w&m 2009 –unified, corporate-wide, wireless threat management
TRANSCRIPT
Geode Networks Europe Ltd – Independent Technology Consulting © 2009
Unified Wireless Threat Management
Presented byAndy de Clerck
Geode Networks Europe Ltd
Geode Networks Europe Ltd – Independent Technology Consulting © 2009
Title: Unified, corporate-wide, Wireless Threat Management
14:30 PM - 15:00 PMPresented by: Andy de Clerck (Technical Director) - Geode Networks Europe Ltd
Abstract: Exploring how organisations can monitor and defend networks against wireless security threats.
Wireless Threat Management enables organisations to proactively protect networks and data against wireless-enabled attacks whilst addressing all of the security issues related to the widespread use of wireless technologies (wireless, cellular and broadband radio).
Unified Wireless Threat Management
Geode Networks Europe Ltd – Independent Technology Consulting © 2009
The Risk is Now Detached & Nomadic
Mobile Phones
SMS
Calls
Beaconing
Broadband Cards
Laptop
802.11
Access Points
Bridges
Wi-Fi VoIP
Wireless Clients
Bluetooth
USB
Geode Networks Europe Ltd – Independent Technology Consulting © 2009
Definition & Understanding
Computers
Mobile Devices
Information
Applications
Networks / Infrastructure
Assets At Risk!
Attack!
Attack!
Attack!
Attack!
Threat DirectionInternal to Internal
External to Internal
Threat TargetInternal Data AssetInternal Disruption
Threat HighwayInternal Connection RequiredDirect/Wireless/Remote/VPN
Threat DetectionNetwork Based
Connection Oriented
Geode Networks Europe Ltd – Independent Technology Consulting © 2009
3rd Dimensional Threat
Computers
Mobile Devices
Information
Applications
Networks / Infrastructure
Assets At Risk!
Attack!
Attack!
Attack!
Attack!
Threat DirectionInternal to External External to External
Threat TargetMobile DeviceLaptop
Threat HighwayWirelessBluetoothUSB
Threat DetectionDisconnected
Traditional Tools struggle
Geode Networks Europe Ltd – Independent Technology Consulting © 2009
The Risk is Mobility (Not Just Wireless)
Unification of business applications and the advantages of true mobility within a workforce or environment has created new threats or has it?
New terms in use such as IP Leakage bring new policy thoughts
Security threat has evolved, just as it did when the Internet took hold
The unknown just got bigger and broader
Business Assets have always been at risk
Laptops are left in public places
Over shoulder snooping
Workers operating in public areas
Common thread….. Mobile / Nomadic / Portable connected devices
3G/4G/Internet
Geode Networks Europe Ltd – Independent Technology Consulting © 2009
The Risk is Now Detached & Nomadic
Mobile Smart Phone
802.11abgn devices
Bluetooth
USB
Laptop
Do you know where your data is going?
Locate the threatening device
Secure the disconnected asset
Address the leak potential
Geode Networks Europe Ltd – Independent Technology Consulting © 2009
Data Leak from the 3rd Dimension
Mobile Phones
SMS
Calls
Beaconing
Broadband Cards
Laptop
802.11
Access Points
Bridges
Wi-Fi VoIP
Wireless Clients
Bluetooth
USB
Geode Networks Europe Ltd – Independent Technology Consulting © 2009
Trusted Access Point
Rogue Access Point or Laptop
Identify the Threat
Corporate Network
Public Broadcast
Geode Networks Europe Ltd – Independent Technology Consulting © 2009
Trusted Access Point
Trusted Laptop
Secu
re Privileg
ed Z
on
e
Securing the perimeterDisallow Association
even to trusted devices outside of defined zones
Secure Internally & Externally By Policy
Geode Networks Europe Ltd – Independent Technology Consulting © 2009
Trusted Phone
Active / Rogue phone
Cellular Threats
Information is leaked via Mobile Phones, these
are a huge risk!
VoiceSMSEmail
PhotographsInternet
Bluetooth
Secu
re Privileg
ed Z
on
e
Geode Networks Europe Ltd – Independent Technology Consulting © 2009
– Playback of Past Events: • Web-based application reads from web server and database for replay of
Cell Phone/WiFi activity
– Database• Oracle or MySQL database • Database read in real-time or post-event• Database can be local or remote
– Remote Monitoring: • Remote real-time monitoring of system by accessing database & web server
via web applications• Forensic replay of events by accessing database & web server with web
application
Forensic Usage
Geode Networks Europe Ltd – Independent Technology Consulting © 2009
•Violation of Wireless Security Policies (e.g. unencrypted transmissions, association with unauthorized APs, no VPN usage).
• Dual-homing – multiple simultaneous network connections.
• Violation of USB Mass Memory, Video, Bluetooth Security Policies.
Enforces security policies defined by Admin in Policy Manager When a wired network connection is present, Client disables laptop’s 802.11 and Cellular Broadband devices Client also used to disable classes of USB devices such as Mass Memory Devices, Bluetooth Devices, etc.
Mobile End Point Leakage
Geode Networks Europe Ltd – Independent Technology Consulting © 2009
Key Elements of Delivering Security – CARE-NET
Communication Security• Protection of data and voice
communications between designated endpoints.
Authorisation & Access Control• Support of multi-level security measures
by implementing identity or role based access control on applications, application server, 802.1x etc
Reliability & Resilience• Tolerance to hardware and software
failures, asymmetric and unidirectional links, or limited range of wireless communication
Easy• Deploying technology should not impact
usability in a way that is intolerable
Network Infrastructure Protection• Protection of routing and network
management infrastructure against both passive and active attacks, such as rogue devices, insertion, deletion, modification or replay of control messages,
Efficiency• Electrical, computing power, RF resource
and network bandwidth
Transmission Security• The services include countermeasures
against radio signal detection, jamming, control/user data acquisition, and eavesdropping