Скачать презентацию Fortifying Wireless Networks Wireless Intrusion Prevention 1 Скачать презентацию Fortifying Wireless Networks Wireless Intrusion Prevention 1

7b923e061d2526b64ba5e751d34df403.ppt

  • Количество слайдов: 34

Fortifying Wireless Networks Wireless Intrusion Prevention 1 Fortifying Wireless Networks Wireless Intrusion Prevention 1

Traditional Wired Network Well-Defined Network Edge, Straightforward to Manage and Secure SECURE INTERNAL NETWORK Traditional Wired Network Well-Defined Network Edge, Straightforward to Manage and Secure SECURE INTERNAL NETWORK Server INTERNET Users 2

Wireless Changes Everything Network Edge Blurred, New Attack Vectors ‘Behind’ the Firewall Hacker in Wireless Changes Everything Network Edge Blurred, New Attack Vectors ‘Behind’ the Firewall Hacker in Parking Lot Server Rogue AP INTERNET Users Trouble Connecting to WLANs Users Connecting to Neighboring Networks 3

Technology is a Target Electricity Grid in U. S. Penetrated By Spies Wall Street Technology is a Target Electricity Grid in U. S. Penetrated By Spies Wall Street Journal Cover story: 08/04/2009 WASHINGTON -- Cyberspies have penetrated the U. S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. Article By SIOBHAN GORMAN Associated Press 4

Wireless – a Critical part of the Network The Reliability Issue TECHNOLOGY PROBLEMS BUSINESS Wireless – a Critical part of the Network The Reliability Issue TECHNOLOGY PROBLEMS BUSINESS / ORGANIZATIONAL PROBLEMS Connectivity can be Impacted by Many Outside Factors Wireless is the #1 Culprit – Blamed for Everything Much Wider Variety of Client Settings than Wired Networks Too Many Support Calls are Escalated to Wireless Networking Team Problems are Transient – Like the Devices Tools Unavailable at Remote Sites Where Issues are Present RF is a New Technology for Some Network Engineers Roaming Issues Site Visits are Very Expensive Connectivity Problems Coverage & Capacity Noise & Interference 5

Wireless Intrusion Prevention Solutions (WIPS) Security Troubleshooting PROTECTION FOR ANY WLAN Compliance SECURITY COMPLIANCE Wireless Intrusion Prevention Solutions (WIPS) Security Troubleshooting PROTECTION FOR ANY WLAN Compliance SECURITY COMPLIANCE TROUBLESHOOTING Rogue Elimination Intrusion Detection Automated Defenses Forensic Analysis Legacy Protection Mobile Protection 24 x 7 Policy Monitoring Flexible Definition Custom Reports PCI, HIPAA, GLBA, US Do. D, SOX Reports Granular Forensic Records Solve Issues Remotely Level 1 Helpdesk Proactive Monitoring Spectrum Analysis Interference Detection Live. RF Coverage Remote Packet Capture Historical Analysis 6

Gartner Group – Wireless / WIPS requirements “What you Need Wireless networks remain a Gartner Group – Wireless / WIPS requirements “What you Need Wireless networks remain a potentially significant vulnerability for enterprises, as a continuing stream of wireless LAN (WLAN)-based security incidents demonstrates. Because most enterprises support WLANs, enterprises must ensure that vulnerability management and intrusion prevention processes are extended o cover wireless and wired networks. WLAN security monitoring is required to ensure that support WLANs are kept secure and the users do not install their technologies where WLAN (or faster technologies, such as 802. 11 n) are not supported” From: Gartner Group Marketscope for Wireless Intrusion Prevention Systems John Pescatore, John Girard July 2008 7

US Do. D – Wireless / WIPS requirements US Do. D Wireless Policy The US Do. D – Wireless / WIPS requirements US Do. D Wireless Policy The Department of Defense (Do. D) Directive Number 8100. 2 was issued on April 14, 2004. The Directive covers the use of commercial wireless devices, services, and technologies in the Do. D Global Information Grid (GIG). The Directive spells out policies for deploying secure wireless networks, and requires monitoring of those wireless networks for compliance. Additionally, the Directive states that wireless networks are banned from use in certain areas, and it covers policies for banned and authorized wireless networks. On June 2, 2006 the Do. D issued a supplemental policy and guidance to 8100. 2 with the objective of enhancing overall security guidance and to create a foundation and roadmap for increased interoperability that embraces open standards regarding Wireless LAN (WLAN) technologies. This policy applies directly to IEEE 802. 11 based WLAN devices, systems and technologies and excludes cellular, Bluetooth, Wi. Max and proprietary RF communication standards. Wireless Intrusion Detection Systems (WIDS) were then added as a Do. D requirement 8

Environments needing WIPS No WLAN Policy Security policy is NO wireless But…how do they Environments needing WIPS No WLAN Policy Security policy is NO wireless But…how do they know? Issues: Printers, USB WLANs, “Dual Homed Clients” (Ethernet & WLAN), u. a. Existing WLAN infrastructure as overlay Need to know Security policy is in effect NEW - Highly cost effective On-board WLAN/WIPS Integration Access Point und Sensor -- Motorola, Cisco, Aruba, Trapeze… Need to know Security policy is in effect 9

Typical WIPS solution Architecture WIPS Appliance FIELD OFFICES Sensor FIELD OFFICES HEADQUARTERS Rogue Detection Typical WIPS solution Architecture WIPS Appliance FIELD OFFICES Sensor FIELD OFFICES HEADQUARTERS Rogue Detection & Elimination Intrusion Detection Automated Termination Policy Compliance Wireless Troubleshooting Forensic Analysis Location Tracking Enterprise-class Scalability Innovative Add-on Modules Advanced Forensics WEP Cloaking Rewind & Review Detailed Wireless Activity Records for Forensic Investigations & Troubleshooting A Migration Step to Protect Legacy Encryption Protocols. Meet PCI Requirements While Upgrading to WPA Mobile Workforce Protection Advanced Troubleshooting End-point Security to Protect Mobile Users Regardless of Location Provides Faster Resolution of Wireless-related Issues as Well as Proactive Resolutions Spectrum Analysis Detect & Classify Common Types of RF Interference Sources Including Microwaves, Bluetooth etc. Live. RF Real-time Assessment of Wireless Network Performance. Centrally Analyze & Troubleshoot Connectivity Issues 10

Optimal WIPS Solution Architecture Centralized, Hardened Appliance CORPORATE OFFICE Protection for WLAN Infrastructure and Optimal WIPS Solution Architecture Centralized, Hardened Appliance CORPORATE OFFICE Protection for WLAN Infrastructure and Devices Secure Layer 3 Connections Between Sensors and Appliance Minimal WAN Bandwidth Needed by Sensors, < 3 Kb/s Two Types of Sensors: Dedicated Sensors are Separate Devices, Use One for Every 3 -5 APs Integrated Sensors are Built Into Access Points All Sensors Provide 24 x 7 Protection for Gap-free Security Central Appliance FIELD OFFICE NETWORK Integrated AP/Sensor Distributed Collaborative Architecture is Highly Scalable 11

Combined AP & Sensor Optimal – full-time sensing/WIPS For years customer have asked for Combined AP & Sensor Optimal – full-time sensing/WIPS For years customer have asked for a single device as AP and Sensor Some solutions were “part-time” – when AP was not busy, would scan some channels. NOT recommended. New in market – APs with multiple Radios – where 1 radio can be “assigned” a sensor. Imperative – sensor MUST be full time! Imperative – if device is sensor and AP – is it scanning all channels? Reduced Deployment Cost – No Overlay Sensor Deployment 12

Status on – “n” There are sensors to cover ‘n’ Requires sensor to have Status on – “n” There are sensors to cover ‘n’ Requires sensor to have ‘n’ radio – more expensive usually In the market are some Dual-radio APs to Use One Radio for Dedicated WIPS Sensing – most cost effective option Unless “green-field” ‘n’ – b, g radio sensors will see all traffic In a no wireless environment ‘n’ can be a new threat 13

Wireless Intrusion Prevention Solutions (WIPS) – what you should require Security Troubleshooting PROTECTION FOR Wireless Intrusion Prevention Solutions (WIPS) – what you should require Security Troubleshooting PROTECTION FOR ANY WLAN Compliance SECURITY COMPLIANCE TROUBLESHOOTING Rogue Elimination Intrusion Detection Automated Defenses Forensic Analysis Legacy Protection Mobile Protection 24 x 7 Policy Monitoring Flexible Definition Custom Reports PCI, HIPAA, GLBA, US Do. D, SOX Reports Granular Forensic Records Solve Issues Remotely Level 1 Helpdesk Proactive Monitoring Spectrum Analysis Interference Detection Live. RF Coverage Remote Packet Capture Historical Analysis 14

Eliminate Rogues on the Network DETECT - ANALYZE - ELIMINATE REMOTE OFFICE Differentiate Between Eliminate Rogues on the Network DETECT - ANALYZE - ELIMINATE REMOTE OFFICE Differentiate Between Neighbors and Rogue Devices Automatically Soft AP NEIGHBOR Encrypted Rogue AP Identify Every Type of Rogue Device Connected to the Network Historical Record of Associations & Traffic Rogue AP Behind Firewall Dedicated Sensor Open Rogue AP Automatic Elimination Rogue Devices Can be Anywhere on the Network and can be Encrypted Automatically Finds and Removes All Rogue Devices 15

Comprehensive Intrusion Detection DISCOVERY DETECTION ANALYSIS Broad set of Threats Detected PROTOCOL ABUSE ANOMALOUS Comprehensive Intrusion Detection DISCOVERY DETECTION ANALYSIS Broad set of Threats Detected PROTOCOL ABUSE ANOMALOUS BEHAVIOR Reconnaissance & Probing Denial of Service Attacks Identity Thefts, Malicious Associations Dictionary Attacks; Security Policy Violations SIGNATURE ANALYSIS POLICY MANAGER Minimal False Positives Correlation Engines Context-Aware Detection Engines Correlation Across Multiple Detection Engines Reduces False Positives Most Accurate Attack Detection Sensors Powerful Detection with Minimal False Positives 16

Automated Wireless Protection WIPS Appliance Laptop Terminated: Accidental Association Wireless Termination Targeted Disruption of Automated Wireless Protection WIPS Appliance Laptop Terminated: Accidental Association Wireless Termination Targeted Disruption of Wireless Connections Sensor No Impact to Allowed Network Traffic Neighboring AP Switch Compliant with Applicable Laws & FCC Regulations APs Wired Port Suppression Port Suppressed: Rogue AP AP ACL Enforced: Rogue Station Wireles s Station Search Wired Network to Locate the Switch-port a Rogue Threat is Attached to Safeguards Ensure Only Threat is Disconnected Wireless ACL Prevent Wireless Stations from Connecting to the WLAN Comprehensive Threat Mitigation that is Powerful & Safe to Use 17

Forensic Analysis Extensive Forensic Data FORENSIC SUMMARY Months of Historical Data Accessible from System Forensic Analysis Extensive Forensic Data FORENSIC SUMMARY Months of Historical Data Accessible from System 325+ Statistics per Device per Minute Device Connectivity & Activity Logs Valuable Business Information Accurate Records for Forensic Analysis & Policy Compliance Reporting Determine Exact Time & Impact of Attempted Attacks ASSOCIATION ANALYSIS Record of Wireless Performance and Connectivity Issues Unrivaled Visibility into Network Activity & Threats 18

Wireless Intrusion Prevention Solutions (WIPS) – what you should require Security Troubleshooting PROTECTION FOR Wireless Intrusion Prevention Solutions (WIPS) – what you should require Security Troubleshooting PROTECTION FOR ANY WLAN Compliance SECURITY COMPLIANCE TROUBLESHOOTING Rogue Elimination Intrusion Detection Automated Defenses Forensic Analysis Legacy Protection Mobile Protection 24 x 7 Policy Monitoring Flexible Definition Custom Reports PCI, HIPAA, GLBA, US Do. D, SOX Reports Granular Forensic Records Solve Issues Remotely Level 1 Helpdesk Proactive Monitoring Spectrum Analysis Interference Detection Live. RF Coverage Remote Packet Capture Historical Analysis 19

Regulatory Compliance FEDERAL HEALTHCARE Department of Defense 8100. 2 Directive Must have 24 x Regulatory Compliance FEDERAL HEALTHCARE Department of Defense 8100. 2 Directive Must have 24 x 7 Dedicated WIDS Applicable Regardless of WLAN Deployment Common Criteria Certification Needed Health Insurance Portability and Accountability Act (HIPAA ) Encryption Validation Security Configuration Management HIPAA Compliance Reports Location Tracking Mandatory RETAIL Payment Card Industry (PCI) Data Security Standard (DSS) Automated Wireless Scanning and Rogue Wireless Elimination Wireless Intrusion Prevention Encryption Policy Enforcement CORPORATE Sarbanes Oxley (SOX) Compliance Gramm-Leach-Bliley Act (GLBA) Protect Confidentiality and Integrity of Corporate Data Transmitted Wirelessly Reporting and Audit Support Do. D Standard Compliance Report 20

Policy Compliance & Reporting Define Monitor DEFINE WIRELESS POLICY COMPLY Enforce CUSTOMIZABLE REPORTING Fully Policy Compliance & Reporting Define Monitor DEFINE WIRELESS POLICY COMPLY Enforce CUSTOMIZABLE REPORTING Fully Customizable Reporting and Dedicated Monitoring of Policy Compliance and Network Performance 21

Wireless Intrusion Prevention Solutions (WIPS) – what you should require Security Troubleshooting PROTECTION FOR Wireless Intrusion Prevention Solutions (WIPS) – what you should require Security Troubleshooting PROTECTION FOR ANY WLAN Compliance SECURITY COMPLIANCE TROUBLESHOOTING Rogue Elimination Intrusion Detection Automated Defenses Forensic Analysis Legacy Protection Mobile Protection 24 x 7 Policy Monitoring Flexible Definition Custom Reports PCI, HIPAA, GLBA, US Do. D, SOX Reports Granular Forensic Records Solve Issues Remotely Level 1 Helpdesk Proactive Monitoring Spectrum Analysis Interference Detection Live. RF Coverage Remote Packet Capture Historical Analysis 22

Remote Troubleshooting Centralized WLAN Troubleshooting End-user Feedback Performance Alarms & Reports HISTORICAL TROUBLESHOOTING TOOLS Remote Troubleshooting Centralized WLAN Troubleshooting End-user Feedback Performance Alarms & Reports HISTORICAL TROUBLESHOOTING TOOLS REAL-TIME TROUBLESHOOTING TOOLS PROACTIVE TROUBLE PREVENTION Detailed Forensics Live. View AP Testing Scope Forensics Connectivity Troubleshooting Policy Compliance Alarm Forensics AP Testing Performance Policy Spectrum Analysis Live. RF PAST PRESENT FUTURE 23

Remote Visibility Real-time View of WLAN Turn Any Sensor into a ‘Sniffer’ FRAME CAPTURE Remote Visibility Real-time View of WLAN Turn Any Sensor into a ‘Sniffer’ FRAME CAPTURE Full Layer 2 Frame Capture Visualize Wireless Traffic Flow 28 Different Graphical Views REAL-TIME TRAFFIC Low Network Support Costs Real-time View of Remote WLAN Advanced Centralized Troubleshooting Reduced on-site Support Cost Increased WLAN Uptime CONNECTION ANALYSIS Remote WLAN Troubleshooting with Real-time Analysis 24

Advanced Troubleshooting Connection Troubleshooting Designed for Level 1 Helpdesk Quickly Determine if it is Advanced Troubleshooting Connection Troubleshooting Designed for Level 1 Helpdesk Quickly Determine if it is a Wireless or Wired Network Issue Simple Debugging of Wireless Issues Escalation Only if Necessary Centralized Troubleshooting AP Connectivity Test Proactively Test One or More APs DATA CENTER REMOTE LOCATION Find Problems Before Disruption Analyze Wireless and Wired Network from Clients Perspective Schedule Automatic Tests Application Server WAN Test Access to Wired Applications Secure Server DHCP Server 25

Spectrum Analysis Module Physical Layer Troubleshooting FULL SCAN Detect non-802. 11 Interference – Microwaves, Spectrum Analysis Module Physical Layer Troubleshooting FULL SCAN Detect non-802. 11 Interference – Microwaves, Bluetooth, Frequency Hopping Devices etc. 2. 4 and 5 GHz Band Support Remote Real-time Spectrograms Automated Interference Detection Use Existing Sensors – No Special Hardware Needed Remote Detection of Interference Automatic Interference Alarms Improve Wireless Performance CLASSIFY INTERFERENCE SOURCES 26

Coverage Mapping Understand Wireless Coverage & Impact on Applications Real-time RF coverage analysis Building Coverage Mapping Understand Wireless Coverage & Impact on Applications Real-time RF coverage analysis Building Aware Prediction of Coverage and Capacity VIEW SIGNAL COVERAGE FOR APPLICATIONS Application Specific Simulations – Voice, Video, Data Centralized and Remote Analysis Comparison of Vo. IP Coverage COVERAGE CHANGE WITH INTERFERER Wireless Camera Used as Interference Source 27

Government Usage – No-wireless Policy DISA Do. L Do. S FCC FBI Do. E Government Usage – No-wireless Policy DISA Do. L Do. S FCC FBI Do. E SEC Continuous Rogue Detection – US Dept of Energy (DOE) – Federal Aviation Administration (FAA) – US House of Representatives – Department of Agriculture (USDA) – Defense Advanced Research Agency (DARPA) – US Marine Corp – Defense Information Systems Agency (DISA) 28 28

Government Usage – In-building Wireless IDS (US Non-DOD) DISA Do. L FCC Do. S Government Usage – In-building Wireless IDS (US Non-DOD) DISA Do. L FCC Do. S FBI Do. E SEC Existing WLAN – WIPS – non-Do. D – Department of Energy (DOE) – Security and Exchange Commission (SEC) – Veteran Affairs (VA) – Bureau of Labor Statistics – Federal Communication Commission (FCC) – Social Security Administration (SSA) – National Archives 29 29

Government Usage – In-building Wireless IDS (DOD) DISA Do. L Do. S FCC FBI Government Usage – In-building Wireless IDS (DOD) DISA Do. L Do. S FCC FBI Do. E SEC Indoor WLAN – WIPS – Do. D – US Army – Naval Hospital Jacksonville – Defense Commissary Agency (De. CA) – DISA Joint Interoperability Test Center (JITC) – Defense Logistics Agency (DLA) – Defense Manpower Data Center – Joint Forces Command (JFCOM) – National Security Agency (NSA) – Naval Space and Warfare Command – National Geospatial Agency (NGA) – Naval War College 30 30

Government Usage – Outdoor Wireless IDS (DOD) DISA Do. L Do. S FCC FBI Government Usage – Outdoor Wireless IDS (DOD) DISA Do. L Do. S FCC FBI Do. E SEC - Dept of Homeland Security – Customs and Border Protection (CBP) – FBI • Securing WLANs of fielddeployed tactical units (portable units) – Navy Pierside Wireless Project • Securing ship-to-shore wireless bridging at every Naval port – Navy Shipboard Wireless • Securing onboard WLAN for inventory application (barcode readers) – Wireless Perimeter Video Surveillance – 3 Navy sites, 1 Army site – Navy Tactical Field-deployed WLAN - air traffic control center – 5 systems – Naval Shipyard Outdoor WLAN Securing outdoor WLAN mesh 31 31

Government Usage – Mobile Wireless Analyzers and Client based controls • - Laptop lockdown Government Usage – Mobile Wireless Analyzers and Client based controls • - Laptop lockdown (no-wireless policy) • DOD – Air. Defense Personal – Secure Wireless Remote Access • DISA – Air. Defense Personal for telecommuting initiative • DHS – Air. Defense Personal – Cybercrimes – using Air. Defense Mobile for Wi. Fi surveillance • DHS • Naval Criminal Investigative Service (NCIS) – Warwalking – Air. Defense Mobile for enforcing no-wireless policy • Pentagon • Navy • National Park Service 32 32

Conclusion WIRELESS SECURITY IS PARAMOUNT Stating you have no wireless – is not enough! Conclusion WIRELESS SECURITY IS PARAMOUNT Stating you have no wireless – is not enough! Several Recent Data Breaches Have Happened Over Wireless CENTRALIZED WIRELESS MONITORING NEEDED Rogue Wireless Access and Wireless Attacks on the Rise Significant OPEX in Resolving WLAN Connectivity and Performance Problems Expect the most from the solution you select! Automated Elimination of All types of Rogue Wireless Devices Detection of 200+ Attacks and Policy Violations Centralized, Advanced Troubleshooting of Wireless Connectivity Issues Wireless Compliance Validation and Reporting Integrated Deployment with WLAN – Common AP + Sensor Hardware, Integrated Management 33

Fortifying Wireless Networks Thank You Diane Johnson Diane. johnson@motorola. com +44 7554 436 939 Fortifying Wireless Networks Thank You Diane Johnson Diane. johnson@motorola. com +44 7554 436 939 34