Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Computer and network surveillance wikipedia , lookup
Security-focused operating system wikipedia , lookup
Stingray phone tracker wikipedia , lookup
Computer security wikipedia , lookup
Distributed firewall wikipedia , lookup
Mobile device forensics wikipedia , lookup
Mobile security wikipedia , lookup
Cybercrime countermeasures wikipedia , lookup
Name Title Contact information WWW.AIRDEFENSE.NET Copyright © 2002-2005 AirDefense Proprietary and Confidential. About AirDefense Pioneers in Anywhere, Anytime Wireless Protection for large Enterprises and Government organizations Quickly growing & clear market leader in space with over 80% market share Deep intellectual property portfolio with 15 patents pending Selected by over 350 customers including leaders in all major industries and government sectors Partnerships with recognized industry leaders e.g. Cisco, IBM, CSC among others Seasoned management team with history of building successful businesses Copyright © 2002-2005 AirDefense Proprietary and Confidential. Are Wireless Network Risks Real? Minneapolis TV Station A News Clip on Wireless LAN Security http://www.airdefense.net/education/video/ Copyright © 2002-2005 AirDefense Proprietary and Confidential. What Makes Wireless Risky? 1. We don’t control the medium (AIR)... 2. We don’t control who we connect to Wireless Eliminates Traditional Security Barriers and Wired Network is Protected by Physical Introduces New Challenges - Signal Bleeding Barriers outside theand FourLogical Walls and the Firewall 3. WLANs can be an easy launch pad to the network NEIGHBOR A • • • • • • Server Server Most CriticalIntruder WLAN Risks Rogue Devices & Associations Documented & Day Zero Intrusions Accidental Exposure to WIRED Network Association Device Misconfigurations Policy & Regulatory Compliance Malicious Hot Spot Protection Association Soft AP Ad Hoc Network PARKING LOT Confidential Data CORPORATE NETWORK Rogue Connected to Network Copyright © 2002-2005 AirDefense Proprietary and Confidential. Risk Validation – Hacked Organizations A California Public School District School district’s unprotected WLAN allowed full unauthorized access to sensitive files & enabled hackers to upload their own files into servers A North Carolina Medical Consulting Firm Broke into the computer system of a local medical consulting firm & illegally accessed information of hundreds of patients, including checks and insurance forms A County Court in Texas Computer security analyst accessed information filed by the clerk of courts by using only a laptop computer and wireless card Copyright © 2002-2005 AirDefense Proprietary and Confidential. The AirDefense Product Family AirDefense BlueWatch AirDefense Personal Personal agent monitoring for policy compliance & security risks & notifies user & enterprise Monitors air space for Bluetooth security vulnerabilities AirDefense Mobile Real-time snapshot of wireless infrastructure Vulnerability Assessment Tool AirDefense Sensor Smart Sensors scanning 802.11 a/ b/ g Selective processing, Secured Communication AirDefense Enterprise Server Real-time Monitoring Multiple Correlation, Analysis & IDS Engines Integrated Reporting Remote Secure Browser Centralized Mgmt AirDefense provides a complete suite of products to secure your enterprise and all personnel, 24x7, anytime, anywhere Copyright © 2002-2005 AirDefense Proprietary and Confidential. Example AirDefense Enterprise Deployment 11-STORY IRELAND SOUTH AFRICA 20-STORY JAPAN 26-STORY HONG KONG ARGENTINA MEXICO HEADQUARTERS, USA 22,000 sq. ft. per floor, 4 floors 176 Devices (16 APs, 160 Stations) Sensors = 2 BRAZIL Copyright © 2002-2005 AirDefense Proprietary and Confidential. AirDefense Technologies: A True IDS System Cisco WLSE Cisco Switch AD Mobile AD SERVER APPLIANCE Correlation Across Other Sensors Sensors Policy Anomalous Manager Behavior Correlation Across IDS AD Sensors Notification Engine Compliance Accurate Detection Reporting & Analysis Forensics Active Defenses AD Personal Accurate Detection, Proactive Protection & Actionable Intelligence = A System You Can Trust Copyright © 2002-2005 AirDefense Proprietary and Confidential. Self-managing, Anywhere, Anytime Wireless Protection Active Defenses Protection Anywhere Advanced Rogue Management Comprehensive Intrusion Detection Forensic & Incident Analysis Policy Compliance Self-Managing Platform Copyright © 2002-2005 AirDefense Proprietary and Confidential. Anywhere Protection – AirDefense Personal Mobile workforce extending the edge of corporate network to a user’s laptop: • User laptop at airport/ hotel can be compromised and serve as a bridge to corporate backbone • Via Accidental Association • Hard to determine if one is connected to a legitimate hotspot or diverted to a malicious counterfeit • Identity-theft via Hot Spot phishing coming to mainstream e.g.: AirSnarf A small software agent that runs on Windows PCs and monitors for wireless exposures and threats, and notifies the user and AirDefense Enterprise. Continuous anywhere monitoring for mobile users on the road or at their office Detects & notifies 50+ configuration, connectivity issues and attacks Protection by enforcing policy defined centrally at AirDefense Enterprise AirDefense Personal AirDefense Enterprise Appliance Alert Logs Turn OFF Radio Policy Profiles 1. Policy Profiles are centrally defined & automatically downloaded each mobile user 2. Alert Logs automatically uploaded to AirDefense Enterprise and central reporting & notification 3. Policy Enforcement (automatic turn-off radio) Copyright © 2002-2005 AirDefense Proprietary and Confidential. Most Advanced Rogue Management Hundreds of neighboring wireless devices may bleed over in your premises especially in urban areas. Finding risky rogues is like finding a needle in haystack. Enterprises either need to employ several “wireless rogue runners” to identify & chase each rogue or deploy an automated, & intelligent solution from AirDefense 1 Detect Rogue Devices & Associations 3 Hardware APs, Soft APs Wireless ready laptops Specialty Devices (barcode scanners) Ad-hoc networks, Accidental/ Malicious Associations In-depth analysis of the activity level of each rogue How long it existed Who was connected to the rogue What and how much data transmitted Analyze Rogue Connections Locate Rogue Device Automated Rogue Mitigation 2 Calculate Threat Index 4 Smart Mgmt of Airwaves Partitioning of Friendly Neighboring Networks till they get malicious Least Risk Innocent Neighbor AP Highest Risk Our Stn connected to neighbor AP Rogue AP in my building Our Stn connected to Rogue AP & transferring data Terminate Rogue Devices Terminates on-command and automatically takes action to terminate connectivity Wired and Wireless termination Rogue AP on my Network Copyright © 2002-2005 AirDefense Proprietary and Confidential. Most Comprehensive & Accurate Intrusion Detection With new threats emerging everyday and hacking tools getting more sophisticated, comprehensive intrusion detection requires advanced detection methods to detect these threats Most Advanced Wireless Intrusion Protection System 15 Patents Pending ACCURATE & RELIABLE DETECTION Policy Engine Correlation Anomalous Behavior Protocol Analysis Signature Based Traffic Correlation Multiple Criteria & Correlation Engines ensure Accurate detection Minimum false positives ACCURATE & RELIABLE ALARMS 400 Alarms MOST COMPREHENSIVE DETECTION 200+ threats detected Documented threats (Signature-based) Day Zero threats (Anomalous Behavior) Wired-side vulnerabilities Sample Threats Reconnaissance Activity Various DoS Attacks Identity Theft Accidental/Malicious Association Dictionary Attacks Security Policy Violations FALSE POSITIVES 11,600 Alarms “First generation WLAN IDS solutions are often limited to signature-based detection. Just as wired-side IDS could not reliably depend upon signatures, WLAN IDS will require multiple detection technologies.” Gartner, July 2004 Copyright © 2002-2005 AirDefense Proprietary and Confidential. AirDefense Ensures Policy Compliance Adopt proven security policies and procedures to address the security weaknesses of the wireless environment Define Policy Security Configuration; VLANs Performance Vendor / Channel Enterprise, Centralized, Template-based, Policy Manager Authentication Compliance Monitor for Compliance Enforce Turn off SSID broadcast Change channel of AP Terminate Compliance with Corporate, regulatory requirements? Network performing correctly? Daily: Policy Violations AirDefense Enables Compliance with SOX DOD DHS GLBA FDIC HIPAA OCC Copyright © 2002-2005 AirDefense Proprietary and Confidential. Forensics & Incident Analysis WLANs are Transient & Security Incidents happen often Important to collect critical device communication & traffic information to analyze what went wrong Min-by-Min Critical Data Store • • • • • Device Connectivity Logs Device Activity Logs Channel Activity Logs Signal Strength Data transferred by Direction One-Click Investigation • • • • • • Were We Attacked? What Entry Point was Used? When Did the Breach Occur? How Long Were We Exposed? What Transfers Occurred? Which Systems Were Compromised? Bytes per Minute Large File downloaded Min-by-Min View “Forensic analysis is critical to assess damage from a security breach and take proactive steps for future.” – Meta Group Copyright © 2002-2005 AirDefense Proprietary and Confidential. Automated Active Defenses In addition to detection of threats, it is important to protect against intruders and rogues. Enterprise wireless networks need automated protection from security threats that can use multiple mitigation tactics Cisco WLSE Wireless Mitigation AirDefense Server Switch On-command Disconnect Policy-Based Disconnect Authorization Required Audit Trail Maintained Mitigation of the right target due to accurate detection Wired-side Mitigation Public AP PORT ALERT! SUPPRESSED! By Cisco WLSE Detected by AirDefense Rogue AP on Network Laptop – Wired & Wireless Bridge ALERT! TERMINATED! Detected by AirDefense By AirDefense On-command Suppression Policy-Based Suppression Device Reconfiguration Accidental Association Accurate Detection and precise mitigation are very critical to ensure that only rogue devices, associations and intruders are terminated Copyright © 2002-2005 AirDefense Proprietary and Confidential. Self-Managing Platform Source: AirDefense – Over 4000 WLANs analyzed 2. Integration with Infrastructure 1. Secure Platform Sensors Plug-and-go sensors Firewalls on wireless & wired interfaces for protection Appliance Customized hardened OS Communication SSL and digital certs Mutual authentication Instant network device synchronization Integrated & automated security management Integrated database management Integrated data backup With a single click, investigate security incidents across the enterprise Analyze device connectivity and activity as the device roams through the network View communication history to diagnose security or operational issues CiscoWorks WLSE 4. Active Troubleshooting 3. One-Click Analysis Real-time device analysis & tracking Remote packet capture / sniffer capabilities Notification of lost devices Network Availability & Failure history Network Usage & Performance 5. Notification & Alarm Management Adjustable alarm priorities and views Flexible querying and filtering system Multiple notification options (email, pager, SMS, SNMP, Syslog) Notifications by role, location, severity, frequency of alarm SIG. STR. = 0 Copyright © 2002-2005 AirDefense Proprietary and Confidential. Remote Troubleshooting In widely distributed wireless deployments, remote troubleshooting tools are critical to ensure administrators are able to diagnose and correct end-user issues centrally. Heavily Congested Channels Live Real-time Analysis Network Utilization Real-time Analysis Historical Reporting Feature AD Ongoing collection of performance statistics Yes Device connection history Yes Built-in Channel reports for troubleshooting RF problems Feature AD Real-time device analysis Yes Real-time device tracking Yes Real-time Layer 2 decoding Yes Full, remote frame capture Yes Yes Copyright © 2002-2005 AirDefense Proprietary and Confidential. AirDefense Mobile Device Count Device Tree Signal Strength by Channel Frames & Bytes Transferred Top Devices & Channels Copyright © 2002-2005 AirDefense Proprietary and Confidential. AirDefense BlueWatch Identifies different types of Bluetooth devices, including laptops, PDAs, keyboards and cell phones Provides key attributes, including device class, manufacturer and signal strength Illustrates communication or connectivity among various devices Identifies services available on each device, including network access, fax and audio gateway Services by Type Device by Type Detailed Device Info Copyright © 2002-2005 AirDefense Proprietary and Confidential. Customer Testimonials & Videos “… the only solution that met all our requirements.” “… provides the peace of mind .” “… meets both these needs.” “…only product that meets stringent HIPAA requirements” “…the clear market leader and the only viable choice” “… exhaustive search…the only enterprise-class solution" “…put security safeguards” “…maximize our wireless LAN's return on investment.” For Video Testimonials, click: University of Utah Health Sciences Center Copyright © 2002-2005 AirDefense Proprietary and Confidential. Expert Opinion on Wireless Monitoring “Through 2006, 70 % of successful WLAN attacks will be because of the misconfiguration of APs or client software.” “Incorrectly set-up WLANs put the wired LAN as risk as well” “Wireless devices create backdoors for hackers and can render millions of dollars invested in firewalls, IDS and VPNs useless.” “Unmanaged WLANs can jeopardize entire enterprise network, data and operations” “New sophisticated security risks continue to emerge as wireless matures” Copyright © 2002-2005 AirDefense Proprietary and Confidential. Summary 1 Detect Rogues, Associations & Intrusions 4 Health, Troubleshoot, Performance Anywhere, Anytime Wireless Protection Policy Compliance Protect Reputation & Information Locate, Prioritize, Notify 2 Automated Defense, Forensics 3 Copyright © 2002-2005 AirDefense Proprietary and Confidential. Cisco Systems & AirDefense Partnership Integrated Wireless Protection November 2004 Wireless IDS and Current Cisco Support • Cisco SWAN detects, locates and mitigates against rogue APs. CiscoWorks WLSE Network Terminated Rogue AP Cisco Aironet AP Cisco Aironet AP in Sensor Mode gathers data • Cisco and Cisco Compatible Clients Cisco Aironet AP © 2004 Cisco Systems, Inc. All rights reserved. • Cisco also detects clients in ad hoc mode. • In the future, CiscoWorks WLSE will detect, locate and mitigate against intruders and network attacks. 25 Cisco AirDefense Integration Background Wireless is a transient medium and prone to attacks by rogues and hackers Integrated WIDS offerings from wireless infrastructure providers do not have extensive capabilities to detect all rogues and intrusions Signature-based detection is not enough Need for Integrating Best-in-Class Wireless and Wired Infrastructure management System Cisco with enterprise class wireless infrastructure, Wireless Mgmt System Best-in-class Wireless Protection System Most Comprehensive and Accurate Detection; Active Defenses, Forensics & Incident Analysis; Advanced Notification System Multiple detection technologies and correlation engines eliminate false positives Customers get the Best Wireless Infrastructure and Security Copyright © 2002-2005 AirDefense Proprietary and Confidential. Customer Drivers for Integration "As a large customer of Cisco wireless infrastructure and AirDefense wireless IDS, we saw a significant benefit in bringing together the two products to build a highly secure wireless network. The integration of these two major solutions should lower costs and improve security by enabling flexible deployment of IDS capability and will reduce the cost of deployment and ongoing management as well as increase the level of security.” JD Fluckiger, Computer Protection Program Manager, Pacific Northwest National Laboratory "Enterprise-class wireless infrastructure must be properly configured and secured, and must support strong encryption and authentication (802.11i recommended). Wireless monitoring and IDS ensures that the infrastructure remains secure and in compliance with corporate policy and regulatory requirements. Integration of a comprehensive and reliable wireless IDS with a robust wireless infrastructure provides customers the best of both worlds." John Girard, Vice President , Gartner Copyright © 2002-2005 AirDefense Proprietary and Confidential. AirDefense/Cisco Integrated Wireless Protection CiscoWorks WLSE Cisco AP in Sensor Mode AirDefense Server Appliance First Floor, 8 Cisco APs, 1 Sensor Integration Areas Integration of CiscoWorks WLSE & AirDefense Server Integration with Wired Side Infrastructure Cisco AP as a Sensor Integrated Wireless Protection Switching Infrastructure Benefits Reduced Cost of Deployment & Support Comprehensive Detection & Effective Protection Copyright © 2002-2005 AirDefense Proprietary and Confidential. 1. Integrate CiscoWorks WLSE & AirDefense Server CiscoWorks WLSE AirDefense Draws Configuration and Policy Information from CiscoWorks WLSE CiscoWorks WLSE as a Correlation Source - Wired and Wireless information Correlation Source of Information for AirDefense Detection Fault Database Used to Diagnose or Confirm Events AirDefense Provides Alerts and Alarms to CiscoWorks WLSE AirDefense Server Appliance Enables “Detect and Correct” functions Reduce Administrative Overhead Synchronize Authorized APs and Stations Get Device Specifics Details e.g. DNS, IP Address, Wired MAC, Wireless Statistics Advanced Correlation for a Closed Loop System Copyright © 2002-2005 AirDefense Proprietary and Confidential. 2. Integration with Wired Mgt. Infrastructure Found a rogue on my network? Can I do port suppression? It is easy to show a demo of port blocking but in the real-life it is a big challenge. Enterprises have hundreds of switches and thousands of Ethernet ports across scores of locations that a rogue AP or station can connect to… AirDefense has multiple detection & correlation engines to accurately identify threatening APs or stations Cisco dominates Ethernet switching infrastructure and is in the best position to locate and suppress the port a threatening device is connected to Switching Infrastructure CiscoWorks WLSE To locate and block port of a threatening or rogue device: Using jointly developed APIs, AirDefense appliance communicates several key parameters to CiscoWorks WLSE CiscoWorks WLSE in turn works with Cisco switching infrastructure to locate it and block the device port AirDefense Server Appliance Only effective and practical way for wired side protection! Copyright © 2002-2005 AirDefense Proprietary and Confidential. 3. Cisco APs as Dedicated Sensors Cisco AP as Dedicated Sensor Cisco Sensor Feeds AirDefense Server AirDefense Server Appliance Cisco AP Configured in Dedicated Sensor Mode Supports 802.11a/b/g Protocols Fully Configurable Operation for Channel Scanning and Locking Supports all Detection and Alerts Leverages All AirDefense Centralized Intelligence Multi-Engine Detection & Correlation Provides Accurate Detection Single Hardware Platform for Customers to Manage Copyright © 2002-2005 AirDefense Proprietary and Confidential. AirDefense & Cisco Integration Benefits A complete, comprehensive and correlated view improves detection Correlation of wireless data from AirDefense and wired-side data from CiscoWorks WLSE Protection for the wireless and wired network AirDefense detects the rogue/ malicious devices and passes on information to CiscoWorks WLSE which carries out port suppression and also locates the rogues Reduced cost of deployment & ongoing maintenance of network Authorized device info, policies etc can be synchronized and data exchange facilitated For customers with no wireless LAN deployed yet Deploy AirDefense first for rogue protection and then follow up deployment of wireless by deploying Cisco WLANs "Through product development and partnership with industry leaders like Intel and AirDefense, Cisco is expanding the SWAN framework to deliver the security and capacity enterprise wireless LAN customers demand. We'll continue to innovate and expand these partnerships over time to further the leadership we've established with our integrated approach to wired and wireless connectivity.” Bill Rossi, Vice President & General Manager, Wireless Networking Business Unit, Cisco Copyright © 2002-2005 AirDefense Proprietary and Confidential.