Embed Size (px)
DESCRIPTION
Citation preview
© 2013 AirTight Networks, Inc. All rights reserved.
Top 5 Wi-Fi Security Threats
Dr. Pravin BhagwatCTO, AirTight Networks
© 2013 AirTight Networks, Inc. All rights reserved. 2
Wave of Wireless Consumerization
Uncontrolled increase in Wi-Fi devices
Most client Wi-Fi devices can operate in multiple modes
Do you know what’s happening on your network and premises?
© 2013 AirTight Networks, Inc. All rights reserved. 3
TJX Breach – The Tip of the Iceberg
Additional breaches
© 2013 AirTight Networks, Inc. All rights reserved. 4
Rogue APs
• APs attached to the enterprise LAN without permission
• Backdoor to the enterprise LAN
© 2013 AirTight Networks, Inc. All rights reserved. 5
Soft Rogue APs
Network interface bridging Internet connection sharing (ICS) Add-on devices (e.g., Windy31) Windows 7 Virtual Wi-Fi
© 2013 AirTight Networks, Inc. All rights reserved. 6
Client Misbehavior and Man-in-the-middle Attacks
• Ad-hoc connections• Connections to external APs• Probing for vulnerable SSIDs• Honeypot/Evil Twin target
© 2013 AirTight Networks, Inc. All rights reserved. 7
Bring Your Own Device (BYOD)
WPA2/802.1x alone cannot prevent unauthorized devices from accessing the enterprise network
© 2013 AirTight Networks, Inc. All rights reserved. 8
Recap of Common Intrusion and Extrusion Threats
© 2013 AirTight Networks, Inc. All rights reserved. 9
Wireless Security Strategies That Don’t Work!
We don’t have “that” problem because…A “No Wi-Fi” policy without enforcement
© 2013 AirTight Networks, Inc. All rights reserved. 10
MDM ≠ Network Security
What is the incentive to install MDM agents on personal devices?
Scope limited to “managed” devices that run MDM agent
No visibility into Rogue APs, Soft Rogues, Mobile Wi-Fi Hotspots
© 2013 AirTight Networks, Inc. All rights reserved. 11
NAC ≠ Wireless Security
Cannot block Rogue APs, Soft Rogues, Mobile Wi-Fi Hotspots
Scope limited to BYOD on “managed” WLAN
Suffers from “blind spots” – unauthorized Wi-Fi devices connecting via authorized devices
© 2013 AirTight Networks, Inc. All rights reserved. 12
Wireless Intrusion Prevention System (WIPS)
Automatic Device Classification
Comprehensive Threat Coverage
ReliableThreat Prevention
AccurateLocation Tracking
BYOD Policy Enforcement
© 2013 AirTight Networks, Inc. All rights reserved. 13
Wireless Security Enforcement using WIPS
With this in place, your network is protected from all types of wireless threats, vulnerabilities and attack tools!
External APs
Rogue APs (On Network)
Authorized APs
AP Classification
STOP
Client ClassificationPolicyMis-config
GO
STOP
IGNORE
DoS
External Clients
Authorized Clients
Rogue Clients
AUTOMATICALLY DETECT AND BLOCK RED PATHS!
© 2013 AirTight Networks, Inc. All rights reserved. 14
Identifying a True WIPS: WIDS vs. WIPS
True WIPS ApproachProtects against the fundamental wireless threat building blocks
Prevalent WIDS ApproachCat and mouse chase of exploits, tools and signatures
© 2013 AirTight Networks, Inc. All rights reserved. 15
Thank You!
Cloud Managed Secure Wi-Fi Solutions
[email protected]@AirTight+1 877 424 7844
US DoD Approved
![OdakyuAndroid t Google play] Wi-Fi Android ios t App Store] Wi-Fi [App Store] [iPhone Profile) Wi-Fi # —E Odakyu Odakyu Free Wi-Fi Android [Google play] WI-Fi Android [App Wi-Fi](https://img.pdfslide.us/doc/110x75/5fcc31f69b77e950d81a9828/android-t-google-play-wi-fi-android-ios-t-app-store-wi-fi-app-store-iphone.jpg)
![Adobe Photoshop PDF...Access Point LLIJtJ Dual Band Wi-Fi Access Point Wi-Fi Access Point tin] Wi-Fi 97 Wi-Fi AUDIOPHILE VIDEOPHILE nnsW01wa0QnnIWãlluunnunnvvao ñ00f-h01sQIfiðŠ](https://img.pdfslide.us/doc/110x75/5f13acbb3777f75a635fee7f/adobe-photoshop-pdf-access-point-llijtj-dual-band-wi-fi-access-point-wi-fi-access.jpg)
