TorWUG Meeting Sept. 27

1
TorWUG Meeting Sept. 27
Wireless Security An Enterprise Snapshot
Arun Kumar Wireless Design Specialist
2
Content

• Introduction
• Enterprise WLAN Policy
• Convergence and the Risks
• 5 Fundamentals
• Wireless Technology Landscape A real life
  deployment
• Conclusion

3
Introduction

• The steady growth of wireless in the Enterprise
  demands that corporate IT teams learn and adopt
  new security methodologies tailored to the unique
  requirements and weaknesses of wireless networks
• Network and security staff must first evaluate a
  potentially confusing set of authentication and
  encryption mechanisms to be used in the network

4
Wireless Technology Landscape Customers diverse
communication needs can be met by different
enabling wireless technologies
Wide-Area (1xRTT, 1xEVDO)
Campus/Local (Wireless LAN)
Metropolitan (Wi-Mesh and WiMax)
Sensing/Personal (RFID, Bluetooth)
Coverage
5
Why WLAN Security is Important?
Wireless LAN Infrastructure
CorporateApplications
E-mail
EPR
Voice Clients
Finance andAccounting
ExistingNetwork
SFA
Router /Switch
UserAdmin.
Firewall
Inventory
Internet
CRM
Desktops
Desktops
6
The 802.11 Security Landscape
Enterprise
Increasing design, deployment, and management
complexity and cost
7
WLAN Security Policy

• Depending on the security selected, IT will then
  need to establish and document the corporate WLAN
  security policy, including mechanisms to validate
  user compliance and monitor for inherent network
  vulnerabilities

8
WLAN Security Policy Contd

• With a defined WLAN Security Policy in place, IT
  staff can turn their attentions to protecting the
  network from snooping and an ever expanding list
  of wireless attacks

9
Public Wireless Security - Mobility

• Protection from Eavesdropping
• CDMA inherent over the air security
• Subscriber Fraud
• Strong anti-spoofing technology
• Subscriber Authentication
• Physical security
• controlled network access
• firewalls
• Intrusion Detection systems (IDS,IPS)
• Annual security audit performed by a third party
  firm
• ISO 5900 audit conducted by Deloitte Touche

10
Enhanced Security Wireless Solution

• Features
• 802.11x based technology
• IEEE 802.1x based authentication
• Single Factor Authentication
• Appropriate for medium data sensitivity on-campus
• Dynamic scalable key management
• Centralized policy control
• Session time-out initiates re-authentication and
  new key exchange
• Options
• Device Management
• URL Filtering (acceptable use)
• Rogue host detection
• Wireless IDS
• Vulnerability Assessments

11
Advanced Security Wireless Solution

• Features
• 802.11x based technology
• IEEE 802.1x based authentication
• Two Factor Authentication
• Dynamic scalable key management
• On and Off-Campus security appropriate for high
  data sensitivity
• Centralized policy control
• Directory Integration
• Session time-out initiates re-authentication and
  new key exchange
• Options
• Device Management
• URL Filtering (acceptable use)
• Rogue host detection
• Vulnerability Assessments
• Wireless IDS

12
Wireless Security Methodology
Users
Security Infrastructure
Valued Assets
Authorization
Authentication
Employees
Facilities
Citizens
Networks
What they can access and do
Who they are
Partners
Applications
Suppliers
Information
Administration
What they did
13
Wireless Security Methodology

• Adopt a personal ID system for physical access
  control
• (Radius, Cisco ACS etc.)
• Secure AP configuration
• Choose robust password to ensure higher level
  security
• AES WPA2 Encryption
• MAC ACLs and enable checking in APs
• Change SSID from default, suppress broadcast
• Disable remote SNMP
• Conduct site survey and mount APs
• Deploy VPN overlay (client gateway) with
  integral firewall

14
Convergence
15
Convergence Contd

• Everything that rises must Converge
• -Law of Physics
• Voice and Data networks are no longer separate
  distinct entities. They are converging into
  one interrelated network, a trend that creates
  new and profound security dilemmas. Problem is,
  most corporate executives are unaware of this
  convergence and its potential risks
• What needs to be understood is that the threats
  from the Data world are now transitioning into
  the Voice world
• In essence translates to ONE BIG NETWORK THREAT

16
Security Fundamentals Rethink Your Strategy with
the Wireless Worker in Mind

• Fundamental Change 1
• Require your mobile endpoints to have the same
  level of security as those devices that are
  connecting to the network from inside the network
  perimeter

17
Security Fundamentals Rethink Your Strategy with
the Wireless Worker in Mind

• Fundamental Change 2
• Security policy enforcement logic needs to reside
  on the endpoint
• Fundamental Change 3
• Fixing security deficiencies needs to occur
  automatically and persistently, in real time

18
Security Fundamentals Rethink Your Strategy with
the Wireless Worker in Mind

• Fundamental Change 4
• Layered Security is essential
• Fundamental Change 5
• Controlling Access is crucial to security

19
WLAN / 1xRTT/ 1xEVDOCustomer Deployment
20
Real Life Solutions- MESH
AP Mapping
21
Enterprise Wireless Solutions Offering

Consult Advise
Design Develop
Deploy Implement
Support Operate

• Certified specialists in Wireless LAN (802.11)
  and RFID (Radio Frequency Identification)
• Expertise in barcode and RFID Mobile Computing
  solutions for different industry sectors
• Trained Professional Services team to provide
  end-to-end solutions from consulting through
  implementation
• Solid experience in large scale Wireless LAN,
  Voice over WLAN, RFID and Mobile Computing
  deployment

22
In Conclusion

• Wireless security is not just a technology issue
  . it is also a critical business issue

23
Thank You