Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

21
1 MOTOROLA AIRDEFENSE SOLUTIONS Fortifying Wireless LANs Gap-free Security & Compliance, Infrastructure Mgmt & Network Assurance

description

This session covers security risks associated with WLANs, including tools that are used by hackers to exploit wireless vulnerabilities. We will also cover key performance issues that affect deployments and holistic WLAN management solutions that can be leveraged to dramatically reduce TCO and achieve quicker ROI from your WLAN.

Transcript of Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

Page 1: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

1

MOTOROLAAIRDEFENSE SOLUTIONS

Fortifying Wireless LANs Gap-free Security & Compliance, Infrastructure Mgmt &

Network Assurance

Page 2: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

2MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.

INTERNET

Wireless Security Concerns

Server

Users

Network Edge Blurred

New AttackVectors ‘Behind’

the Firewall

Mis-configured AP

Hacker in Parking Lot

Users Connecting toNeighboring Networks

Rogue AP

You may be a target? Purposeful Threats

Your users may just not know any better? Policy Threats

Page 3: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

Why is it easy to attack WLAN ?

Layer 2 - three different frames

• Management frames • Control frames • Data frames

Layer 2 - single data frame

• 3 step handshake

frames

802.11 802.3

Important:

• Encryption (WEP, WPA2 ...) is only valid for the „Data Frame“

• „Management/Control Frames“ are NOTencryptable, which means transparent and always visible, ( even 802.11 w WILL NOT HELP!)

Layer 1 is a cable Layer 1 is the AIR

MAC

SSID

Channel

BSSIDVendor

Framerates

Need

WE

P K

ey

MA

C

802.11 Frame Format vs. 802.3

Page 4: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

4MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.

Wireless Phishing

Tools such as Karma

can Respond to ANY Client Probe Request

Takes advantage of

Automatic Network Selection in Windows (Zero Configuration

Client)

3Naïve user Associates with AP

2AP responds to Probe Request

Laptop sends Probe Request1

AP provides IP address to User4

Scan laptop for vulnerabilities & compromise it

5

Use station as a launch pad6

Intruder Laptop

(Soft AP)

User Station

Page 5: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

IPPON Attack Type 1 & 2

Tools such as IPPON

Uses several techniques of update-exploitation attacks

Leverages a man-in-the-middle technique, to build and inject a fake update reply or hijack an on-going update session

Page 6: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

6MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.

Windows 7 – Virtual Wifi Mode…thanks MS!

Virtual WiFi EVERY laptop can be an AP!

Page 7: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

7MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.

Risks Faced By Mobile Workers

COFFEE SHOP AIRPORT

BRANCH OFFICE

HOTEL

HOME HEADQUARTERS

Am I connected to an insecure access point?

Am I connected to a real hotspot connection

Are my employees using Municipal Wi-Fi?

Is my laptop probing for SSIDs not on the safe list?

Am I connected to another passenger in ad-hoc mode?

Do I have wired & wireless on at the same time?

Page 8: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

8MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.

WLAN Management Concerns& Factors Affecting WLAN Reliability

Users

Wireless Switch

Client Devices

Vendor C:Acquired Business

Users

WLAN Device Management• Difficulty in Managing Various

Infrastructure Vendors with Multiple Consoles

• Diverse Environments Add Levels of Complexity to Manage, Leaving Networks with Inconsistent Configuration

Vendor A:Legacy Deployment

Vendor B:Current Deployment Model

CorporateHeadquarters

Noise & Interference

Roaming Issues

Coverage & Capacity

Connectivity Problems

WLAN “Network Assurance”• Device metrics and utilization

• RF coverage and capacity

• Connectivity problems

• Roaming issues

• Noise and Interference

Page 9: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

9MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.

The Industry is changing – Unified Wireless Management Platforms

Security and Comply with

Regulatory & Industry Requirements

Centrally Control and Monitor WLAN Infrastructure with One

Management Console

UnifiedPlatform

WLAN Troubleshooting and Proactive Analysis

of Wireless Issues

Page 10: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

Lifecycle: Rogue Threat Management & Mitigation

Detect Rogue Devices / Associations Hardware APs, Soft APs, Wireless ready laptops Specialty Devices Ad-hoc networks/ Accidental/ Malicious

Associations1

Calculate Threat Index Threat-based Management Partitioning of Friendly Neighboring Networks

till they get malicious2

Analyze Rogue Connections In-depth analysis of the activity

level of each rogue Who was connected to the rogue What/ how much data transmitted

3

Locate Rogue Devices Real-time accurate location

tracking of all devices4

Terminate Rogue Devices Policy-based & manual termination Via air or port suppression5

Highest Risk

Innocent Neighbor AP

Least Risk

Connection to Neighbor AP

Rogue AP inmy building

Connection toRogue AP &

transferring data

Rogue APon My

Network

Comprehensive Threat Analysis and locationing

Page 11: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

Automated Wireless Protection SECURITY & COMPLIANCE

Wireless TerminationTargeted Disruption of Wireless Connections

No Impact to Allowed Network Traffic

Compliant with Applicable Laws & FCC Regulations

Wired Port SuppressionSearch Wired Network to Locate the Switch-port a Rogue Threat is Attached to

Safeguards Ensure Only Threat is Disconnected

Wireless ACLPrevent Wireless Stations from Connecting to the WLAN

Sensor

WIPS Appliance

Switch

Laptop

Neighboring AP

APs

Wireless Station

AP

Terminated: AccidentalAssociation

Port Suppressed: Rogue AP

ACL Enforced: Rogue Station

Comprehensive Threat Mitigation that is Powerful & Safe to Use

Methods of IPS

Page 12: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

12MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.

Visibility into Network Activity & Threats

ForensicSummary

AssociationAnalysis

Requirement! Forensic Analysis for Security

Extensive Forensic Data• Record of Device Connectivity

• Determine Exact Time & Impact of Security Incidents

• Historical Data Storage

Benefits• Complete picture of event: before, during,

after• Understand Exposure From Transient

Threats• Reduces Need for 24/7 Staffing• Legally may require details to prosecute

Page 13: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

13MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.

Broad Analysis for “Network Assurance”

HistoricalTroubleshooting

Tools

• Detailed Forensics

• Scope Forensics

• Alarm Forensics

Real-time Troubleshooting

Tools

• Live Wireless Analysis

• Client Connectivity Troubleshooting

• AP Connection Testing

• Spectrum Analysis

• Live RF Visualization

Proactive Trouble

Prevention

• AP Connection Testing• Monitoring to ensure Policy

Compliance

• Monitoring to Performance Policy Compliance

• RF coverage change Modeling

End-user Feedback Performance Alarms & Reports

Centralized WLAN Troubleshooting

Page 14: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

14MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.

Requirement! Forensics for Troubleshooting WLAN Issues

Detailed Forensic Analysis• Device, Threats, Associations, Traffic,

Signal and Location Tends• Record of Wireless Performance and

Connectivity Issues

Network Trend Analysis• Historical Analysis of Intermittent

Wireless Problems• Performance Trends and Establish

Network Baselines

TrafficAnalysis

EventSequence

Faster Root Cause Determination and Recovery

Page 15: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

15MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.

Physical Layer and RF Troubleshooting

Spectrum Analysis for Interference Detection

• Real-time Spectrograms

• Proactive Detection of Application Impacting Interference

• Remote Real Time L1 Troubleshooting

Easily Identify the impact and Source of Interference Problems

ClassifyInterference

Sources

Visualize RF Coverage• Real-time RF Visualizations

• Proactive Monitoring and Alerting of Coverage Problems

• Application Specific Simulations – Voice, Video, Data, Custom

• Comparative Analysis of Current Environment to Known Healthy Environment

Side-by-sideComparative

Analysis

Page 16: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

16MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.

WLAN Device Management: Centrally Manage Multi-vendor Deployments

Operate the Entire Wireless Network from One Console

HolisticVisibility

Managing the Wireless Network• Perform Device Configuration• Automate Configuration Audit & Correction• Monitor Device Health• Receive Infrastructure Faults• Collect Network Traffic Statistics

Identifying, Analyzing andRemediating Issues• Visualizing Network Topology• Maintaining Consistent Configuration• Monitoring and Prioritizing Critical Events• Reporting on Network Health and Utilization

Page 17: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

Wireless Security is Paramount

17MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.

Motorola’s AirDefense Solution has a Positive ROI within a Year

Security &Compliance

• Cost Effective Compliancewith Regulatory and Industry Requirements.

• Prevention Cost is About 5% the Cost of the Data Breach.

InfrastructureManagement

• Holistic Network Management with a Single ‘Pane of Glass’ for Central Management.

• Network Upgrades/Migrations are Simplified with Centrally Managed Infrastructure.

NetworkAssurance

• Improve Wireless Availability and Network Reduce Downtime.

• Reduce Operational Costs Associated with Wireless Performance and Maintenance.Centralized Mgmt

Improves Network Performance

24x7 Monitoring Ensures Network

Reliability

Why a Unified Wireless Management Platform?

Improved ROI

Cross Domain usage and value

Page 18: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

18MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.

The Motorola AirDefense Solution

Ensure Security and Comply with

Regulatory & Industry Requirements

Centrally Control and Monitor WLAN Infrastructure with One

Management Console

Solutionsfor AnyWLAN

Allows Remote Troubleshooting and Proactive Analysis of

Wireless Issues

Page 19: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

19MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.

Solution Architecture

The Hardware:• Centralized, Hardened Appliance – Secure System

with Low-bandwidth Utilization

• Two Types of Sensors

- Integrated Sensors are Built into Motorola Access Points

- Stand Alone Sensors are Separate Devices, Use One for Every 3-5 APs

The AirDefense Services Platform:• Centralized Reporting

• 24x7 Monitoring

• Robust Alarm Management

• Automatic Mitigation & Escalation

• Forensic Analysis

• Multi-vendor Management

• Remote Troubleshooting

• Interference Detection

Headquarters

ADSPAppliance

Sensor

Field Offices

Field Offices

Wireless Switch

AirDefense Services Platform

• Advanced Forensics

• Spectrum Analysis

• Advanced Troubleshooting

• LiveRF

• Mobile Laptop Analyzer

Network Assurance

InfrastructureManagement

• WLAN Management

• Centralized Management Console

Security &Compliance

• WIPS

• Wireless Vulnerability Assessment

• Advanced Forensics

• Mobile Workforce Protection

• Legacy Encryption Protection

Industry First: Combined AP & Sensor

Page 20: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

20MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.

Innovative Add-on Modules

Innovative Add-on Modules

Wireless VulnerabilityAssessment

Mobile WorkforceProtection

Proactively Assess the Security Posture

of Wireless Networks

End-point Security to Protect Mobile Users

Regardless of Location

WLAN Management

Provides Simplified, Centralized Multi-

vendor WLAN Infrastructure

Management & Control

Centralized Management Console

Manage Multiple Motorola AirDefense

Enterprise Appliances From One Single

Console

Wireless Intrusion Prevention

Vendor-agnostic 24x7 Wireless Intrusion

Prevention System & Automated Threat

Mitigation

Advanced Forensics

Rewind & Review Detailed Wireless

Activity Records for Forensic Investigations

& Troubleshooting

AdvancedTroubleshooting

Spectrum Analysis

Provides Faster Resolution of Wireless-related Issues as Well

as Proactive Performance

Detect & Classify Common Types of RF Interference Sources Including Microwaves,

Bluetooth etc.

Real-time Assessment of Wireless Network

Performance. Centrally Analyze & Troubleshoot

Connectivity Issues

LiveRFLegacy Encryption

Protection

Provides Protection for Wireless

Infrastructure Secured by Legacy

Encryption Protocols

Page 21: Fortifying WLANs: Wireless Security & Compliance, Infrastructure Mgmt & Network Assurance

21MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.

Thank You!

Please Visit the Motorola Booth for More Information

Diane Johnson

[email protected]