310 likes | 433 Views
AirDefense Market Leader in Enabling Risk-Free Wireless LANs Wireless Monitoring & Intrusion Protection. Put Wireless LAN Security Monitoring in your budget. - Gartner. www.airdefense.net. About AirDefense. WHAT WE DO. OUR TECHNOLOGY.
E N D
AirDefenseMarket Leader in Enabling Risk-Free Wireless LANsWireless Monitoring & Intrusion Protection Put Wireless LAN Security Monitoring in your budget. - Gartner www.airdefense.net
About AirDefense WHAT WE DO OUR TECHNOLOGY • Enterprise Class Distributed Monitoring Architecture – 13 Patents Pending • Wireless Intrusion Detection & Protection System with Multiple Correlation & Analysis Engines • Proactive 24 x 7 Monitoring of Enterprise Airwaves against Rogues, Intruders, Hackers, Interference & Network Abuses • Ensures Regulatory & Enterprise Policy Compliances • Any Vendor, Any Protocol, Any Device CUSTOMER PROFILE BENEFITS • 250+ Govt. Organizations & Blue-Chip Enterprises (over 80% market share) • Proven solution monitoring: • Tens of thousands of Access Points • Hundreds of thousands of Devices • Control over air space • Auto-Discovery of all Wireless Assets & Threats • Risk-free Wireless Deployments
Understanding SSID & Mac Address • SSID helps stations find APs around • - 32 byte unique Service Set Identifier of AP • - Like your company name on the building • - Sent when AP receives a probe request from station • - Can be seen in the air SSID • Mac Address • To deliver traffic, a unique Identifier must be available for each device – Media Access Control (MAC) Address • Example: 00-04-5a-03-3c-0f OUI(Organizationally Unique Identifier, first 3 characters) Serial Number
Understanding Probes & Beacons User Station PROBES: • A Station sends a probe request frame when it needs to obtain information from another station. (For example, a station would send a probe request to determine which access points are within range.) Probes BEACONS: • The Access point (AP) periodically sends a beacon frame to announce its presence and relay information, such as timestamp, SSID, and other parameters regarding the access point Beacons Access Point
Problem: Uncontrolled MediumWireless LAN is extension of Wired LAN AIR Vs. • With a single access point, walls come tumbling down • Ethernet now extends to the parking lot! The walls of the facility provide a solid line of defense against intruders The walls of the facility provide a solid line of defense against intruders Intruder t r 2 Intruder Server Server Server Computer RF in the AIR is uncontrolled… e a k
Self-Deploying & Transient Networks PROBES PROBES PROBES CORPORATE NETWORK NEIGHBOR A Ad Hoc Network Accidental Association PARKING LOT CONFERENCE ROOM Malicious Association 1. User Station transmits PROBES SHIPPING DEPARTMENT 2. APs transmit BEACONS 3. User Station connects to BEST ACCESS POINT We Don’t Control who we connect to…
Easier to Attack: Growing Security Threats Increasing Sophistication of Attacks New & Easier Attack Tools Attack Sophistication High WEPCrack WiGLE.net Low AirJack 2005 1980 Knowledge Required by Intruder HostAP New & Easier Tools make it very easy to attack the Network
WLAN – Real World Risks 46 % Of Companies Have Been Victim Of A Security Breach - PwC Companies That Found A Rogue Device 61% Of Attacks Were From Hackers 10% Of Attacks Were From Former Employees/ Contractors 83% Of Companies Reported A Monetary Loss Downtime Averaged 1.33 Days Per Employee WLAN Facts: Top 8 90% 2M/Qtr $416K Average Cost Of Loss Per Attack (US Study) Current Growth Of Access Points 80% 10M/Qtr $220K Found Devices With No Security Current Growth of Stations Average Cost Of Loss Per Attack (UK Study) 100 60% Companies That Have Deployed Insecure WLANs Avg. # Of Serious Attacks Per Month
Layered Approach to Security Control the Uncontrollable
Gartner on WLAN Security Risks 3 “Must Have” WLAN Security • Install a centrally managed personal firewall on laptops that are issued wireless NICs • Perform wireless intrusion detection to discover rogue access points, foreign devices connecting to corporate access points and accidental associations to nearby access points in use by other companies. • Turn on some form of encryption and authentication for supported WLAN use. • July 31, 2003
Best Practices for Securing Enterprise WLANs WLAN POLICY • No WLANs • Sanctioned WLANs Lock down APs & User Stations Monitor & Root out Rogue WLANs Use Strong Encryption & Authentication & Authorization Monitor your Air Space Securing the perimeter
802.11 Security Standards WEP:Wired Equivalent Privacy, a wireless encryption standard, which was developed by the IEEE 802.11 standards committee. 802.1X: IEEE 802.1 standard for authentication, which supports multiple authentication modes, including RADIUS, that can be used in wireline and wireless networks. LEAP: Lightweight Extensible Authentication Protocol , which includes Cisco’s proprietary extensions to 802.1X to share authentication data between Cisco WLAN access points and the Cisco Secure Access Control Server. TKIP: Temporal Key Integrity Protocol, which was developed by the IEEE 802.11i standards committee as a WEP improvement. TTLS: Tunneled Transport Layered Security, which was developed by Funk Software and Certicom, now is an IETF draft standard. It is an alternative to PEAP. PEAP: Protected Extensible Authentication Protocol , which was developed by Microsoft, Cisco and RSA Security, is now an IETF draft standard. PEAP encrypts authentication data using a tunneling method. WPA: Wi-Fi Protected Access – Announced by the Wi-Fi Alliance to describe 802.1x with TKIP and MIC. Subset of the 802.11i security standard expected in Q4 ‘03 802.11i: IEEE standards group effort that involves fixing perceived weaknesses in 802.1X and WEP and creating an umbrella standard for 802.11 security
AirDefense Solution: Plug & Protect Wireless Stations Remote Secure Browser SmartSensor Appliance Access Points Hacker Centralized Management • Real-time Monitoring • Multiple Correlation, Analysis & IDS Engines • Integrated Reporting SmartSensor • Smart Sensors scanning 802.11 a/ b/ g • Selective processing, Encryption Rogue Access Point Designed for Enterprise Scalability & Central Management
AirDefense Functionality • SECURITY • Rogue Detection, Analysis & Mitigation • Intrusion Detection System • Forensics & Incident Analysis 1 Active Defenses • TROUBLESHOOTING • Remote Troubleshooting • Availability • Network Usage & Performance • COMPLIANCE • Enterprise Policy Monitoring • Regulatory Compliance • DoD, HIPAA • SOX, FDIC, OCC, GLBA 3 2
Experience: Fortune 500 Consumer Goods Company SOUTHAFRICA AIRPORT JAPAN IRELAND ATRIUM 26-STORY HONG KONG 20-STORY 3-STORY MEXICO ARGENTINA 11-STORY BRAZIL HEADQUARTERS, USA Centralized Management Console
Southeastern Hospital - Background • Main driver: point of care access to computerized care systems at the bedside: • Recent contract with McKesson and Siemens for wireless application deployment • Reduction of errors on medications and physician’s orders • Reduction of paper in all medical records • Improved care through access to information at point of diagnosis and treatment
Southeastern Hospital - Background • Physical plant was saturated with cable, no room for real growth • Additional devices required additional equipment in the closets • More personnel resources are needed to support additional lines • Wireless access will speed up application deployment
Southeastern Hospital Issues With Rogue Devices • Columbus is saturated with wireless deployments • Local universities are moving to wireless deployments in their classrooms • All students are now outfitted with laptops with WLAN cards for their class work • Two largest competitors share a property line with our campus • Fear of unauthorized access and HIPAA’s implications • Physicians and clinicians bringing in unauthorized devices with wireless access cards
Southeastern Hospital Rogue Incident #1 – Physician Unauthorized Access / Use • New PACS systems was installed in radiology • Contract radiologist connected WLAN device to viewing station • Was pulling images from other hospitals via this device to be manipulated by 3-D imaging system • HIPAA concerns, ownership of data, patient confidentiality • Solution – identified rogue device via air defense, removed device, contract was terminated
Southeastern Hospital Rogue Incident #2 – Vendor With Hacking Software • An unauthorized vendor came to sell to a department in hospital • Obtained temporary access to WLAN from ED nodes for email and internet • Intercepted emails from materials management staff in a matter of minutes • Solution – identified rogue vendor as they passed through the hospital with AirDefense, had security meet them, and escorted off the building
Large Systems Integrator Case #1: Probing Vendor • Vendor probing for WLAN within LM Aero controlled facility • AirDefense alerted security officer via email. • Security resolved situation before any damage was done.
Large Systems Integrator Case #2: Mis-configured WLAN • Approved WLAN with several configurations out of security specs • AirDefense alerted security and network services • Security and network services resolved problem.
Large Systems IntegratorCase #3: Default Configuration • Approved AP accidentally reset to factory defaults during construction in area of building • AirDefense alerted security of default configuration. • Security was able to shut AP down before any intrusions.
A Large University Issues: • As an educational institution we provide an open flexible network infrastructure • Many departments with network admins who want to install their own APs • Must maintain a standard configuration policy regardless of hardware used • Employees bringing in access points • Difficulty identifying WLAN performance issues
A Large University How Can the Issues Be Addressed? • Communication to staff, faculty, students – difficult at best • Create policy not allowing WLAN outside of ITS control – not good, people usually want and push for what they can’t have • War-walking – time consuming, doesn’t monitor 24-7
A Large University 24 X 7 Monitoring with AirDefense • 24/7 monitoring of airwaves • Security policy enforcement • A better view of our WLAN than EVER before • Time savings • Network management • Security • Product was purchased by security for security purposes – but the reality is that it’s been as much a WLAN performance & management tool
Summary • WLAN risks made severe by: • We don’t control the medium • We don’t control who we connect to • Every organization has WLANs (rogue or sanctioned) • Check out wigle.net • Detect and root out rogue WLANs • NetStumbler > Kismet > 24 X 7 monitoring • Lock down laptops (Probing, ad hoc) • WLAN policy is critical (Deployed or prohibited) • Define > Monitor > Enforce • When deploying, use layered security approach • Encryption > Authentication > 24 X 7 RF Monitoring • Have Control over your Air Space • Assets > Relationships > Behavior
Contact us • Web: www.AirDefense.NET • HQs Phone: 770-663-8115 • More info or demo? • Darren Hamrick • Email: Dhamrick@AirDefense.net • Phone: 404-786-1440