Скачать презентацию Bluesocket Complete WLAN Solution Suite Redefines Trust and Скачать презентацию Bluesocket Complete WLAN Solution Suite Redefines Trust and

991e79c48a4ec4e6dd790009fd1ebfe8.ppt

  • Количество слайдов: 39

Bluesocket Complete WLAN Solution Suite Redefines Trust and Simplicity in Complex Environments Sales Training Bluesocket Complete WLAN Solution Suite Redefines Trust and Simplicity in Complex Environments Sales Training Soft-tronik, Prague Gudrun Weinfurtner – Channel Manager Central & Eastern Europe February 2006 © 2005 Bluesocket, inc. Pg-1 Copyright reserved. Copyright and all rights reserved. Secure Mobility™ Solutions Secure Mobility® Solutions

Agenda Solution Overview Company Partner Programm & Tools Pg-2 © 2005 Bluesocket, inc. Copyright Agenda Solution Overview Company Partner Programm & Tools Pg-2 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Solution Overview What is it? Where does it fit? Pg-3 © 2005 Bluesocket, inc. Solution Overview What is it? Where does it fit? Pg-3 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Three Customer Scenarios I don’t have a wireless Network But need do deploy one Three Customer Scenarios I don’t have a wireless Network But need do deploy one I don’t want any wireless in my premises I already have a wireless network but need to improve it (Security, New Applications …) Pg-4 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Milestones in deploying a wireless network Deploying a radio infrastructure Securing Pg-5 © 2005 Milestones in deploying a wireless network Deploying a radio infrastructure Securing Pg-5 © 2005 Bluesocket, inc. Copyright and all rights reserved. Providing a constant service Managing Secure Mobility® Solutions

Providing a Radio infrastructure Planning: Deployment of the AP: • How many Access Points Providing a Radio infrastructure Planning: Deployment of the AP: • How many Access Points • Installation • Where should I place them • Configuration • Which type of AP should I use Pg-6 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Wireless Lanplanner Sample Use: Quick Start AP Placement 1. Initial Facility Floorplan Walls, windows Wireless Lanplanner Sample Use: Quick Start AP Placement 1. Initial Facility Floorplan Walls, windows and support beams each have a unique impact on your wireless signal. 2. Enter Proposed User Requirements With LANPlanner, the unique user requirements of each part of the facility can be documented to ensure proper coverage. 200 Internet Users in Conference Hall 3. Software Automatically Recommends AP Placement LANPlanner software evaluates the impact of both the floor plan and the proposed user requirements to recommend the best placement of access points in your facility. A network designer can than adjust the placement and view the impact of any potential changes. 6 Executives in Suite of Offices Pg-7 © 2005 Bluesocket, inc. Copyright and all rights reserved. 4 Users with Streaming Video Secure Mobility® Solutions

Deploying the AP Different AP with omni directional antennas or external antennas Variety of Deploying the AP Different AP with omni directional antennas or external antennas Variety of external antennas to cover all radio scenarios Support for 802. 11 a/b/g Fully featured WPA, WPA 2, WMM Po. E – 802. 3 af to remove power installations Multiple SSIDs to provide multiple services Pg-9 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Configuring the AP Zero configuration Access Point Can only work in a Bluesecure controller Configuring the AP Zero configuration Access Point Can only work in a Bluesecure controller environment Dynamic RF configuration from the controller for optimized power and channel selection Tunneled control channel and data channel permitting the deployment of the AP anywhere on the LAN Layer 3 Tunnel Routed Network L 3 Router Pg-10 © 2005 Bluesocket, inc. Copyright and all rights reserved. Blue. Secure Controller Secure Mobility® Solutions

Securing the WLAN Securing Pg-11 © 2005 Bluesocket, inc. Copyright and all rights reserved. Securing the WLAN Securing Pg-11 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Main Security Threats: Detect Isolate Authenticate Fake AP Encrypt Wired Device with WLAN card Main Security Threats: Detect Isolate Authenticate Fake AP Encrypt Wired Device with WLAN card in ad-hoc User Detect Eavesdropper Enterprise Network Enterprise AP Rogue AP Isolate Pg-12 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Securing the WLAN at the user level Client Scanning Universal Authentication Behavior Control Qo. Securing the WLAN at the user level Client Scanning Universal Authentication Behavior Control Qo. S Controlled Destination Intranet Blue. Secure Controllers Pg-13 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions Internet

End-Point Integrity OPSEC Partnership with Check Point Integrated into Bluesocket Controllers Clientless Scanning Web End-Point Integrity OPSEC Partnership with Check Point Integrated into Bluesocket Controllers Clientless Scanning Web Based, no endpoint software required Check for Antivirus Status (Norton, Trend. Micro, etc) Check Windows version/patches Require any application to be running Scans for worms, trojans, keystroke loggers, spyware Self Remediation Pg-14 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Universal Authentication Multiple Authentication methods IPSec (DES, 3 DES, AES) Digital Certificates, Pre-shared key Universal Authentication Multiple Authentication methods IPSec (DES, 3 DES, AES) Digital Certificates, Pre-shared key L 2 TP over IPSec PPTP Browser-based Auth (SSL) 802. 1 x, WPA (LEAP, PEAP, TLS, TTLS, FAST) Mac-based authorization Multiple Authentication Servers/Types RADIUS 802. 1 x LDAP Active Directory Windows Domain Transparent Windows Login Transparent 802. 1 x Login Secure Tokens Kerberos Cosign, CAS, Pubcookie Pg-15 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

An Encrypted Link Layer 2: On the AP (RC 4 AES) Layer 3: On An Encrypted Link Layer 2: On the AP (RC 4 AES) Layer 3: On the controller IPSEC (DES, 3 DES, AES) PPTP L 2 TP Dimensioned for a Local Area Network environment (High Bandwidth) Standard Implementation with no proprietary client Pg-16 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Granular User Role/Policy Enforcement Match policy to type of user…all simultaneously ROLE (Examples) Faculty/ Granular User Role/Policy Enforcement Match policy to type of user…all simultaneously ROLE (Examples) Faculty/ Employee Administrator Vo. IP Phones Authentication LEAP/ PEAP Browser Windows Domain MAC Encryption WPA, IPSec None WPA, IPSec Firewall only Bandwidth 1 M/1 M Shared 256 k 512 k 64 k/64 k Allow all Allow Internet Deny Intranet Allow Internet Allow Email Admin Databases Telnet/ AS 400 Schedule 24/7 M-F/8 -6 Shift Authorized Location POLICY Student/Visitor All Lobby/Class Room Select Locations All Access Rights Behavior Port Lock due to Worm-signature Auto-Quarantine due to Do. S Attack Real Life demands more than just “employees” and “guests” Pg-17 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Clientless Intrusion Detection / Auto Quarantine Unsecured access to the Internet can compromise a Clientless Intrusion Detection / Auto Quarantine Unsecured access to the Internet can compromise a student’s device Remote Campus Remediation Page Internet Detect…by user Protect. . . Block/Auto Quarantine (for x time) Notify User…Remediation Page Network Manager…GUI/Alarms/Events © 2005 Bluesocket, inc. Copyright and all rights reserved. X Campus network Bluesocket Detects and Protects the new threat from infecting your network Once user disinfects their PC…… Re-authenticate and go Pg-18 Student Center Dorm Corporate Research Facility Secure Mobility® Solutions

Securing the WLAN at the radio level AP Combo Distributed sensor overlay system merged Securing the WLAN at the radio level AP Combo Distributed sensor overlay system merged into the AP Centralized Sensor Centralized sensor - Central coverage - reduces OPEX and CAPEX - 20: 1 ratio vs. distributed sensors Blue. View Management System Sensor management Pg-19 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

RF Protection: Blue. Secure IPS Server RF Spectrum Analysis • Site Survey • Coverage RF Protection: Blue. Secure IPS Server RF Spectrum Analysis • Site Survey • Coverage Maps • Station auto-discovery • Rogue detection • Vulnerability detection • Intrusion detection • Location Triangulation of the detected Wi. Fi devices • Rogue AP or Rogue client contention • Dashboard Views for system-wide status • Detailed Reporting • Pg-20 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Providing a constant and reliable service Fast Layer 2 Roaming: Key Caching, Pre-authentication, proactive Providing a constant and reliable service Fast Layer 2 Roaming: Key Caching, Pre-authentication, proactive key caching Providing a constant and reliable service Fast Layer 3 Roaming: Roaming across IP networks and Bluesecure controllers Resilient service: Dynamic RF for AP going down High Availability and loadsharing clusters of controller Pg-21 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Managing the wireless network Minimised management of the AP via the controller: Automatic firmware Managing the wireless network Minimised management of the AP via the controller: Automatic firmware update Dynamic RF adapting to changes in the environment (Neighbor APs, Cupboard …) Blue. View Management System: Pg-22 © 2005 Bluesocket, inc. Copyright and all rights reserved. Managing Secure Mobility® Solutions

Blue. View Management System (BVMS) BVMS BSC Patch and Software Updates Central Point for Blue. View Management System (BVMS) BVMS BSC Patch and Software Updates Central Point for Alarms, Logs and Traps Automated Policy Updates BVMS Simplifies Operations for Large Enterprises and Service Providers Pg-23 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Blue. View Management System v 2. 2 Centralized configuration, monitoring, policy enforcement and maintenance Blue. View Management System v 2. 2 Centralized configuration, monitoring, policy enforcement and maintenance for your WLAN infrastructure Pg-24 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

RF Location Services Blue. View Management System Import floor plans/buildings Quickly view RF coverage, RF Location Services Blue. View Management System Import floor plans/buildings Quickly view RF coverage, power, channels, usage Visualize RF issues Location One Click on client or AP Locates client/AP on floorplan Blue. Secure AP or Centralized Sensor provides location data to BVMS Find Rogue APs and location of Wireless Attackers Support E-911 requirements RFID Asset Tracking Pg-25 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

BVMS Appliance capable of managing up to 1, 000 BSCs Uses industry-leading XMLRPC Management BVMS Appliance capable of managing up to 1, 000 BSCs Uses industry-leading XMLRPC Management Console with a Secure Web Based GUI Pg-26 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Achieved with. . Deploying a radio infrastructure Securing Pg-30 © 2005 Bluesocket, inc. Copyright Achieved with. . Deploying a radio infrastructure Securing Pg-30 © 2005 Bluesocket, inc. Copyright and all rights reserved. Providing a constant service Managing Secure Mobility® Solutions

Blue. Secure WLAN Solutions Family Blue. Secure Controllers Authentication and Policy Enforcement BSC-5000 Up Blue. Secure WLAN Solutions Family Blue. Secure Controllers Authentication and Policy Enforcement BSC-5000 Up to 1000 Users BSC-2100 50 -400 Users Blue. Secure Intrusion Protection System BSC-1100 15 -100 Users BSC-400 Sensor (branch office) Up to 50 Users Console & Server Blue. Secure Access Points Blue. View Management System AP / Sensor Pg-31 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Enforcing a no wireless policy Need for detecting rogue access point and wired client Enforcing a no wireless policy Need for detecting rogue access point and wired client with enabled WLAN interfaces Locate and isolate such devices Provided with Blue. Secure Intrusion Protection system I don’t want any wireless in my premises With the type of sensor that suits your environment Pg-32 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Bluesocket Intrusion Detection & Protection Distributed RF IDS Where to use • Stand Alone Bluesocket Intrusion Detection & Protection Distributed RF IDS Where to use • Stand Alone • Small – Med. Deployments • Feature Rich Requirements • Complex Building Layout Pg-33 © 2005 Bluesocket, inc. Copyright and all rights reserved. Centralized RF IDS Where to use • 1 sensor covers 5+ story bldg • Large Deployments • Lower Cap-Ex, Op-Ex • Integrated with Controllers Secure Mobility® Solutions

Feature Matrix Distributed No. of Sensors Required High Low Sensor Deployment Med Low Rogue Feature Matrix Distributed No. of Sensors Required High Low Sensor Deployment Med Low Rogue & Alarm Detection Yes Rogue Connected to LAN Detection Yes No Location Accurate Location based on triangulation (sensor overlap) Approximate Location based on directional antenna Rogue Containment Yes No/Limited Reporting Mature, Detailed Reports Q 4 2005 Admin Access Levels Pg-34 Centralized Yes © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Improving an existing WLAN I already have a wireless network but need to improve Improving an existing WLAN I already have a wireless network but need to improve it (Security, New Applications …) Pg-35 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Bluesecure Controller in your existing network Secure Guest Access Universal Authentication Granular user role/policy Bluesecure Controller in your existing network Secure Guest Access Universal Authentication Granular user role/policy enforcement Co-Existence with Heterogeneous environments Secure Mobility without client-side software IDS for user traffic Client Scanning for Trusted Endpoints Pg-36 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Bluesocket Seamless Secure Mobility™ No Client Software, No Infrastructure Changes, No Mobile IP Subnet Bluesocket Seamless Secure Mobility™ No Client Software, No Infrastructure Changes, No Mobile IP Subnet A 2 3 GRE Tunnel 168. 1. 1. 1 1 168. 1. 1. 1 Subnet B Pg-37 © 2005 Bluesocket, inc. Copyright and all rights reserved. Bluesocket Secure Mobility™ Matrix allows for seamless roaming as users move across multiple subnets securely 1. Client associates with AP and receives an IP address, optionally using WPA (802. 1 x) or VPN for security 2. Client roams to new subnet or roams out of radio coverage and returns Corporate Network 3. Bluesocket Secure Mobility recognizes roaming event and provides client with the same initial IP address 4. Bluesocket Secure Mobility can be used for VLAN Corporate Radius, LDAP, roaming within a single Servers Active Directory, NT Domain Server wireless gateway as well Secure Mobility® Solutions

Bluesocket in a multi-vendor environment Remote Campus Multiple Client Devices Multiple Access Points Bluesocket Bluesocket in a multi-vendor environment Remote Campus Multiple Client Devices Multiple Access Points Bluesocket Campus Network Multi-Vendor Wireless Networks Security within an Open, Standards-based environment Pg-38 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions Corporate Research Facility

Bluesocket Intrusion Detection & Protection Centralized RF IDS Integrated RF IDS Blue. Secure Access Bluesocket Intrusion Detection & Protection Centralized RF IDS Integrated RF IDS Blue. Secure Access Points AP / Sensor Where to use • 1 sensor covers 5+ story bldg • Large Deployments • Lower Cap-Ex, Op-Ex • Integrated with Controllers Pg-39 © 2005 Bluesocket, inc. Copyright and all rights reserved. Where to use • AP and Sensor • Utilize existing WLAN • Integrated with Controllers Secure Mobility® Solutions

Company Who is Bluesocket Pg-40 © 2005 Bluesocket, inc. Copyright and all rights reserved. Company Who is Bluesocket Pg-40 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Bluesocket The Leader in Open Wireless Security and Management Solutions • Delivering solutions to Bluesocket The Leader in Open Wireless Security and Management Solutions • Delivering solutions to customers for four years • 1500+ customers in 45 countries worldwide • 200+ VAR/Reseller partners worldwide • 450+ Higher Education/Universities • 100+ Healthcare Institutions • Growing presence in Government and Public Sector Markets Pg-41 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Partner Programme & Tools 2 tier partner model Partner status: training + demo box Partner Programme & Tools 2 tier partner model Partner status: training + demo box Support in meetings/events [email protected] LINK Demo boxes Good margins for everyone!!! Pg-42 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions

Delivering Trust and Simplicity in a Complex Wireless World Pg-43 © 2005 Bluesocket, inc. Delivering Trust and Simplicity in a Complex Wireless World Pg-43 © 2005 Bluesocket, inc. Copyright and all rights reserved. Secure Mobility® Solutions