How BYOD will shape wireless How BYOD will shape wireless network security in 2012?network security in 2012?

Dr. Hemant ChaskarVice President of TechnologyAirTight Networks

© 2011 AirTight Networks. All Rights Reserved.

BYOD! BYOD!

Security? Security?

Why is security a concern with BYOD?

Unauthorized smart phones connecting to enterprise network

Mobile Wi-Fi hotspots bypassing perimeter security

3G

Intrusion threats

Extrusion threats

Rater, IntrAsion – pun intended!

Enterprise Wi-Fi: Not a barrier for employee smartphones

Two-steps to connect your smartphone to WPA2, 802.1x Wi-Fi?

1. Look up username and password in Wi-Fi utility on laptop.

2. Enter those in your personal smartphone.

Intrusion threats from personal smartphonesLet us start with malware!

Android malware grew 472% in 2H2011 – says

PCMag

Intrusion threats from personal smartphones

Android malware grew 472% in 2H2011 – says

PCMag

Even iOS is not safe once

“Jailbroken”

Your sensitive corporate data could

finally end up here!

Personal apps reduce

productivity, increase risk of

data leakage

Limitations of common security practices

MAC ACL– Lot of initial work, tedious to manage

Mobile Device Management (MDM)– Required for IT assigned smartphone devices– But, no visibility into or control over personal devices

IT Assigned Smartphones Personal Smartphones

Wireless Intrusion Prevention Systems (WIPS)

Eavesdropping

Unauthorized Access

WPA2

Firewall, Wired IPS

Wi-Phishing

HoneypotsExternal APsCracking External Users

Rogue AP Misconfigured AP

Ad hoc Connections

Wireless DoS

WIPS

WIPS architecture

Building ABuilding B

SensorSensor

Server

With this in place, your network is protected from all types of wireless threats, vulnerabilities and attack tools!

External APs

Rogue APs (On Network)

Authorized APs

AP Classification

STOP

Client ClassificationPolicyMis-config

GO

STOP

IGNORE

DoS

External Clients

Authorized Clients

Rogue Clients

AUTOMATICALLY DETECT AND BLOCK RED PATHS!

WIPS policy enforcement

Smartphone monitoring with WIPS

Authorized APs

Authorized ClientsUsers

Flag/block unapproved

devices!

GO

Smartphone policy enforcement with WIPS

STOP

External APs

Mobile Hotspots

STOP

User Authentication + Machine Identification

Smart device identification

Device type

Approved/unapproved status

Device/user name

MAC address

Drill down on device details

Accurate location tracking

Block policy for unapproved smart devices

Extrusion threats from personal smartphones

Detect and block authorized clients from connecting to personal mobile hotspots (iPhone MyWi, Android Mobile AP, etc.)

Mobile Honeypot

Authorized Client

3G

Blocked by WIPS

Allowed by WIPS

Authorized AP

Internet

Key takeaways

• BYOD revolution creates new security risks due to use of personal smart devices on enterprise premises

• WIPS uses combination of device fingerprinting and policy framework to automatically detect and flag/block unapproved personal smart devices in the network

• WIPS continues to provide comprehensive protection from traditional Wi-Fi security threats such as Rogue APs, Wi-Phishing, ad hoc networks, DoS attacks, device mis-configurations, etc.