airtight networks - wireless security 2011

The Global Leader in Wireless Security Solutions2011 AirTight Networks, Inc.

Proprietary & Confidential.

AirTight Networks The Global Leader in

Wireless Security

2010 AirTight Networks, Inc. Proprietary & Confidential

Agenda

Some real life scenarios Wireless security, common perceptions and the solution AirTight Customers and Why Wireless Security AirTight Advantage – Marker Packets Security of smart devices – phones and tablets


Organization 1: • 52 Unauthorized wireless users• 18 Employees connected to vulnerable WiFi• 23 Ad-hoc connections• 7 Victims of Honeypot attacks• 5 Open connection • 2 Rogue APs

Organization 2• 331 ad-hoc connections• 26 Employees connected to Open APs• 94 Open APs• 375 WEP APs• 28 Vulnerable SSIDs

Organization 3• Sr. Exec laptop connected to wireless printer

Open Connections Unauthorized clientsMis-associating clients Ad-hoc ConnectionsWEP ConnectionsHoney attacks

Open ConnectionsRogue APs

WEP Connections

Vulnerable SSIDs

Wireless Vulnerabilities Observed

L5

L4

L5L4


Wired Security Broken With Wireless Vulnerability

Weakest link be attacked


WIPS: A High Security & Compliance Requirement

DISA mandates WIPS (June 2006)

WIDS are required for all DoD wired and wireless local area networks (LAN). WIDS monitoring will ensure full awareness of any wireless activity within DoD network environments. WIDS must continuously scan for and detect authorized and unauthorized activities. Continuous scanning is 24 hours / day, 7 days/week.

PCI DSS requirement 11.1 mandates quarterly wireless scans of all locations that process, transmit or store cardholder data – whether or not wireless is deployed.

PCI DSS Wireless Guideline 2.2


Page 7

Risk from WLAN Attacks Most Severe and Urgent

Gartner: “Staying Ahead of Next-Generation Threats and Vulnerabilities,” by John Pescatore, June 28-July 1, 2009

Highest Severity & NOW!!


Page 8

Common Perceptions….. & Reality

No WiFi Enterprises

WiFi is officially deployed

“We don’t have WiFi & hence we are not affected”

It doesn’t apply to us

“We have encryption, firewalls, IDS, anti-virus installed and hence

we are already protected”

Our security is good enough

Only valid users are allowed

“We have encryption and authentication so no unauthorized

user can access the networkEmployees use smart phones

Rogue, honey pot APs Users connecting to ext WiFi Ad-hoc, DoS attacks ++

Not good enough; Unmanaged connections

Valid user from unmanaged device is a threat

Loss of smart phone Device hygiene - malware Hotspots, tethering

Rogue, honey pot APs Users connecting to ext WiFi

Not secure; There is WiFi


Page 11

Classifying Threats And Enforcing Policy

Authorized

ExternalRogue

Authorized Connected to the network Following the security policy

ExternalNot connected to the network Visible in the air

RogueConnected to the network Violating the security policy

AuthorizedConnected to an authorized AP ExternalConnected to an external AP

Access Points ClientsEvents

Authorized

External

Guest

Guest: Connected to the guest networkFollowing the Guest security policyCan not connect to Authorized APs

Guest

GuestConnected to a Guest AP


Page 16

Why Customers Buy AirTight Technology

Quarantine APs if connected to enterprise network Prevent WiFi connections to / from enterprise WiFi clients

Quarantine unmanaged APs if connected to enterprise network Prevent enterprise Wi-Fi clients from connecting to external & Guest Wi-Fi Prevent external Wi-Fi devices from accessing enterprise APs and clients Detect & prevent DoS attacks on enterprise Wi-Fi

Establish RF visibility throughout the enterprise and the neighbourhood WiFi vendor agnostic performance monitoring and forensics

No Wi-Fi

Secure Wi-Fi

PCI, And…SOX, GLBA, ISO 27000 …. Compliance

Monitoring


Page 17

Marquis High Security Wins

GovernmentGovernment TransportationTransportationTelcoTelco ManufacturingManufacturing

TechnologyTechnology ServicesServicesFinancialFinancial


Page 18

Notable PCI Activity

2010 Customer Wins2009 Customer Wins

http://www.kwiktrip.com/

http://www1.hilton.com/en_US/hi/index.do;jsessionid=EDE4B19D037FBA30975287642AA1C511.etc54


Page 19

Gartner 2010 WIPS Marketscope

4 Time Winner!


Page 20

Gartner on AirTight and Wireless Intrusion Prevention

“..a company with a good vision for what people will buy, and this vision is earning them steady year over year growth in both installed base and new clients.”

“AirTight's drop-in SaaS package is affordable and was well-timed to PCI law fortifications…”

“AirTight is appropriate for buyers that are looking for an easy-to-deploy solution with minimal training/skill…”

…strong security and rapid deployment with reduced overhead to setup and configure.

Customer references report that the product is easy to set up and that it avoids false alarms by using multiple checks to classify rogues.

Gartner on AirTight “Lean back system”

“As new wireless technologies emerge, the overlay systems will provide the most flexible approach for rapidly

incorporating monitoring and intrusion prevention.”

Gartner on AirTight “Lean back system”Gartner on AirTight “Lean back system”


Page 22

Innovations by AirTightInnovations by AirTight

20 patents granted/allowed

20+ more pending2005

World’s first fully-automated

WIPS

2010

2009

Comprehensive WLAN, SIM/SEM

integration

2006/7

Usability Scalability Availability

2008

World’s first SaaS WIPS

First 11n WIPS

World’s first cloud Wi-Fi and security

solution


Page 23

ARP Request Marker Packets (L2)

Sensor sends periodic ARP Requests with signatures in them

Sensor detects if any AP forwards them to wireless side

VLAN

ARP Requests

VLAN

ARP Request Bridge Rogue AP

Sensor

Sensor


Page 24

UDP Marker Packets (L3) – Example 2

UDP packet containing signature

NAT Rogue AP

SGE Server

LAN

VLAN 1

VLAN 2


Page 25

How CAM table lookup works?

– Sensor sees Client on wireless– Reports its connection to AP

2

3

1– Client connects thru AP – Client MAC gets in CAM – Server polls CAM tables

2

3

1

– AP marked wired to monitored network

Network Connected Bridge AP (AP1)

WIPS Sensor WIPS

Server

Network Switches

1

2 3

Client

111


Page 26

Performance Comparison Summary

Criteria Marker Packets

MAC Correlation

1. False negative on NAT APs Never Often

2. False positive on neighbor AP Never Often

3. Latency of detectionLow

(few minutes)

High

(tens of minutes)

4. Configuration, maintenance Zero High

5. Scalability Infinite Poor

6. Manual intervention for classification None Extensive


Page 27

Flood of WiFi Enabled Unmanaged Devices


Page 28

Comprehensive wireless security


Page 29

67 M

95 M

2010 Smartphones

2011 Smartphones

2011 Smartphones + Tablets

140 M

http://www.eweek.com/c/a/Mobile-and-Wireless/Smartphones-Not-Tablets-Top-Consumer-Shopping-Lists-Gartner-127190/

Smart devices in everyone’s pocketUS Smart phone and Tablet Projections


Page 30

What it means for enterprise security


Page 31

Smart Devices in Enterprise - Threat Vectors

High exposure to data theft• Lost/stolen devices is a cause of concern; since they will carry large amount of

enterprise data

Compromised devices• Native security controls on devices can be rendered inoperative - iPhone

jailbreaking, Android open source

• Malware, spyware and viruses threats

Network intrusion over wireless backdoors• Backdoor entry/exit in network over “tethering” and honeypots


Page 32

More than what meets the naked eye!


Page 33

Enterprise Security Perimeter

Internet

3G Network

Backdoor Exit

Backdoor Entry

Tethering: Bridging the two wireless worlds!


Page 34

Ban them completely, or use some form of white-listing.

What’s your smart phone security game plan?


Page 35

No. How will you monitor the unapproved use?

Is banning or white listing by itself sufficient?


Page 36

Wi-Fi: Gateway for unapproved use

Wi-Fi presents zero barrier for unapproved smart devices

to enter enterprise networks!

Voilà! We are on

WPA2 enterprise Wi-Fi.


Page 37

Single user – Multiple devices


Page 39

RespondAnalyze Violation

Detect Violation

Patented wireless client classification and policy enforcement platform in AirTight WIPS

Define White List Criteria

Monitoring unapproved use with AirTight WIPS


Page 41

More than what meets the naked eye!