put wireless lan security monitoring in your budget. - gartner
DESCRIPTION
AirDefense Market Leader in Enabling Risk-Free Wireless LANs Wireless Monitoring & Intrusion Protection. Put Wireless LAN Security Monitoring in your budget. - Gartner. www.airdefense.net. About AirDefense. WHAT WE DO. OUR TECHNOLOGY. - PowerPoint PPT PresentationTRANSCRIPT
COPYRIGHT © 2003 – 2004 AIRDEFENSE, INC. ALL RIGHTS RESERVED.
Put Wireless LAN Security Monitoring in your budget.
- Gartner
AirDefense Market Leader in Enabling Risk-Free Wireless LANs
Wireless Monitoring & Intrusion Protection
www.airdefense.net
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
About AirDefense
BENEFITS
Enterprise Class Distributed Monitoring Architecture – 13 Patents Pending
Wireless Intrusion Detection & Protection System with Multiple Correlation & Analysis Engines
Control over air space Auto-Discovery of all Wireless
Assets & Threats Risk-free Wireless Deployments
WHAT WE DO OUR TECHNOLOGY
250+ Govt. Organizations & Blue-Chip Enterprises (over 80% market share)
Proven solution monitoring: Tens of thousands of Access Points Hundreds of thousands of Devices
CUSTOMER PROFILE
Proactive 24 x 7 Monitoring of Enterprise Airwaves against Rogues, Intruders, Hackers, Interference & Network Abuses
Ensures Regulatory & Enterprise Policy Compliances
Any Vendor, Any Protocol, Any Device
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
Wireless LAN Risks: Hype or Reality
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
Understanding SSID & Mac AddressUnderstanding SSID & Mac Address
SSID helps stations find APs around- 32 byte unique Service Set Identifier of AP
- Like your company name on the building
- Sent when AP receives a probe request from station
- Can be seen in the air
SSID
To deliver traffic, a unique Identifier must be available for each device – Media Access Control (MAC) Address
Example: 00-04-5a-03-3c-0f Vendor OUI
Cisco (Aironet) 00-04-96
Agere (Orinoco)
00-02-2D
Nokia 00-e0-03
Linksys 00-04-5a
OUI(Organizationally Unique
Identifier, first 3 characters)
Serial Number
Mac Address
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
Understanding Probes & BeaconsUnderstanding Probes & Beacons
PROBES: A Station sends a probe request frame when
it needs to obtain information from another station. (For example, a station would send a probe request to determine which access points are within range.)
Probes
User Station
BEACONS:
The Access point (AP) periodically sends a beacon frame to announce its presence and relay information, such as timestamp, SSID, and other parameters regarding the access point
Access Point
Beacons
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
Problem: Uncontrolled MediumWireless LAN is extension of Wired LAN
e a k
t r
2
The walls of the facility provide a solid line of defense against intruders
Intruder
RF in the AIR is uncontrolled…
The walls of the facility provide a solid line of defense against intruders
With a single access point, walls come tumbling down Ethernet now extends to the parking lot!
AIRVs.
Intruder
Server Server Server Computer
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
Self-Deploying & Transient Networks
PARKING LOTCONFERENCE ROOM
SHIPPING DEPARTMENT
CORPORATE NETWORKNEIGHBOR A
PROBES
PR
OB
ES
PROBES
1. User Station transmits PROBES
2. APs transmit BEACONS
3. User Station connects to BEST ACCESS POINT
We Don’t Control who we connect to…
Accidental Association
Malicious Association
Ad Hoc Network
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
Increasing Sophistication of Attacks
Low
High
1980 2005
Attack Sophistication
Knowledge Required by Intruder
WiGLE.net
New & Easier Attack Tools
Easier to Attack: Growing Security Threats
New & Easier Tools make it very easy to attack the Network
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
WLAN – Real World Risks
46 % Of Companies Have Been Victim Of A Security Breach - PwC
61% Of Attacks Were From Hackers
10% Of Attacks Were From Former Employees/ Contractors
83% Of Companies Reported A Monetary LossDowntime Averaged 1.33 Days Per Employee
WLAN Facts: Top 8
Companies That Found A Rogue Device
90%
Found Devices With No Security 80%
$416K
Average Cost Of Loss Per Attack (UK Study) $220K
2M/Qtr
Current Growth of Stations 10M/Qtr
Average Cost Of Loss Per Attack (US Study)
Current Growth Of Access Points
60% 100Companies That Have Deployed Insecure WLANs
Avg. # Of Serious Attacks Per Month
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
Best Practices for Wireless LAN Security & Monitoring
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
Layered Approach to Security
Control the Uncontrollable
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
Gartner on WLAN Security Risks
3 “Must Have” WLAN Security Install a centrally managed personal firewall on laptops that are issued
wireless NICs
Perform wireless intrusion detection to discover rogue access points, foreign devices connecting to corporate access points and accidental associations to nearby access points in use by other companies.
Turn on some form of encryption and authentication for supported WLAN use.
July 31, 2003
3 “Must Have” WLAN Security Install a centrally managed personal firewall on laptops that are issued
wireless NICs
Perform wireless intrusion detection to discover rogue access points, foreign devices connecting to corporate access points and accidental associations to nearby access points in use by other companies.
Turn on some form of encryption and authentication for supported WLAN use.
July 31, 2003
© Giga Research, a wholly owned subsidiary of Forrester Research, Inc.
Best Practices for Securing Enterprise WLANs
Monitor &Root outRogueWLANs
WLAN POLICY
Use Strong Encryption & Authentication
& Authorization
Monitor your Air Space
Securing the perimeter
No WLANs Sanctioned WLANs
Lock down APs & User
Stations
Copyright © 2003 AirDefense Proprietary and Confidential.
802.11 Security Standards
WEP: Wired Equivalent Privacy, a wireless encryption standard, which was developed by the IEEE 802.11 standards committee.
802.1X: IEEE 802.1 standard for authentication, which supports multiple authentication modes, including RADIUS, that can be used in wireline and wireless networks.
LEAP: Lightweight Extensible Authentication Protocol , which includes Cisco’s proprietary extensions to 802.1X to share authentication data between Cisco WLAN access points and the Cisco Secure Access Control Server.
TKIP: Temporal Key Integrity Protocol, which was developed by the IEEE 802.11i standards committee as a WEP improvement.
TTLS: Tunneled Transport Layered Security, which was developed by Funk Software and Certicom, now is an IETF draft standard. It is an alternative to PEAP.
PEAP: Protected Extensible Authentication Protocol , which was developed by Microsoft, Cisco and RSA Security, is now an IETF draft standard. PEAP encrypts authentication data using a tunneling method.
WPA: Wi-Fi Protected Access – Announced by the Wi-Fi Alliance to describe 802.1x with TKIP and MIC. Subset of the 802.11i security standard expected in Q4 ‘03
802.11i: IEEE standards group effort that involves fixing perceived weaknesses in 802.1X and WEP and creating an umbrella standard for 802.11 security
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
AirDefense Solution: Plug & Protect
Real-time Monitoring Multiple Correlation,
Analysis & IDS Engines Integrated Reporting
ApplianceSmartSensorAccess
Points
Wireless Stations
Hacker
Rogue Access Point
Remote Secure Browser
SmartSensor
Smart Sensors scanning 802.11 a/ b/ g
Selective processing, Encryption
Centralized Management
Designed for Enterprise Scalability & Central Management
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
AirDefense Functionality
SECURITY
Rogue Detection, Analysis & Mitigation Intrusion Detection System Forensics & Incident Analysis
Active Defenses
1
COMPLIANCE
Enterprise Policy Monitoring
Regulatory Compliance DoD, HIPAA SOX, FDIC, OCC,
GLBA
2 TROUBLESHOOTING
Remote Troubleshooting Availability Network Usage &
Performance
3
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
26-STORY
20-STORY
11-STORY
3-STORY
ATRIUM
AIRPORT
BRAZIL
ARGENTINA
IRELAND
MEXICO
JAPAN
HONG KONG
SOUTHAFRICA
HEADQUARTERS, USA Centralized Management Console
Experience: Fortune 500 Consumer Goods Company
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
Customer Examples
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
Southeastern Hospital - Background
Main driver: point of care access to computerized care systems at the bedside:
Recent contract with McKesson and Siemens for wireless application deploymentReduction of errors on medications and physician’s ordersReduction of paper in all medical recordsImproved care through access to information at point of diagnosis and treatment
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
Southeastern Hospital - Background
Physical plant was saturated with cable, no room for real growth
Additional devices required additional equipment in the closetsMore personnel resources are needed to support additional linesWireless access will speed up application deployment
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
Southeastern Hospital Issues With Rogue Devices
Columbus is saturated with wireless deploymentsLocal universities are moving to wireless deployments in their classroomsAll students are now outfitted with laptops with WLAN cards for their class work
Two largest competitors share a property line with our campus
Fear of unauthorized access and HIPAA’s implicationsPhysicians and clinicians bringing in unauthorized devices with wireless access cards
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
Southeastern Hospital Rogue Incident #1 – Physician Unauthorized Access / Use
New PACS systems was installed in radiology
Contract radiologist connected WLAN device to viewing station
Was pulling images from other hospitals via this device to be manipulated by 3-D imaging systemHIPAA concerns, ownership of data, patient confidentiality
Solution – identified rogue device via air defense, removed device, contract was terminated
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
Southeastern Hospital Rogue Incident #2 – Vendor With Hacking Software
An unauthorized vendor came to sell to a department in hospital
Obtained temporary access to WLAN from ED nodes for email and internetIntercepted emails from materials management staff in a matter of minutes
Solution – identified rogue vendor as they passed through the hospital with AirDefense, had security meet them, and escorted off the building
Large Systems Integrator Large Systems Integrator Case #1: Probing Vendor Case #1: Probing Vendor
Vendor probing for WLAN within LM Aero Vendor probing for WLAN within LM Aero controlled facilitycontrolled facility
AirDefense alerted security officer via AirDefense alerted security officer via email.email.
Security resolved situation before any Security resolved situation before any damage was done.damage was done.
Large Systems Integrator Large Systems Integrator Case #2: Mis-configured WLAN Case #2: Mis-configured WLAN
Approved WLAN with several Approved WLAN with several configurations out of security specsconfigurations out of security specs
AirDefense alerted security and network AirDefense alerted security and network servicesservices
Security and network services resolved Security and network services resolved problem.problem.
Large Systems IntegratorLarge Systems IntegratorCase #3: Default ConfigurationCase #3: Default Configuration
Approved AP accidentally reset to factory Approved AP accidentally reset to factory defaults during construction in area of defaults during construction in area of buildingbuilding
AirDefense alerted security of default AirDefense alerted security of default configuration.configuration.
Security was able to shut AP down before Security was able to shut AP down before any intrusions.any intrusions.
As an educational institution we provide an open flexible network infrastructure
Many departments with network admins who want to install their own APs Must maintain a standard configuration policy
regardless of hardware used
Employees bringing in access points
Difficulty identifying WLAN performance issues
A Large University Issues:
Communication to staff, faculty, students –
difficult at bestCreate policy not allowing WLAN outside of ITS
control – not good, people usually want and
push for what they can’t haveWar-walking – time consuming, doesn’t monitor
24-7
A Large University How Can the Issues Be Addressed?
24/7 monitoring of airwaves
Security policy enforcement
A better view of our WLAN than EVER before
Time savings Network management Security
Product was purchased by security for security purposes – but the reality is that it’s been as much a WLAN performance & management tool
A Large University 24 X 7 Monitoring with AirDefense
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
Summary
1. WLAN risks made severe by: We don’t control the medium We don’t control who we connect to
2. Every organization has WLANs (rogue or sanctioned) Check out wigle.net
3. Detect and root out rogue WLANs NetStumbler > Kismet > 24 X 7 monitoring Lock down laptops (Probing, ad hoc)
4. WLAN policy is critical (Deployed or prohibited) Define > Monitor > Enforce
5. When deploying, use layered security approach Encryption > Authentication > 24 X 7 RF Monitoring
6. Have Control over your Air Space Assets > Relationships > Behavior
Copyright © 2002 – 2004 AirDefense Proprietary and Confidential.
Contact us
Web: www.AirDefense.NET
HQs Phone: 770-663-8115
More info or demo? Darren Hamrick
Email: [email protected] Phone: 404-786-1440