W&M 2009 –Unified, corporate-wide, Wireless Threat Management

Geode Networks Europe Ltd – Independent Technology Consulting © 2009

Unified Wireless Threat Management

Presented byAndy de Clerck

Geode Networks Europe Ltd


Title: Unified, corporate-wide, Wireless Threat Management

14:30 PM - 15:00 PMPresented by: Andy de Clerck (Technical Director) - Geode Networks Europe Ltd

Abstract: Exploring how organisations can monitor and defend networks against wireless security threats.

Wireless Threat Management enables organisations to proactively protect networks and data against wireless-enabled attacks whilst addressing all of the security issues related to the widespread use of wireless technologies (wireless, cellular and broadband radio).

Unified Wireless Threat Management


The Risk is Now Detached & Nomadic

Mobile Phones

SMS

Calls

Email

Beaconing

Broadband Cards

Laptop

802.11

Access Points

Bridges

Wi-Fi VoIP

Wireless Clients

Bluetooth

USB


Definition & Understanding

Computers

Mobile Devices

Information

Applications

Networks / Infrastructure

Assets At Risk!

Attack!

Attack!

Attack!

Attack!

Threat DirectionInternal to Internal

External to Internal

Threat TargetInternal Data AssetInternal Disruption

Threat HighwayInternal Connection RequiredDirect/Wireless/Remote/VPN

Threat DetectionNetwork Based

Connection Oriented


3rd Dimensional Threat

Computers

Mobile Devices

Information

Applications

Networks / Infrastructure

Assets At Risk!

Attack!

Attack!

Attack!

Attack!

Threat DirectionInternal to External External to External

Threat TargetMobile DeviceLaptop

Threat HighwayWirelessBluetoothUSB

Threat DetectionDisconnected

Traditional Tools struggle


The Risk is Mobility (Not Just Wireless)

Unification of business applications and the advantages of true mobility within a workforce or environment has created new threats or has it?

New terms in use such as IP Leakage bring new policy thoughts

Security threat has evolved, just as it did when the Internet took hold

The unknown just got bigger and broader

Business Assets have always been at risk

Laptops are left in public places

Over shoulder snooping

Workers operating in public areas

Common thread….. Mobile / Nomadic / Portable connected devices

3G/4G/Internet


The Risk is Now Detached & Nomadic

Mobile Smart Phone

802.11abgn devices

Bluetooth

USB

Laptop

Do you know where your data is going?

Locate the threatening device

Secure the disconnected asset

Address the leak potential


Data Leak from the 3rd Dimension

Mobile Phones

SMS

Calls

Email

Beaconing

Broadband Cards

Laptop

802.11

Access Points

Bridges

Wi-Fi VoIP

Wireless Clients

Bluetooth

USB


Trusted Access Point

Rogue Access Point or Laptop

Identify the Threat

Corporate Network

Public Broadcast


Trusted Access Point

Trusted Laptop

Secu

re Privileg

ed Z

on

e

Securing the perimeterDisallow Association

even to trusted devices outside of defined zones

Secure Internally & Externally By Policy


Trusted Phone

Active / Rogue phone

Cellular Threats

Information is leaked via Mobile Phones, these

are a huge risk!

VoiceSMSEmail

PhotographsInternet

Bluetooth

Secu

re Privileg

ed Z

on

e


– Playback of Past Events: • Web-based application reads from web server and database for replay of

Cell Phone/WiFi activity

– Database• Oracle or MySQL database • Database read in real-time or post-event• Database can be local or remote

– Remote Monitoring: • Remote real-time monitoring of system by accessing database & web server

via web applications• Forensic replay of events by accessing database & web server with web

application

Forensic Usage


•Violation of Wireless Security Policies (e.g. unencrypted transmissions, association with unauthorized APs, no VPN usage).

• Dual-homing – multiple simultaneous network connections.

• Violation of USB Mass Memory, Video, Bluetooth Security Policies.

Enforces security policies defined by Admin in Policy Manager When a wired network connection is present, Client disables laptop’s 802.11 and Cellular Broadband devices Client also used to disable classes of USB devices such as Mass Memory Devices, Bluetooth Devices, etc.

Mobile End Point Leakage


Key Elements of Delivering Security – CARE-NET

Communication Security• Protection of data and voice

communications between designated endpoints.

Authorisation & Access Control• Support of multi-level security measures

by implementing identity or role based access control on applications, application server, 802.1x etc

Reliability & Resilience• Tolerance to hardware and software

failures, asymmetric and unidirectional links, or limited range of wireless communication

Easy• Deploying technology should not impact

usability in a way that is intolerable

Network Infrastructure Protection• Protection of routing and network

management infrastructure against both passive and active attacks, such as rogue devices, insertion, deletion, modification or replay of control messages,

Efficiency• Electrical, computing power, RF resource

and network bandwidth

Transmission Security• The services include countermeasures

against radio signal detection, jamming, control/user data acquisition, and eavesdropping


Thank you

W&M 2009 –Unified, corporate-wide, Wireless Threat Management

Technology

wireless security threats

wirelessenabled attacks

risk laptops

huge risk

nomadic mobile smart

clerck geode networks

new threats

data leak