Embed Size (px)
Citation preview
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 1
The Global Leader in Wireless Security Solutions2011 AirTight Networks, Inc.
Proprietary & Confidential.
Niels BoestenJohan van der WelleSimon HollisterSepideh Nazemi
AirTight Secure Wi-FiArmed to Defend Your Network
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 2
Why Wireless Security?
What is wireless security?
• Securing your corporate cabled network against all unwanted Wifi and Wifi threads.
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 3
Existing security solutions focus on the
cabled network
We all think we are safe!
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 4
Wifi is the weakest link unseen by the firewall !
The weakest link will be attacked!
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 5
Rogue Client
Rogue AP
Unauthorized Wi-Fi on enterprise LAN
Poorly secured enterprise Wi-Fi
3G
External AP
Evil Twin
Mobile Hotspot
Employees bypassing enterprise security
Common Wi-Fi Threat Scenarios
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 7
Common Wireless Threats
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 8
“we have a no-wifi policy or no-wifi zones”
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 10
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 11
The Global Leader in Wireless Security Solutions2011 AirTight Networks, Inc.
Proprietary & Confidential.
BYOD Pressure on IT Wi-Fi access is expected everywhere Wi-Fi security risks from personal mobile devices Compliance is tougher to maintain
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 12
Only Effective BYOD Policy Enforcement
Fingerprinting of all smart devices Approved/unapproved classification Blocking unapproved personal devices
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 13
Accurate location tracking of any WiFi activity! (2-5mtrs)
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 15
Top Rated WIPS Available in 3 Configurations
AP + Dedicated WIPS
Dual AP w/ Background Scanning
Dedicated Overlay WIPS
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 16
Complete AirTight Wi-Fi Portfolio
Most Affordable AP
AT-C50 Dual band, single radio
Two configurations: AP + background scanning Dedicated WIPS sensor
DoD Approved WIPS
AT-C60Dual band, dual radio
Multi-modal configuration: AP + background scanning Dedicated WIPS sensor Concurrent AP + WIPS
Most Flexible & Secure AP
New!
AT-C10Dual band, dual radio
Dedicated WIPS sensor Common Criteria FIPS Certified DISA APL
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 17
Public Cloud Private Cloud VMware Appliance
Multiple Deployment Options
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 19
How does it work?Why is auto-classification essential?
Large number of APs visible in air New APs come up often Old APs change configurations Most of them are not Rogue APs• Neighborhood, municipal, hotspot
How do you know which APs are genuine threats?
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 20
The (only) right way to auto-classify: On-wire/off-wire detection
All APs visible in airManaged APs (Static Part)
Unmanaged APs (Dynamic Part)
Not connected to my network
Connected to my network
Authorized AP
External AP
Rogue APThe biggest challenge in implementing such clean workflow is: Robust AP network connectivity
detection
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 21
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 22
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 23
AirTight Networks’ Patented Auto-classification
Competitors’ Auto-classification
RogueExternal
Authorized
70% Rogue (?)
50% Rogue (?)
False negatives
False positives
Works “out of the box” You have to configure complex rules and deal with false alarms
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 24
AirTight’s automatic policy enforcement logic
With this in place, your network is protected from all types of
threats, vulnerabilities and attack tools!
Neighborhood APs
Rogue APs (On Network)
Authorized APs
AP Classification
STOP
Client ClassificationPolicy
GO
STOP
IGNORE
Neighborhood Clients
Authorized Clients
Rogue Clients
DETECT AND BLOCK RED PATHS!
Only SpectraGuard can truly implement this simple workflow because of its ability to automatically and accurately detect if
an AP is connected to the enterprise LAN
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 25
Data Center
HQ
Regional HQ
Regional Office
25
Carrier Scale Information Management
Location based Administration
Location-based Policy Management- Users, VLANs, Configuration of APs, Sensors, Alerts, IPS, etc.
Location based monitoring & reporting
- PCI Compliance, Vulnerability Assessment, Inventory, etc.
- Different administrators and rights for each location
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 26
One Managed Secure Wi-Fi solution
Eliminating Cost, Complexity & Security Risk from Distributed Wi-Fi
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 27
Patented Marker Packet™ Techniques
Wired to Wireless Test
Wireless to Wired Test
Closed Loop AP Connectivity Confirmation
2010 AirTight Networks, Inc. Proprietary & Confidential
Page 29
Thank You!
