coverage
Remote Packet Capture
Historical Analysis
Wireless Intrusion Prevention Solutions(WIPS) – what you should require
PROTECTIONFOR ANY
WLAN
Trouble-shooting
Compliance
Security
SECURITYRogue Elimination
Intrusion Detection
Automated Defenses
Forensic Analysis
Legacy Protection
Mobile Protection
COMPLIANCE
24x7 Policy Monitoring
Flexible Definition
Custom Reports
PCI, HIPAA, GLBA, US DoD, SOX Reports
Granular Forensic Records
TROUBLESHOOTING
Solve Issues Remotely
Level 1 Helpdesk
Proactive Monitoring
Spectrum Analysis
Interference Detection
LiveRF Coverage
Remote Packet Capture
Historical Analysis
PROTECTIONFOR ANY
WLAN
Trouble-shooting
Compliance
Security
PROTECTIONFOR ANY
WLAN
Trouble-shooting
Compliance
Security
20
Regulatory Compliance
RETAIL
FEDERAL HEALTHCARE
CORPORATE
Payment Card Industry (PCI) Data Security Standard (DSS)
Automated Wireless Scanning andRogue Wireless Elimination
Wireless Intrusion Prevention
Encryption Policy Enforcement
Department of Defense 8100.2 Directive
Must have 24x7 Dedicated WIDS
Applicable Regardless ofWLAN Deployment
Common CriteriaCertification Needed
Location Tracking Mandatory
Health Insurance Portability and Accountability Act (HIPAA )
Encryption Validation
Security ConfigurationManagement
HIPAA Compliance Reports
Sarbanes Oxley (SOX) Compliance
Gramm-Leach-Bliley Act (GLBA)
Protect Confidentiality and Integrity of Corporate Data Transmitted Wirelessly
Reporting and Audit Support
DoD Standard Compliance Report
21
Policy Compliance & Reporting
Fully Customizable Reporting and Dedicated Monitoring ofPolicy Compliance and Network Performance
COMPLY
Monitor
Enforce
DefineDEFINE WIRELESS
POLICY
CUSTOMIZABLE REPORTING
22
SECURITYRogue Elimination
Intrusion Detection
Automated Defenses
Forensic Analysis
Legacy Protection
Mobile Protection
COMPLIANCE
24x7 Policy Monitoring
Flexible Definition
Custom Reports
PCI, HIPAA, GLBA, US DoD, SOX Reports
Granular Forensic Records
Wireless Intrusion Prevention Solutions(WIPS) – what you should require
SECURITYRogue Elimination
Intrusion Detection
Automated Defenses
Forensic Analysis
Legacy Protection
Mobile Protection
COMPLIANCE
24x7 Policy Monitoring
Flexible Definition
Custom Reports
PCI, HIPAA, GLBA, US DoD, SOX Reports
Granular Forensic Records
TROUBLESHOOTING
Solve Issues Remotely
Level 1 Helpdesk
Proactive Monitoring
Spectrum Analysis
Interference Detection
LiveRF Coverage
Remote Packet Capture
Historical Analysis
PROTECTIONFOR ANY
WLAN
Trouble-shooting
Compliance
Security
PROTECTIONFOR ANY
WLAN
Trouble-shooting
Compliance
Security
23
PAST PRESENT FUTURE
HISTORICAL TROUBLESHOOTING TOOLS
Detailed Forensics
Scope Forensics
Alarm Forensics
PROACTIVE TROUBLEPREVENTION
AP Testing
Policy Compliance
Performance Policy
REAL-TIME TROUBLESHOOTING TOOLS
LiveView
Connectivity Troubleshooting
AP Testing
Spectrum Analysis
LiveRF
End-user Feedback Performance Alarms & Reports
Centralized WLAN Troubleshooting
Remote Troubleshooting
24
Remote Visibility
Real-time View of WLANTurn Any Sensor into a ‘Sniffer’
Full Layer 2 Frame Capture
Visualize Wireless Traffic Flow
28 Different Graphical Views
Low Network Support CostsReal-time View of Remote WLAN
Advanced Centralized Troubleshooting
Reduced on-site Support Cost
Increased WLAN Uptime
Remote WLAN Troubleshooting with Real-time Analysis
FRAME CAPTURE
REAL-TIME TRAFFIC
CONNECTION ANALYSIS
25
Advanced Troubleshooting
Connection TroubleshootingDesigned for Level 1 Helpdesk
Quickly Determine if it is a Wireless or Wired Network Issue
Simple Debugging of Wireless Issues
Escalation Only if Necessary
Centralized Troubleshooting
AP Connectivity TestProactively Test One or More APs
Find Problems Before Disruption
Analyze Wireless and Wired Network from Clients Perspective
Schedule Automatic Tests
Test Access to Wired Applications
SecureServer
WAN
DHCPServer
ApplicationServer
DATA CENTER REMOTE LOCATION
26
Spectrum Analysis Module
Physical Layer TroubleshootingDetect non-802.11 Interference – Microwaves, Bluetooth, Frequency Hopping Devices etc.
2.4 and 5 GHz Band Support
Remote Real-time Spectrograms
AutomatedInterference DetectionUse Existing Sensors – No Special Hardware Needed
Remote Detection of Interference
Automatic Interference Alarms
Improve Wireless Performance
FULL SCAN
CLASSIFY INTERFERENCE
SOURCES
27
Coverage Mapping
Understand Wireless Coverage & Impact on ApplicationsReal-time RF coverage analysis
Building Aware Prediction of Coverageand Capacity
Application Specific Simulations– Voice, Video, Data
Centralized and Remote Analysis
VIEW SIGNAL COVERAGE FOR APPLICATIONS
COVERAGE CHANGE WITH INTERFERER
Wireless CameraUsed as Interference
Source
Comparison of VoIP Coverage
28
Continuous Rogue Detection – US Dept of Energy (DOE)
– Federal Aviation Administration (FAA)
– US House of Representatives
– Department of Agriculture (USDA)
– Defense Advanced Research Agency (DARPA)
– US Marine Corp
– Defense Information Systems Agency (DISA)
28
Government Usage – No-wireless Policy
DISA FBIDoL DoS DoE
FCC SEC
29
Existing WLAN – WIPS – non-DoD– Department of Energy (DOE)
– Security and Exchange Commission (SEC)
– Veteran Affairs (VA)
– Bureau of Labor Statistics
– Federal Communication Commission (FCC)
– Social Security Administration (SSA)
– National Archives
29
Government Usage – In-building Wireless IDS(US Non-DOD)
DISA FBIDoL DoS DoE
FCC SEC
30
Indoor WLAN – WIPS – DoD– US Army
– Defense Commissary Agency (DeCA)
– Defense Logistics Agency (DLA)
– Joint Forces Command (JFCOM)
– Naval Space and Warfare Command
– Naval War College
30
Government Usage – In-building Wireless IDS(DOD)
DISA FBIDoL DoS DoE
FCC SEC
– Naval Hospital Jacksonville
– DISA Joint Interoperability Test Center (JITC)
– Defense Manpower Data Center
– National Security Agency (NSA)
– National Geospatial Agency (NGA)
31
- Dept of Homeland Security – Customs and Border Protection (CBP)
– FBI
• Securing WLANs of field-deployed tactical units (portable units)
– Navy Pierside Wireless Project
• Securing ship-to-shore wireless bridging at every Naval port
31
Government Usage – Outdoor Wireless IDS(DOD)
DISA FBIDoL DoS DoE
FCC SEC
– Navy Shipboard Wireless
• Securing onboard WLAN for inventory application (barcode readers)
– Wireless Perimeter Video Surveillance – 3 Navy sites, 1 Army site
– Navy Tactical Field-deployed WLAN - air traffic control center – 5 systems
– Naval Shipyard Outdoor WLAN - Securing outdoor WLAN mesh
32
• - Laptop lockdown (no-wireless policy)
• DOD – AirDefense Personal
– Secure Wireless Remote Access
• DISA – AirDefense Personal for telecommuting initiative
• DHS – AirDefense Personal
– Cybercrimes – using AirDefense Mobile for WiFi surveillance
• DHS
• Naval Criminal Investigative Service (NCIS)
– Warwalking – AirDefense Mobile for enforcing no-wireless policy
• Pentagon
• Navy
• National Park Service
32
Government Usage – Mobile Wireless Analyzers and Client based controls
33
Conclusion
WIRELESS SECURITY IS PARAMOUNT
Stating you have no wireless – is not enough!
Several Recent Data Breaches Have Happened Over Wireless
CENTRALIZED WIRELESS MONITORING NEEDED
Rogue Wireless Access and Wireless Attacks on the Rise
Significant OPEX in Resolving WLAN Connectivity and Performance Problems
Expect the most from the solution you select!
Automated Elimination of All types of Rogue Wireless Devices
Detection of 200+ Attacks and Policy Violations
Centralized, Advanced Troubleshooting of Wireless Connectivity Issues
Wireless Compliance Validation and Reporting
Integrated Deployment with WLAN – Common AP + Sensor Hardware, Integrated Management
