1SYMBOL CORPORATE PRESENTATION Wireless IPS 2.0 Comprehensive Protection for WLAN Networks.
-
Upload
horace-mitchell -
Category
Documents
-
view
222 -
download
0
Transcript of 1SYMBOL CORPORATE PRESENTATION Wireless IPS 2.0 Comprehensive Protection for WLAN Networks.
2SYMBOL CORPORATE PRESENTATION
Corporate Network
Barcode Scanner
Parking LotBEACONS
PROBES
PROBES
Accidental Association
Malicious Association
Intruder
Confidential Data
Soft AP
Neighboring WLAN
Rogue Devices signals bleed around physical walls and firewalls
Threats from Wireless Devices
Hardware AP
Wireless Laptop
Ad-Hoc
RogueAccess Point
Intruders or hackers can launch attacks (DoS, Identity Theft) Associations accidental, malicious; peer-to-peer/ad hoc. VPN & Authentication don’t help
Bridging wireless laptops: opens back doors and exposes wired network Wireless Phishing: can hijack users at hotspots (AirSnarf, Hotspotter, Evil Twin)
3SYMBOL CORPORATE PRESENTATION
Symbol Wireless IPS Solution
Real-time MonitoringMultiple Correlation,
Analysis & IDS EnginesIntegrated Reporting
CentralizedServer
AP300Sensor
AP300
Wireless Stations
Hacker
Rogue Access Point
Remote,Secure Browser
AP300Sensor
Scanning 802.11 a/b/gSelective Processing,
Encryption
Centralized Management
Designed for Enterprise Scalability & Central Management
AP300
AP300
4SYMBOL CORPORATE PRESENTATION
Using AP300s as Sensors
• Symbol ships AP300 as a single SKU
• AP300 can be converted to a Sensor (and back to AP)
• Enterprise Class 802.11 a/b/g hardware
• Sensors are independent of wireless switch
• Sensor firmware in flash
• Sensor is IP addressable – can be used across LAN
• 2-radio design allows for better scanning, or scan while terminate
• Coverage for multiple APs
• Monitors all devices in 40,000 – 60,000 square feet (~3700 – 5600 square meters) range
• Typically one deployed for every 4 AP’s
AP300: 802.11a/b/g
5SYMBOL CORPORATE PRESENTATION
Functionality
Most comprehensive wireless intrusionprevention functionality
Automated threat & rogue mitigation
Centralized policy definition, monitoring & enforcement
Industry regulation compliance monitoring
Enterprise-ready solution
Secure & hardened server
Centrally-Managed
Remote troubleshooting of WLANs
Detailed reporting
RogueManagement
RogueManagement
AdvancedDetectionAdvancedDetection
AutomatedDefenses
AutomatedDefenses
ForensicAnalysisForensicAnalysisAnywhere ProtectionAnywhere Protection
6SYMBOL CORPORATE PRESENTATION
Automated DefensesAutomated, policy-basedActive DefensesWireless or wired-side mitigation
3
Total Wireless Intrusion Protection
Threat-based Rogue ManagementAnalyze real rogue threats (vs. long list of rogues)Pinpoint Rogue on my NetworkLocate, Terminate
1
Attack/ Threat Detection
Most accurate & comprehensive detectionKnown & day zero attacks
2
5
Forensic Analysis
Incident analysisWhat, when, how, who?
Anywhere ProtectionThreats to mobile usersNotify, enforce policy Enterprise Integration
4
Rogue ThreatManagement
AdvancedDetection
AutomatedDefenses
ForensicAnalysis
AnywhereProtection
7SYMBOL CORPORATE PRESENTATION
Threat-based Rogue Management
Detect Rogue Devices / Associations Hardware APs, Soft APs Wireless ready laptops Specialty Devices (barcode scanners) Ad-hoc networks Accidental/ Malicious Associations
1
Calculate Threat Index Threat-based Management Partitioning of Friendly Neighboring
Networks till they get malicious2
Analyze Rogue Connections In-depth analysis of the activity
level of each rogue How long it existed Who was connected to the rogue What and how much data transmitted
3Locate Rogue Devices
Real-time accurate location tracking of all devices (release 2)
No client software required
4
Terminate Rogue Devices Policy-based & manual termination Via air – AirLockdown Wired port suppression (release 2)
5
Highest Risk
Innocent Neighbor AP
Least Risk
Connection to Neighbor AP
Rogue AP inmy building
Connection toRogue AP &
transferring data
Rogue APon My
Network
8SYMBOL CORPORATE PRESENTATION
Accurate Detection of Threats & Attacks
Correlation Across Sensors
Stateful Analysis
Sta
tist
ical
Bas
e-lin
ing
an
d A
gg
reg
atio
n
AnomalousBehavior
ProtocolAbuse
SignatureAnalysis
PolicyManager
Co
rrel
atio
n
Goal: Detect all known and day zero threat and attacks reliably
Challenge: It is a race with hackers. New threats are evolving rapidly
Simple threats & issues can be detected at the
sensorACCURATE
ALARMSThreatIndex
Multiple Detection Technologies are required for accurate & comprehensive detection
Many threats require correlation across sensors
(certain identity theft)
Day Zero attacks require anomalous behavior analysis
Correlation across multiple detection engines reduces false positives
Focus on threat index by location or sensor rather than individual alarms
9SYMBOL CORPORATE PRESENTATION
Ensures Policy Compliance
Adopt security policies and procedures to address the security weaknesses of the wireless environment
DODDHS
SOX HIPAAGLBAFDIC OCC
Symbol Enables Compliance with
Monitor for Compliance Compliance with Corporate,
regulatory requirements? Network performing
correctly?
Monitor for ComplianceMonitor for Compliance
Enforce• Turn off SSID broadcast• Change channel of AP• Terminate
Enforce
Define Policy
Security Configuration; VLANs Performance Vendor / Channel
Define Policy
Closed Loop Compliance
MonitorMonitor
EnforceEnforce
DefineDefine
10SYMBOL CORPORATE PRESENTATION
Operational Support:Remote Troubleshooting
In widely distributed wireless deployments, remote troubleshooting tools are critical to ensure administrators are able to diagnose and correct end-user issues centrally.
Ongoing collection of performance statistics
Device connection history Built-in Channel reports for
troubleshooting RF problems
Historical Analysis
Real-time device analysis Real-time device tracking Real-time Layer 2 decoding Full, remote frame capture
Real-time AnalysisLive Real-time Analysis
Heavily Congested Channels
Network Utilization
11SYMBOL CORPORATE PRESENTATION
Self-Managing Platform
High Performance Zero-Config Sensors
Secure Sensors SSL/Digital Certificates Hardened OS
WLAN Management Device/Security/DB Mgmt Tivoli, OpenView
Adjustable Views Notify by Role, Location
Accurate Termination Policy based Rules
Easy to Deploy & Manage
DEPLOYABLE
MANAGEABLE
13SYMBOL CORPORATE PRESENTATION
Wireless IPS: New Features
• Enhanced GUI
• Location services
• Increased Visibility to Threats
• Improved Control and Response
• Increased Scalability and Depth of Forensic Analysis
• VISA CISP reporting
14SYMBOL CORPORATE PRESENTATION
• Multiple Dashboards based on administrative roles
• Domain-based partitioning to allow full or partial access
• New advanced filtering options
• Easy recreation of events for on-going customer support
Enhanced GUI – An Intuitive Interface for Manageability
Manager Dashboard
Performance Dashboard
Role-based Dashboards
15SYMBOL CORPORATE PRESENTATION
Sensor-less Rogue Detection and Correlation• Ability to detect rogue wireless devices in “No Wireless” environments through wired-
side rogue discovery
• Correlated rogue detection with sensors and wired rogue discovery for optimized security at lowest cost
Built-In Location Tracking• Network Map providing full connectivity information at a glance• Built-in RF triangulation based location tracking with advanced path loss algorithm• Architected for the future: integrate other best-in-class location engines
Network Mapping and Location
Signal Triangulation
Network Map
Location Tracking
16SYMBOL CORPORATE PRESENTATION
• Tooled to Detect over 200 Events
• Enhanced event correlation and historical trending
• Adaptive learning based on statistical analysis of events over time
• Simultaneous adaptive scanning provides increased visibility across the wireless network
Increased Visibility to Threats
Rogue Device Analysis
Key Security Metrics including overall threat level; Rogue threats; Intrusion threats; Policy Compliance;Threats to wireless stations and List of Alarms.
17SYMBOL CORPORATE PRESENTATION
• Enhanced Wireless or Wired-side termination methods–AirLockdown executed across multiple sensors
–Wired port suppression
• Continuous scanning of network during AirLockdown process provides uninterrupted protection from attack
• Simultaneous termination of multiple rogues
• Full auditability of the termination action
• Flexible notification options
Enhanced Control and Response
Threat Mitigation is automated, simple and
policy-driven
18SYMBOL CORPORATE PRESENTATION
• Increased Scalability for Enterprise Deployments
• 100,000 concurret wireless devices
• 300 sensors/servers
• Low wide area network bandwidth utilization (3-5Kbps)
• RF Review with Forensic Analysis • More data collected and stored over a long period of time
• Adaptive learning system – even fewer false positives
• Ability to easily replay events
Increased System Scalability and Depth of Forensic Analysis
19SYMBOL CORPORATE PRESENTATION
Expanded Compliance and Management Reporting
• Compliance reports include GLBA, HIPAA, DoD, Sarbanes Oxley, Visa-CISP, PCI
• Vulnerability Assessment
Platform Management and Reporting
Secure and Simplified Platform Management
• ‘Secure Platform’ available for selected hardware appliance
• Continued self-health monitoring for system integrity
• Fail safe architecture
Management Reporting
20SYMBOL CORPORATE PRESENTATION
Service Features
Purchasing annual support for Wireless IPS entitles customers to:
• 24 x 7 Ready-Access to Technical Resources
• Telephone and e-mail support
• Problem isolation, analysis and resolution of software operational issues
• Product Updates
• Major and Minor releases of software and documentation
• Access to MySymbolCare
• Service website for electronic distribution of support information including support management tools, product and technical literature, and more.
NOTE: Wireless IPS Software Support does not include hardware repair or replacement coverage for the AP300 sensors. Any required hardware repair or replacement would be covered under the AP300
21SYMBOL CORPORATE PRESENTATION
Wireless IPS Symbol Advantages
Comprehensive security coverage of in-building, perimeter, and parking lots• Utilizes “thin” sensor technology, AP300.
• Fast channel switching to avoid “RF blind-spots”
• Capture & Scanning simultaneously – (2 Radio Advantage)
High Availability System: • Server technology to recover from server and sensor network outages
• Real time vs. Off-line 802.11 protocol analysis – essential for proper troubleshooting
• Easily Scalable to over 100,000 MU’s
Accurate Reporting• Correlation of attacks over multiple sensors to avoid False Positives
• Configurable alarm thresholds and alerts
Scalability for distributed environments:• Low WAN bandwidth usage with Split-Analysis in the sensor
Low Cost of Maintenance• Easy, centralized updates
Low Cost of Installation• Uniform ceiling infrastructure (same AP300 SKU)
Added Flexibility• Sensor can be converted to Access Port in case of AP failure