wireless (in)security & wireless intrusion prevention ... wips wifi knowledge summit blr.pdf ·...

Confidential. Copyright © Arista 2019. All rights reserved.Confidential. Copyright © Arista 2019. All rights reserved.1

Wireless (In)Security &

Wireless Intrusion Prevention Technology for

Complete Security

Kiran Deshpande, Co-Founder – Mojo Networks

[email protected]

Confidential. Copyright © Arista 2019. All rights reserved.

WEP, WPA, WPA2

Rogue AP

Misconfigured

AP

Re-establish your network security perimeter

Guest

Access

Firewall

Wired IPS

SPAM/AV

URL filtering

Protect mobile wireless user

External APs

Ad hoc

connections

Wi-Phishing

Honeypots

Other network

interfaces: Bluetooth,

Infrared, 1394 etc.Detachable

interfaces:

2.5G/3G data-

cards, WiFi

adapters

Eavesdropping

Unauthorized

Access

Cracking Exploits

MAC spoofing attacks

Denial of Service

Wi-Phishing

Honeypots

External

Users

External

APs


Poorly secured

enterprise WiFiRogue Client

Rogue AP

Unauthorized WiFi

on enterprise LAN

3G

External AP

Evil Twin

Mobile Hotspot

Internal users bypassing

enterprise security

WiFi can compromise enterprise security in

unforeseen ways


AuthorizedConnected to the network

Following the security policy

ExternalNot connected to the network

Visible in the air

RogueConnected to the network Violating the security policy

AuthorizedConnected to an authorized AP

ExternalConnected to an external AP

Access Points ClientsConnections

GuestConnected to the guest network

Following the Guest security policyGuest

Connected to a Guest AP

Ignore

Block

Allow


WiF i c an c r e ate a b ac k d o o r to an en te rp r i s e

n e tw o rk m ak in g th e en ti r e n e tw o rk an d d e v i c e s

v u ln e rab le . P r e v a le n t IT S e c u r i ty S ta te -o f -T h e -

A r t d o e s n o t p ro te c t n e tw o rk s fr o m WiF i b as ed

attac k s as ai r b e c o m e s m ed iu m o f

c o m m u n ic atio n an d WiF i n e tw o rk s in te r s p e r s e

o n e an o th e r . It re q u i r e s a d i f fe r e n t s e t o f

te c h n iq u e s an d te c h n o lo g ie s


WEP, WPA, WPA2

Rogue AP

Misconfigured

AP

Re-establish your network security perimeter

Guest

Access

Firewall

Wired IPS

SPAM/AV

URL filtering

Eavesdropping

Unauthorized

Access

Cracking Exploits

MAC spoofing attacks

Denial of Service

Wi-Phishing

Honeypots

External

Users

External

APs

• NAC can block hard-wired rogue APs

• NAC cant - block soft rogue APs

- block an ad-hoc connections

- block users connecting to external WiFi

- block Smartphone tethering


Building - A Building - BNo WiFi Premise

Internet Corporate Firewall

WIPS/WiFi Console

• Core WIPS Capabilities

– Accurate classification of devices & threats

– Reliable prevention of all WiFi threats

– Precise location tracking of WiFi users

– Auto detection & control of smart devices

– Location based policy manager

– Compliance reporting

– Combo (WIPS + WiFi) device

• Enterprise deployment– Scalable tenant architecture

– Central console

– Ease of use

WIPS Sensors / WiFi Devices

Overlay ArchitectureFunctionality


Patented WiFi Classification

Sensor radios

Rogue AP

Wired Marker

Wired Marker

Wireless MarkerTrunk port on

the switch

Wireless Marker

Arista Secure WiFi

Management Console


Auto-classification

Competition

RogueExternal

Authorized

Rogue (?)

Rogue (?)

Undetected

Rogues

False alarms

Automatic, quick

&“Out of the box”

Complex rules &

false alarms

Classification – Identifying Bad Guys Quickly & Decisively


•

•

•

•

•


Planning Input• Site Information

• Devices Make & Model

17

RSSI



WiFi Access Planning• Device Redundancy• Minimum Signal Strength• User Density• WiFi Client XMT Power

Deliverables

• Bill of Materials• RF Maps• Statistics• Planning Report• Site Model• Site Calibration

17

Network Planning• Coverage• Throughput

Security Planning• Intrusion Detection• Intrusion Prevention





WiFi Sensor Planning• Device Redundancy• External Coverage• WiFi Client XMT Power


• Quarantine APs if connected to enterprise network• Prevent WiFi connections to / from WiFi clients

• Secure entire network from WiFi based attacks• Secure WiFi devices from untrusted nearby WiFi devices• Detect & prevent DoS attacks on enterprise WiFi

• Establish RF visibility throughout the enterprise• WiFi vendor agnostic monitoring and forensics

No WiFi

Secure WiFi

• RBI, MCIT, MHA, PCI, ISO 27000 and others….

Monitoring

Compliance

wireless (in)security & wireless intrusion prevention ... wips wifi knowledge summit blr.pdf ·...

Documents