SlideShare a Scribd company logo

AirTight Networks WIPS at Wireless Field Day 6 WFD6

AirTight Networks
AirTight Networks

AirTight Networks WIPS at Wireless Field Day 6 WFD6 by Hemant Chaskar

TechnologyBusiness
1 of 18
Download to read offline
@AirTight WIPS #WFD6 Jan 29, 2014 Part 1: WIPS Product Demo @RickLikesWIPS Rick Farina Part 2: Technology Deep Dive @CHemantC Hemant Chaskar © 2014 AirTight Networks, Inc. All rights reserved. 1
AirTight WIPS § Overlay WIPS or WIPS as part of AirTight APs § Best in the industry § Customer base of 1500+ enterprises including large/Fortune companies, Government & DoD § Extensive patent portfolio © 2014 AirTight Networks, Inc. All rights reserved. 2
WIPS Basics § WIPS addresses threat vectors orthogonal to WPA2 § Offers protection for both - Wired network (e.g. rogue APs), and - Wireless clients/connections (e.g. Evil Twin) § Requires scanning all channels (not just managed AP channels) - Dedicated & background scanning radios 3 © 2014 AirTight Networks, Inc. All rights reserved.
WPA2 and WIPS BYOD 4 © 2014 AirTight Networks, Inc. All rights reserved.
Traditional Approach § User defined rules for classifying devices as managed, neighbor, rogue § Signature matching on packet fields to detect attack tools § Packet statistics based anomaly detection § Lots of alerts § Manual intervention driven reactive workflow © 2014 AirTight Networks, Inc. All rights reserved. 5
User Defined Rules Are No Match For Wireless Environ § Requires cumbersome configuration of rules § Can’t keep up with dynamic wireless environment © 2014 AirTight Networks, Inc. All rights reserved. 6
User Defined Rules Are More Nuisance Than Help § Device alerts, false alarms, manual intervention to act on alerts § Fear of automatic prevention © 2014 AirTight Networks, Inc. All rights reserved. 7
Signature Matching On Packets Is False Alarm Prone § All attack tools don’t have signatures § Signature fields in tools are modifiable § Signatures lag attack tools § Result: Signatures matching approach creates abundant false positives & negatives Does anyone still think that (SSID) signatures is good idea? © 2014 AirTight Networks, Inc. All rights reserved. 8
Packet Anomaly Detection On Unknown Thresholds § Inaccurate stats based on partial observation - Scanning Sensor - RSSI limitations § It doesn’t help to give threshold comparators, when users don’t know the right thresholds - Right threshold to catch real threats, while avoiding false alarms © 2014 AirTight Networks, Inc. All rights reserved. 9
Changing the Status Quo Traditional Approach AirTight Approach WIPS Compass © 2014 AirTight Networks, Inc. All rights reserved. 10
Traditional vs AirTight § Overhead of user defined rules for device categorization § Signatures & threshold anomaly detection § Out of box auto-classification into intrinsic categories § Proactive blocking of risky connections § Constant manual intervention § Highly automated § Alert flood § Concise alerts § Fear of automatic prevention § Reliable automatic prevention © 2014 AirTight Networks, Inc. All rights reserved. 11
AP Auto-classification into Foundation Categories § No user configured rules (SSID, OUI, RSSI, …), § Runs 24x7 Unmanaged APs (Dynamic Part) All APs visible Managed APs (Static Part) Authorized APs External APs © 2014 AirTight Networks, Inc. All rights reserved. Rogue APs 12
Marker Packets™ for Connectivity Detection § No reliance on managed switch infra (CAM tables) § Prompt detection with localized operation for any network size AirTight Device § No false negatives: No “suspects” in neighbor category (like in wired & wireless MAC co-relation) § No false positives: No “legal disclaimers” in automatically AirTight Device containing real rogues © 2014 AirTight Networks, Inc. All rights reserved. 13
Client Auto-classification Connects to secure Authorized AP: Authorized Client Additional ways to autoclassify Clients: Newly discovered Client: Uncategorized Connects to External AP: External Client Integration APIs with leading WLAN controllers to fetch Authorized Clients list. Import MAC addresses of Authorized Clients from file. Connects to Rogue AP: Rogue Client © 2014 AirTight Networks, Inc. All rights reserved. 14
AirTight WIPS Security Policy AP Classification Authorized APs Block Misconfig Policy GO Detect DoS Client Classification Authorized Clients STOP Rogue APs (On Network) Neighborhood APs Rogue Clients STOP IGNORE Neighborhood Clients DETECT AND BLOCK RED PATHS! © 2014 AirTight Networks, Inc. All rights reserved. 15
Reliable prevention § One size doesn’t fit all • There are many permutations & combinations on connection type & Wi-Fi interface hw/sw § Bag of tricks for comprehensive prevention • Deauth, timed deauth, client chasing, ARP manipulation, cell splitting, wireless side, wired side © 2014 AirTight Networks, Inc. All rights reserved. 16
Accurate Location Tracking § Stochastic triangulation – maximum likelihood estimation based technique § No need for RF site survey § No search squads to locate Wi-Fi devices § 15 ft accuracy in most environments © 2014 AirTight Networks, Inc. All rights reserved. 17
Why AirTight WIPS? Automatic Device Classification Cloud Managed or Onsite Reliable Threat Prevention Detailed Compliance Reporting © 2014 AirTight Networks, Inc. All rights reserved. Ease of Operation & Lowest TCO Accurate Location Tracking 18

Recommended

AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011
Risk Analysis Consultants, s.r.o.
 
AirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSPAirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSP
AirTight Networks
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
BGA Cyber Security
 
Top 5 wi fi security threats
Top 5 wi fi security threatsTop 5 wi fi security threats
Top 5 wi fi security threats
gruzabb
 
The Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and Lancope
Cisco Enterprise Networks
 
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Aruba, a Hewlett Packard Enterprise company
 
Application Framework - Palo Alto Networks
Application Framework - Palo Alto NetworksApplication Framework - Palo Alto Networks
Application Framework - Palo Alto Networks
Harry Gunns
 
Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)
Ryan Orsi
 

Recommended

AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011
Risk Analysis Consultants, s.r.o.
 
AirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSPAirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSP
AirTight Networks
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
BGA Cyber Security
 
Top 5 wi fi security threats
Top 5 wi fi security threatsTop 5 wi fi security threats
Top 5 wi fi security threats
gruzabb
 
The Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and Lancope
Cisco Enterprise Networks
 
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Aruba, a Hewlett Packard Enterprise company
 
Application Framework - Palo Alto Networks
Application Framework - Palo Alto NetworksApplication Framework - Palo Alto Networks
Application Framework - Palo Alto Networks
Harry Gunns
 
Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)
Ryan Orsi
 
Palo Alto Virtual firewall deployment Architecture
Palo Alto Virtual firewall deployment Architecture Palo Alto Virtual firewall deployment Architecture
Palo Alto Virtual firewall deployment Architecture
Ajeet Singh
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
Castleforce
 
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security ThreatsBank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
Michelle Morgan-Nelsen
 
Palo Alto Networks - Magnifier
Palo Alto Networks - MagnifierPalo Alto Networks - Magnifier
Palo Alto Networks - Magnifier
Jisc
 
ClearPass Guest Overview
ClearPass Guest Overview ClearPass Guest Overview
ClearPass Guest Overview
Aruba, a Hewlett Packard Enterprise company
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
JoAnna Cheshire
 
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesSave Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Lancope, Inc.
 
i7 pregerine7 - Agentless byod security for Enterprises
i7 pregerine7 - Agentless byod security for Enterprisesi7 pregerine7 - Agentless byod security for Enterprises
i7 pregerine7 - Agentless byod security for Enterprises
i7Networks
 
Palo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-shortPalo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-short
Ten Sistemas e Redes
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15
Lancope, Inc.
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
Rahul Neel Mani
 
Fortinet ixia ottawa, june 2013
Fortinet ixia ottawa, june 2013Fortinet ixia ottawa, june 2013
Fortinet ixia ottawa, june 2013
juliankanarek
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirements
Aruba, a Hewlett Packard Enterprise company
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
BAKOTECH
 
Why choose pan
Why choose panWhy choose pan
Why choose pan
Achmad Yudo
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
Belsoft
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Erin Sweeney
 
Adaptive Trust for Strong Network Security
Adaptive Trust for Strong Network SecurityAdaptive Trust for Strong Network Security
Adaptive Trust for Strong Network Security
Aruba, a Hewlett Packard Enterprise company
 
Defining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access NetworksDefining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access Networks
Aruba, a Hewlett Packard Enterprise company
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
BAKOTECH
 
FAQ - Rogue AP - What is Rogue Access Point?
FAQ - Rogue AP - What is Rogue Access Point?FAQ - Rogue AP - What is Rogue Access Point?
FAQ - Rogue AP - What is Rogue Access Point?
Tũi Wichets
 
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAdvanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 

More Related Content

What's hot

Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
Castleforce
 
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesSave Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Lancope, Inc.
 
Palo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-shortPalo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-short
Ten Sistemas e Redes
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15
Lancope, Inc.
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
BAKOTECH
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Erin Sweeney
 

What's hot (17)

Palo Alto Virtual firewall deployment Architecture
Palo Alto Virtual firewall deployment Architecture Palo Alto Virtual firewall deployment Architecture
Palo Alto Virtual firewall deployment Architecture
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
 
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security ThreatsBank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
 
Palo Alto Networks - Magnifier
Palo Alto Networks - MagnifierPalo Alto Networks - Magnifier
Palo Alto Networks - Magnifier
 
ClearPass Guest Overview
ClearPass Guest Overview ClearPass Guest Overview
ClearPass Guest Overview
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
 
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesSave Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
 
i7 pregerine7 - Agentless byod security for Enterprises
i7 pregerine7 - Agentless byod security for Enterprisesi7 pregerine7 - Agentless byod security for Enterprises
i7 pregerine7 - Agentless byod security for Enterprises
 
Palo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-shortPalo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-short
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
 
Fortinet ixia ottawa, june 2013
Fortinet ixia ottawa, june 2013Fortinet ixia ottawa, june 2013
Fortinet ixia ottawa, june 2013
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirements
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
 
Why choose pan
Why choose panWhy choose pan
Why choose pan
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
 

Similar to AirTight Networks WIPS at Wireless Field Day 6 WFD6

FAQ - Rogue AP - What is Rogue Access Point?
FAQ - Rogue AP - What is Rogue Access Point?FAQ - Rogue AP - What is Rogue Access Point?
FAQ - Rogue AP - What is Rogue Access Point?
Tũi Wichets
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
Chrysostomos Christofi
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
NowSecure
 
The New Economics of Wi-Fi _ Disruptive Forces Driving Innovation for Carrier...
The New Economics of Wi-Fi _ Disruptive Forces Driving Innovation for Carrier...The New Economics of Wi-Fi _ Disruptive Forces Driving Innovation for Carrier...
The New Economics of Wi-Fi _ Disruptive Forces Driving Innovation for Carrier...
AirTight Networks
 
Secure Enterprise Mobility
Secure Enterprise MobilitySecure Enterprise Mobility
Secure Enterprise Mobility
Aruba, a Hewlett Packard Enterprise company
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
sudip pudasaini
 

Similar to AirTight Networks WIPS at Wireless Field Day 6 WFD6 (20)

Adaptive Trust for Strong Network Security
Adaptive Trust for Strong Network SecurityAdaptive Trust for Strong Network Security
Adaptive Trust for Strong Network Security
 
Defining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access NetworksDefining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access Networks
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
 
FAQ - Rogue AP - What is Rogue Access Point?
FAQ - Rogue AP - What is Rogue Access Point?FAQ - Rogue AP - What is Rogue Access Point?
FAQ - Rogue AP - What is Rogue Access Point?
 
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAdvanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
 
Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
 
Protecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricProtecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabric
 
The New Economics of Wi-Fi _ Disruptive Forces Driving Innovation for Carrier...
The New Economics of Wi-Fi _ Disruptive Forces Driving Innovation for Carrier...The New Economics of Wi-Fi _ Disruptive Forces Driving Innovation for Carrier...
The New Economics of Wi-Fi _ Disruptive Forces Driving Innovation for Carrier...
 
Shanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPassShanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPass
 
Secure Enterprise Mobility
Secure Enterprise MobilitySecure Enterprise Mobility
Secure Enterprise Mobility
 
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
 
Neudesic IoT HIMSS Healthcare
Neudesic IoT HIMSS HealthcareNeudesic IoT HIMSS Healthcare
Neudesic IoT HIMSS Healthcare
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real World
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg
 

More from AirTight Networks

Wi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise ThyselfWi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise Thyself
AirTight Networks
 

More from AirTight Networks (20)

Is 11ac Right for Your Network?
Is 11ac Right for Your Network?Is 11ac Right for Your Network?
Is 11ac Right for Your Network?
 
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
 
Wi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise ThyselfWi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise Thyself
 
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
 
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
 
AirTight social wifi solution brief
AirTight social wifi solution briefAirTight social wifi solution brief
AirTight social wifi solution brief
 
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
 
Survey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise SecuritySurvey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise Security
 
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
 
Non WiFi interference combat guide 1
Non WiFi interference combat guide 1Non WiFi interference combat guide 1
Non WiFi interference combat guide 1
 
WPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQsWPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQs
 
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation StrategiesWPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
 
Conquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the EnterpriseConquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the Enterprise
 
Windows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the EnterpriseWindows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the Enterprise
 
802.11w Tutorial
802.11w Tutorial802.11w Tutorial
802.11w Tutorial
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
 
Retail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsRetail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—Recommendations
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your Enterprise
 
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
 

Recently uploaded

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 

Recently uploaded (20)

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

AirTight Networks WIPS at Wireless Field Day 6 WFD6

  • 1. @AirTight WIPS #WFD6 Jan 29, 2014 Part 1: WIPS Product Demo @RickLikesWIPS Rick Farina Part 2: Technology Deep Dive @CHemantC Hemant Chaskar © 2014 AirTight Networks, Inc. All rights reserved. 1
  • 2. AirTight WIPS § Overlay WIPS or WIPS as part of AirTight APs § Best in the industry § Customer base of 1500+ enterprises including large/Fortune companies, Government & DoD § Extensive patent portfolio © 2014 AirTight Networks, Inc. All rights reserved. 2
  • 3. WIPS Basics § WIPS addresses threat vectors orthogonal to WPA2 § Offers protection for both - Wired network (e.g. rogue APs), and - Wireless clients/connections (e.g. Evil Twin) § Requires scanning all channels (not just managed AP channels) - Dedicated & background scanning radios 3 © 2014 AirTight Networks, Inc. All rights reserved.
  • 4. WPA2 and WIPS BYOD 4 © 2014 AirTight Networks, Inc. All rights reserved.
  • 5. Traditional Approach § User defined rules for classifying devices as managed, neighbor, rogue § Signature matching on packet fields to detect attack tools § Packet statistics based anomaly detection § Lots of alerts § Manual intervention driven reactive workflow © 2014 AirTight Networks, Inc. All rights reserved. 5
  • 6. User Defined Rules Are No Match For Wireless Environ § Requires cumbersome configuration of rules § Can’t keep up with dynamic wireless environment © 2014 AirTight Networks, Inc. All rights reserved. 6
  • 7. User Defined Rules Are More Nuisance Than Help § Device alerts, false alarms, manual intervention to act on alerts § Fear of automatic prevention © 2014 AirTight Networks, Inc. All rights reserved. 7
  • 8. Signature Matching On Packets Is False Alarm Prone § All attack tools don’t have signatures § Signature fields in tools are modifiable § Signatures lag attack tools § Result: Signatures matching approach creates abundant false positives & negatives Does anyone still think that (SSID) signatures is good idea? © 2014 AirTight Networks, Inc. All rights reserved. 8
  • 9. Packet Anomaly Detection On Unknown Thresholds § Inaccurate stats based on partial observation - Scanning Sensor - RSSI limitations § It doesn’t help to give threshold comparators, when users don’t know the right thresholds - Right threshold to catch real threats, while avoiding false alarms © 2014 AirTight Networks, Inc. All rights reserved. 9
  • 10. Changing the Status Quo Traditional Approach AirTight Approach WIPS Compass © 2014 AirTight Networks, Inc. All rights reserved. 10
  • 11. Traditional vs AirTight § Overhead of user defined rules for device categorization § Signatures & threshold anomaly detection § Out of box auto-classification into intrinsic categories § Proactive blocking of risky connections § Constant manual intervention § Highly automated § Alert flood § Concise alerts § Fear of automatic prevention § Reliable automatic prevention © 2014 AirTight Networks, Inc. All rights reserved. 11
  • 12. AP Auto-classification into Foundation Categories § No user configured rules (SSID, OUI, RSSI, …), § Runs 24x7 Unmanaged APs (Dynamic Part) All APs visible Managed APs (Static Part) Authorized APs External APs © 2014 AirTight Networks, Inc. All rights reserved. Rogue APs 12
  • 13. Marker Packets™ for Connectivity Detection § No reliance on managed switch infra (CAM tables) § Prompt detection with localized operation for any network size AirTight Device § No false negatives: No “suspects” in neighbor category (like in wired & wireless MAC co-relation) § No false positives: No “legal disclaimers” in automatically AirTight Device containing real rogues © 2014 AirTight Networks, Inc. All rights reserved. 13
  • 14. Client Auto-classification Connects to secure Authorized AP: Authorized Client Additional ways to autoclassify Clients: Newly discovered Client: Uncategorized Connects to External AP: External Client Integration APIs with leading WLAN controllers to fetch Authorized Clients list. Import MAC addresses of Authorized Clients from file. Connects to Rogue AP: Rogue Client © 2014 AirTight Networks, Inc. All rights reserved. 14
  • 15. AirTight WIPS Security Policy AP Classification Authorized APs Block Misconfig Policy GO Detect DoS Client Classification Authorized Clients STOP Rogue APs (On Network) Neighborhood APs Rogue Clients STOP IGNORE Neighborhood Clients DETECT AND BLOCK RED PATHS! © 2014 AirTight Networks, Inc. All rights reserved. 15
  • 16. Reliable prevention § One size doesn’t fit all • There are many permutations & combinations on connection type & Wi-Fi interface hw/sw § Bag of tricks for comprehensive prevention • Deauth, timed deauth, client chasing, ARP manipulation, cell splitting, wireless side, wired side © 2014 AirTight Networks, Inc. All rights reserved. 16
  • 17. Accurate Location Tracking § Stochastic triangulation – maximum likelihood estimation based technique § No need for RF site survey § No search squads to locate Wi-Fi devices § 15 ft accuracy in most environments © 2014 AirTight Networks, Inc. All rights reserved. 17
  • 18. Why AirTight WIPS? Automatic Device Classification Cloud Managed or Onsite Reliable Threat Prevention Detailed Compliance Reporting © 2014 AirTight Networks, Inc. All rights reserved. Ease of Operation & Lowest TCO Accurate Location Tracking 18