Secure Mobility
Download
Report
Transcript Secure Mobility
The BlueSecure Wireless Network
The Security and Scalability of a Large Enterprise WLAN without all the cost
and complexity
Q1 2006
© 2006 Bluesocket,
© 2006inc.
Bluesocket, Inc.
Pg-‹#›
Copyright and
all rightsand
reserved.
Copyright
all rights reserved
Secure Mobility™ Solutions
Secure Mobility™
Presentation Agenda
Introduction to Bluesocket
Company Mission and Value Propositions
Three Customer Scenarios
Deploying a New Wireless Network
Improving an Existing Wireless Network
Enforcing a “no wireless” policy
Recent Bluesocket Information
Competitive Comparisons
Cisco/Airespace, Aruba, Trapeze, Meru
Customer Case Studies
Summary
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Bluesocket’s Mission
The Company that introduced Secure Mobility® to the
Wireless Market now delivers the most secure complete
WLAN solution
Bluesocket Redefines Trust and Simplicity in
complex wireless networks
Back
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Bluesocket Profile
Established in 2000
Shipping product since Q3 2001
Proven product
Over 4,000 units shipped,
Customers
worldwide
1,500
in 45 countries
Channel-oriented company
Over 200 partners throughout the world
Unique value
Providing the wireless access, security and scalability of large scale
solutions without the cost and complexity
Corporate HQ in Burlington, MA with offices throughout NA, EMEA,
and APAC
Bluesocket Delivers Trust and Simplicity
for Today’s Complete WLAN Solutions
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
BlueSecure Wireless LAN Components
The building blocks of a secure wireless LAN
“BSC” - Security/Mobility Controller
… for Security, Mobility and Role/Policy Enforcement
Centralized Authentication for Multiple Users/Roles/Devices
Web-based Secure Guest Access
Works with Legacy/Multivendor WLANs
“BSAP” - Access Point
… to provide secure wireless access
Simple, auto-config deployment
Secure management and control
“BIPS” - IDS/IPS System
… to monitor and protect the WiFi “airwaves”
Eliminate unwanted Access Points (rogues)
Force unwanted users (hackers) off the network
“BVMS” - Centralized Management
… to provide centralized management of your WiFi network environment
Operational Support without complexity
Web-based to view from any location
Recovery capabilities to restore or replicate
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Bluesocket Value Propositions
Why do thousands of Customers count on Bluesocket?
Security is First
Stateful Role-Based Policy Management
Security and Mobility w/o client-side Software
Flexibility
Web-based, Transparent, MAC, 802.1x, etc.
All Authentication systems Supported
Edu and Library “specials” as well
Interoperability
User Security Overlay for any WiFi network
Wired and Wireless Network Admission Ctrl
Enhanced Guest Services
Scalability
Secure Mobility Matrix for scalability and seamless
roaming – even with encrypted sessions
Large Deployments (Customers w/100+ units and
thousands of clients)
It Just Works!
Back
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Three Customer Scenarios
I Need Wireless
How Do I Deploy
Successfully?
I Have a “No
Wireless” policy
How can I
enforce this?
I already have a wireless
network but need to
improve it (Security, New
Applications …)
Back
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Milestones in deploying a wireless network
Deploying a radio infrastructure
Providing a constant service
Securing
Managing
Back
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Providing a Radio infrastructure
Planning:
Deployment of the AP:
•How many Access Points
•Installation
•Where should I place them
•Configuration
•Which type of AP should I use
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Wireless Lanplanner
Sample Use: Quick Start AP Placement
1. Initial Facility Floorplan
Walls, windows and support
beams each have a unique
impact on your wireless signal.
2. Enter Proposed User Requirements
With LANPlanner, the unique user requirements
of each part of the facility can be documented to
ensure proper coverage.
200 Internet Users in
Conference Hall
3. Software Automatically Recommends
AP Placement
LANPlanner software evaluates the impact of
both the floor plan and the proposed user
requirements to recommend the best
placement of access points in your facility.
A network designer can than adjust the
placement and view the impact of any
potential changes.
6 Executives in
Suite of Offices
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
4 Users with
Streaming Video
Secure Mobility™
Wireless LANPlanner Functionality Details
Prediction: Predicts vital information such as RSSI (Received Signal Strength Indicator), SIR (Signal
to Interference Ratio), SNR (Signal to Noise Ratio), throughput and bit error rate and visualize the
impact of these measurements on a map of your facility.
2D/3D Modeling: Quickly constructs a 2D or 3D representation of the environment that conveniently
captures and organizes all relevant information regarding both the wireless network and the physical
environment in which it resides.
Bids and Proposals: Quickly generate formal bids and create specification documents for proposals.
Asset Documentation: Vital asset location, configuration information, and maintenance records are
stored in a flexible 2D/3D model for troubleshooting, simplified network management and network
upgrade planning.
Bill of Materials: Project documentation is also stored and can be easily shared and e-mailed. A
highly accurate bill of materials can also be generated for the purchase of equipment and materials
avoiding time consuming implementation delays, additional unplanned purchases, budget overruns
and excessive paperwork.
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Deploying the Access Points
Different AP with omni directional antennas or external antennas
Variety of external antennas to cover all radio scenarios
Support for 802.11 a/b/g
Fully featured WPA, WPA2, WMM
PoE – 802.3af to remove power installations
Multiple SSIDs to provide multiple services
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Self-Configuring AP
Zero configuration Access Point
Can only work in a Bluesecure controller environment
Dynamic RF configuration from the controller for optimized power and
channel selection
Tunneled control channel and data channel permitting the deployment
of the AP anywhere on the LAN
Layer 3 Tunnel
Routed Network
L3 Router
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
BlueSecure Controller
Secure Mobility™
Securing the WLAN
Key Security Concerns
Securing
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Users are authenticated
Sessions are encrypted as
needed
Access devices are “clean” from
malware
Wireless hackers are detected
and eliminated
Rogue Access Points are
detected and eliminated
Session behavior and access is
controlled
Secure Mobility™
Main Security Threats:
Detect
Isolate
Authenticate and Scan
Fake AP
Encrypt
Wired Device
with WLAN
card in ad-hoc
User
Detect
Enterprise
Network
Eavesdropper
Enterprise AP
Rogue AP
Isolate
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Securing the WLAN at the user level
Trusted users, Trusted devices, Trusted access
Client
Scanning
Universal
Authentication
Behavior
Control
QoS
Controlled
Destination
Intranet
BlueSecure Controllers
BlueSecure Controllers provide these key benefits
User-layer security
Role-based (optional) client scanning
L3 Mobility with session maintenance
Interoperability with any Access Point Infrastructure
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Internet
End-Point Integrity
Making sure devices have no malware
OPSEC Partnership with Check Point
Integrated into Bluesocket Controllers
Clientless Scanning
Web Based, no endpoint software
required
Check for Antivirus Status
(Norton, TrendMicro, etc)
Check Windows version/patches
Require any application to be running
Scans for worms, trojans, keystroke
loggers, spyware
Self Remediation
Can also be used to verify end-user device “environment” (existence or
revisions of apps, etc.) before access is granted to the network or applications
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Securing with Flexible Authentication
Can be combined with role/policy to guarantee secure user access
Multiple Authentication methods
IPSec (DES, 3 DES, AES)
•
Digital Certificates, Pre-shared key
L2TP over IPSec
PPTP
Browser-based Auth (SSL)
802.1x, WPA (LEAP, PEAP, TLS, TTLS,
FAST)
Mac-based authorization
Multiple Authentication
Servers/Types
802.1x
RADIUS, LDAP, and Active Directory
Windows Domain
Transparent Windows Login
Transparent 802.1x Login
Secure Tokens
Kerberos
Cosign, CAS, Pubcookie
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Securing with Encrypted Links
Keeping user session data safe from eavesdropping
Layer 2: On the AP (RC4 AES)
Layer 3: On the controller
IPSEC (DES, 3 DES, AES)
PPTP
L2TP
Designed for a Local Area Network environment
(High Bandwidth)
Standards-based Implementation with no
proprietary client
Internet
Intranet
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Granular User Role/Policy Enforcement
Controlling network access and usage for wireless and wired users
ROLE (Examples)
Faculty/
Employee
Student/Visitor
Administrator
VoIP Phones
Browser
Windows Domain
MAC
WPA, IPSec
None
WPA, IPSec
Firewall only
1M/1M
Shared 256k
512k
64k/64k
Allow all
Allow Internet
Deny Intranet
Schedule
24/7
M-F/8-6
M-F/8-6
Shift
Authorized
Location
All
Lobby/Class Room
Select Locations
All
LEAP/
PEAP
Authentication
Encryption
POLICY
Bandwidth
Access Rights
Behavior
Allow Internet
Allow Email
Admin Databases
Telnet/
AS400
Port Lock due to Worm-signature
Auto-Quarantine due to DoS Attack
This is the key to linking user behavior to network/data usage policies
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Clientless Intrusion Detection / Auto Quarantine
Making sure only “trusted” or “clean” devices get access to the network
Unsecured access to
the Internet can
compromise a
student’s device
Remote
Campus
Internet
Remediation
Page
X
Detect…by user
Protect...Block/Auto Quarantine (for x time)
Notify
User…Remediation Page
Network Manager…GUI/Alarms/Events
BlueSecure’s Comprehensive Security Achieved with Client
Scanning before access and Ongoing Controller-based IDS
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Campus
network
Bluesocket Detects
and Protects the new
threat from infecting
your network
Once user disinfects their PC……
Re-authenticate and go
Pg-‹#›
Student Center
Dorm
Secure Mobility™
Corporate
Research
Facility
Securing the WLAN at the radio level
Identifying and disabling rogue APs and Hackers
AP Combo
Distributed sensor overlay system
merged into the AP
Centralized Sensor
“Super Listener”
20:1 ratio vs. distributed sensors
Reduces OPEX and CAPEX
BlueView Management System
Sensor management
Visualize RF Security Threats
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
BlueSecure IPS Benefits for WiFi Management
RF Spectrum Analysis
Site Survey
Coverage Maps
Station auto-discovery
Rogue detection
Vulnerability detection
Intrusion detection
Location Triangulation of the detected WiFi
devices
Rogue AP or Rogue client contention
Dashboard Views for system-wide status
Detailed Reporting
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Providing a constant and reliable service
Even more important with VoWLAN deployments
Fast Layer2 Roaming:
Key Caching,
Pre-authentication,
pro-active key caching
Providing a constant and
reliable service
Fast Layer3 Roaming:
Roaming across IP networks
and Bluesecure controllers
Resilient service:
Dynamic RF for AP signal coverage and outages
High Availability and loadsharing clusters of controller
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Managing the wireless network
BlueSecure Controller-based management (web UI)
Monitoring of the AP via the controller:
Automatic firmware update for BSAP
Dynamic RF adapting to changes in the environment (Neighbor APs, etc.)
BlueView Management System:
Auto-discover your WLANs
Schedule and Automate provisioning
Maintenance Tasks
Real time monitoring and visualization
Secure, remote management
Centralised Policy enforcement
Powerful reporting
Centralized Alarm and Log Management
Location Services
BVMS
3rd Party AP Management
Configuration & Upgrades
Cisco, Proxim, Avaya, 3Com, others..
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
and
BlueView Management System (BVMS)
BVMS
BSC
BSC
Patch and
Software
Updates
Central Point for
Alarms, Logs and
Traps
Automated
Policy Updates
BVMS Simplifies Operations for Large Enterprises and Service Providers
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
RF Location Services
BlueView Management System
Import floor plans/buildings
Quickly view RF coverage, power,
channels, usage
Visualize RF issues
Location
One Click on client or AP
Locates client/AP on floorplan
BlueSecure AP or Centralized
Sensor provides location data to
BVMS
Find Rogue APs and location of
Wireless Attackers
Support E-911 requirements
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Bluesocket Delivers Secure VoWLAN
Voice over WLAN
Over 35% will use VoWLAN by 2007
Today – Single Mode Phones (SpectraLink,
Vocera, SIP, etc…)
Tomorrow – Dual mode Cell/WLAN phones
Top issues are QoS and Security
Bluesocket and VoIP
Existing World-Class QoS (WMM/802.11e,
Diffserv, Controller marking/prioritization)
Subnet Roaming since 2002
V5.1 adds stateful firewall monitoring for
dynamic VoIP protocols (SIP/H.323)
First WLAN Controller with integrated SIP
Proxy for NAT’d voice calls
Our Stateful Firewall guarantees security even
with Dynamic Voice Protocols
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Bluesocket Secure Guest Access
Bringing Trust and Control to Guest Access
Comprehensive Administrative Controls
Administrator Interface for complete controls
Reception Interface for simplified guest
account creation
Batch Guest account creation and
management facility
Universal Authentication
Web Login (typical)
Ad-hoc account creation through receptionist
console
Dynamic length of time access for guests
Delayed Account Activation potential
Used for Wired and Wireless Access
Receptionist
Intranet
Guests
Client Scanned
Role/Policy
Assigned
Client Scanning
Session IDS
Role/Policy Enforcement
Guests identified and traffic flows controlled
Access levels and restrictions defined
Built-in “easy access” features
“AnyIP” allows access for those with fixed
network/address settings (no DHCP)
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Internet
Authenticate
Trusted Devices and Behavior
Pg-‹#›
Bulk Create
Secure Mobility™
Admin
Console
Achieved with..
Deploying a radio infrastructure
Providing a constant service
Securing
Managing
Back
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Enforcing a “No Wireless” policy
What’s Required?
Ability to detect “rogue” access point
• Also wired client with enabled WLAN interfaces
Locate and isolate these “rogue” devices
Multiple sensor solutions to suit your environment
• Centralized “super listeners”
• Distributed sensors for localized active containment
• AP/Sensor combination to allow addition of wireless later
Management and reporting
• Compliance reports
• Alarms and Events to management frameworks
• Location and other visualization
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Back
Bluesocket Intrusion Detection & Protection
Distributed RF IDS
Where to use
• Stand Alone
• Small – Med. Deployments
• Feature Rich Requirements
• Complex Building Layout
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Centralized RF IDS
Where to use
• 1 sensor covers 5+ story bldg
• Large Deployments
• Lower Cap-Ex, Op-Ex
• Integrated with Controllers
Secure Mobility™
Distributed vs. Centralized
What’s the right solution for you?
Distributed
Centralized
No. of Sensors Required
High
Low
Sensor Deployment
Med
Low
Rogue & Alarm Detection
Yes
Yes
Rogue Connected to LAN
Detection
Yes
No
Location
Accurate Location based on
triangulation (sensor overlap)
Approximate Location based
on directional antenna
Rogue Containment
Yes
No/Limited
Admin Access Levels
Yes
Yes
Back
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Improving an Existing WLAN
BlueSecure Controller
Add/Improve Security without the need to replace the current
Wireless Infrastructure
Add SecureMobility® to your existing network
BlueView Management System
Add 3rd party management of legacy APs
Add centralized policy and configuration management
Enable remote wireless Management
BlueSecure Intrusion Protection System
Add RF monitoring and reporting
Add RF Protection/Active Containment
Back
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
BlueSecure Controler in your existing network
Secure Guest Access
Universal Authentication
Granular user role/policy
enforcement
Co-Exist and interoperate with
other Standard Environments
Secure Mobility without client-side software
IDS for user traffic
Client Scanning for Trusted Endpoints
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Bluesocket Seamless Secure Mobility™
No Client Software, No Infrastructure Changes, No Mobile IP
Subnet A
2
3
GRE Tunnel
168.1.1.1
2.
Client roams to new subnet or
roams out of radio coverage and
returns
3.
Bluesocket Secure Mobility
recognizes roaming event and
provides client with the same
initial IP address
4.
Bluesocket Secure Mobility can
be used for VLAN roaming within
a single controller as well
Corporate
Network
1
168.1.1.1
Subnet B
Pg-‹#›
Bluesocket Secure Mobility™ Matrix allows for
seamless roaming as users move across multiple
subnets securely
1. Client associates with AP and
receives an IP address,
optionally using WPA (802.1x)
VPN for security
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Radius, LDAP,
Active Directory,
NT Domain Server
Corporate
Servers
Secure Mobility™
o
Bluesocket in a multi-vendor environment
• User-Level Security
• Client Scanning without Client Agents
• 3rd party AP management
Multiple
Client
Devices
Remote
Campus
Multiple
Access
Points
Bluesocket
Campus
Network
Multi-Vendor
Wireless Networks
Security within an Open, Standards-based environment
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Corporate
Research
Facility
Bluesocket Intrusion Detection & Protection
Centralized RF IDS
Integrated RF IDS
BlueSecure
Access Points
AP / Sensor
Where to use
• 1 sensor covers 5+ story bldg
• Large Deployments
• Lower Cap-Ex, Op-Ex
• Integrated with Controllers
Where to use
• AP and Sensor
• Utilize existing WLAN
• Integrated with Controllers
Back
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Bluesocket Updates and Information
Q1-2006
Back
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Bluesocket Announcement from Dec 2005
Bluesocket Secure Voice
• Stateful firewall inspection for dynamic voice traffic such as H.323/SIP
• Integrated SIP Proxy
DynamicRF™ for converged Voice, Video and Data
• Automatic AP channel and power adjustments
• Client Load Balancing across APs
• Fast Roaming with 802.11i key caching (PMK)
Bluesocket RF Intrusion Detection
• Bluesocket Access Points act as AP only, Sensor only or AP/Sensor at the
same time
• Rogue Client and Access Point Containment & over 50 RF Alarms
Location Services
• BlueView Management System shows user and AP location along with
coverage heatmaps on actual floor plans
Bluesocket integrates Check Point Integrity Clientless Security
• Windows Patches, AV software and
Worms/Trojan/Spyware/Dialers/Keystroke logger protection
Member of the Avaya DevConnect Partner Program
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Bluesocket Announcement BVMS V2.3
Available March 2006
3rd Party AP Management
Cisco APs
Proxim APs
Avaya APs
3COM
Push Patches, Firmware, Configuration
Configuration Templates
Automated Firmware Updates
Monitoring Status
Back
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Bluesocket Competitive Information
Q1-2006
Back
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Cisco-Airespace Products
Wireless Controllers
Model 2000 – 6 APs $3250
Model 44xx
•
•
•
•
12 APs $9,995
25 APs $14,395
50 APs $19,995
100 APs $34,995
“Light” APs
Model 1000 w/internal antennas $599
Model 1000 w/external connectors $799
Management System
Wireless Control System (WCS)
• $5,995 for 50 APs
• $50,000 for unlimited
WiSM
Blade for Cat6500 @ $45,000
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Cisco-Airespace - The multi-product approach
Good wireless, but….
Want client scanning or Guest Access or LDAP/AD authentication?
Add Clean Access
Want role based firewalling or VPN?
Add Cisco PIX
Want worm/DoS IDS?
Add Adaptive Security Appliance
+
+
Why is this called a simple solution?
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
+
Cisco-Airespace
4 different boxes
4 different management systems
4 times the price
1 Bluesocket Box = 4 Different Cisco Boxes
Other Limitations of a Cisco Solution
Must be ALL Cisco APs (throw out whatever else you have)
Does not handle any public wired ports that you want to protect
(conference rooms, etc…)
Even the wireless alone is 40% more than Bluesocket
Client Scanning requires software agent (Bluesocket is webbased)
Client Scanning doesn’t check for worm/trojan/spyware infection
(Bluesocket Does)
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Trapeze Networks
OEMs to Nortel and 3COM
Wireless Controllers
MX-400, -20, -8, -2
•
•
•
•
•
3 APs $1195
12 APs $4,595
40 APs $12,995
80 APs $19,995
120 APs $26,495
“Light” APs
Model 372 $599
Management System
RingMaster Software
• $2,995 for 50 APs
• $9,995 for 200 APs
• $17,995 for unlimited
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Trapeze Networks
Basic “Wireless Only Functions” – slick graphical tool
(RingMaster), but that is about it
No Security
No stateful firewall
No integration with LDAP/Active Directory
No VPN (PPTP, IPSec or L2TP over IPSec)
No Client Scanning
No worm/DoS IDS protection
No Interoperability
Throw out your non-Trapeze APs
Can’t trunk unprotect wired traffic
No BW Controls
Wireless shared medium needs per user BW controls
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Simple Questions to ask the Customer…
…to see if Trapeze “fits” the need
1.
2.
3.
4.
5.
6.
7.
8.
Will you be using any existing APs from Cisco, Enterasys, Proxim, etc…?
Will you be authenticating users against LDAP, Active Directory or NTLM?
Do you require VPN (IPSec, PPTP, L2TP over IPSec) termination?
Do you want to scan devices for patches, anti-virus software or
worms/Trojans/spyware before they login to the network?
Do you need real-time protection against Worm proliferation or malicious users
after login?
Do you require stateful role based security (allowing what users can/can’t do
on the network based on who they are)?
Will you need per-user bandwidth management (the ability to limit user’s
speed)?
Will you need to secure any wired traffic (i.e. dorms, libraries, conference
rooms, etc…)?
If the answers to any of these is “yes”, then Bluesocket is a better fit!
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Meru Networks
Wireless Controllers
MC500 for 5 APs
MC1000 for 30 APs
MC 3000 for 150 APs
“Light” Access Points
• AP-200 802.11a/b/g
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Meru Networks
Very focused on Voice only
Claims to be the “voice” player
Claims 5x the voice performance
But ….
Proprietary Solution that requires a fork-lift upgrade to achieve any Meru
claimed benefits
802.11e (standards approach) will marginalize their proprietary approach
Not interoperable with other APs or wired applications
No user security (roles, VPN, client scanning, etc.)
Only very elementary Wireless IDS through partnerships
Never participated in any reviews (NW World, etc…) … why?
Meru Summary
An interesting story for a voice only deployments, but cannot compete in a
real-world deployment with any of the other leading wireless controller
companies and has a short window as 802.11e voice features become
adopted
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Aruba Networks
Wireless Controllers
Model 200 ($1995 + SW)
• Each SW Module adds $500
Model 800 ($4,995 + SW)
• Each SW Module adds $2K
Model 2400 ($8,995 + SW)
• Each SW Module adds $4K
Model 6000 ($36,995 + SW)
• Each SW Module adds $16K
Software Modules
Role Based Firewall
VPN Termination
Wireless RF IDS
Client Scanning (requires Sygate)
Advanced RADIUS (service providers)
“Light” Access Points
AP70 802.11a/b/g - $595
AP60 802.11b/g ONLY - $395
Management System
Just released, starts at $3,995 + SW
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Aruba Networks
Not Interoperable
No roaming across non-Aruba APs
No management of non-Aruba APs
Need a special 2E Grid Point to handle wired traffic
Complex and Expensive Product
Every feature is licensed making maintenance difficult
Adding role firewall, client scanning and RF IDS (required in almost all
installations) makes the price soar – over 45% more than Bluesocket
Mix and Match modules cause confusion and requires the use of both
CLI and Web GUI to configure the product
Client Scanning and Worm Protection
Bluesocket Integrates Check Point, Aruba requires a complete Sygate
Policy Enforcer product to be installed
No protection for Worms or DoS attacks (behavioral based IDS), Aruba
recommends you buy a separate Fortinet Firewall for that
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Competitive Comparison at a Glance
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Technology Assurance Labs
Independent Product Testing – Jan 2006
Jan 2006
In Jan 2006 we scored excellent results on independent lab tests vs our competition
• In 2005 Gartner only included WLAN solutions providers
2005
• Bluesocket was in the “niche players” sector because
our AP solutions were new. This will be very different in
the 2006 WLAN quadrant.
• Bluesocket is a leader in security and provides the only
interoperable complete WLAN solution
2001-2004
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Bluesocket is the leader in Wireless Gateways
Secure Mobility™
Competitive Summary
Bluesocket is the only vendor who is interoperable with existing APs
and even unprotected wired ports
Bluesocket has the most features/functions “built-in” so we can fit into
any environment without wholesale changes
Bluesocket has complete offering of security, RF and management at
the lowest capex and opex cost
Bluesocket will continue to lead the market in role and policy
enforcement including the integration of applications and
infrastructure
Bluesocket will remain committed to delivering our industry-leading
solutions based on open-standards giving our users maximum choice
Back
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Customer Case Studies
Back
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Policy Enforcement Healthcare
Enforce network policies based on
user rights
Examples:
Nurses:
• Given HTTPS access to
patient databases only
Doctors:
• E-mail and Web access
with IPSec encryption for
HIPAA compliance
Contractors:
• Access only to their work
servers
Patients/Visitors
• Access to Internet only,
with limited bandwidth
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Integrating Mobile Devices & Applications
Large Arkansas based healthcare system with 5 hospitals, 100+ medical care sites
Current WLAN rollout is in its 3rd generation, used for mobile applications:
Clinical information System from IDX
Patient documentation system from MercuryMD,
Wireless users now have seamless access to:
Patient records, Lab results, Medication lists, Radiology reports
Over $2 million spent on WLAN including Cisco APs, PDAs, Cart-based laptops,
Vocera voice badges and Bluesocket WGs
“Installing Bluesocket with our wireless LANs gives us the flexibility of integrating
our wireless devices with our existing LAN, in addition to giving us security and
role-based policy enforcement, where we can grant access privileges depending
on the end user’s role in the hospital.”
Dennis Strobel, Director of Information Systems
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Improved Accuracy
Major healthcare provider in central Ohio:
3 hospitals, 8,800 employees, 1,500 physicians and 1,300 volunteers
Using the Bridge Medical MedPoint
system, nurses scan patient wristband
and medication bar codes into a handheld
terminal that communicates to the
wireless hospital network (where
electronic medical records are kept)
Checking “The Five Rights"
(right medication, right patient, right dose,
right route, at the right time)
Pharmaceutical companies starting to provide bar codes on drugs
Using Bluesocket with existing wired/wireless infrastructure from Nortel
and Cisco
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Improving Patient Experience
Scripps Healthcare:
Major HCO in San Diego,
Nationally-rated for obstetrics,
and cardiology
Wireless Access to e-mail and Web
surfing for patients, visiting family
Benefit for in-patients: Alternative to TV
and no more cottage cheese ceilings!
Users gain appropriate access while
moving within hospital (e.g. suppliers,
visiting lecturers, conference attendees,
physicians, nurses)
New parents given a digital camera,
so they can share pix of their newborn
right after the birth
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Universal Authentication University
Five Campuses, thousands of
users
Authenticate users, not devices
Use existing back-end
authentication servers:
RADIUS, LDAP, Windows 2000,
NT Domain
Web-based authentication
and encryption (SSL)
No client software required
Need to support broad range of
access points and devices
Branded Authentication:
custom information portals
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Legacy Integration Manufacturing
Parker Hannifin has standardized
on Bluesocket worldwide
Wireless improves productivity
in manufacturing facilities for
this $7 billion company
Supports legacy infrastructure:
Shop floor devices, PDAs, laptops
with uniform authentication
From the shop floor of the plant…
to the board room:
Transparent and secure
user-login
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Seamless Security Enterprise
Honeywell is a major global company with
100,000 employees in 95 countries
Honeywell's wireless implementation - FAST
(Field Automation Service Technology)
Latest manifestation of the company's service
initiative that started a decade ago
The company’s work in military and civilian
aerospace requires the highest level of security
With Bluesocket, Honeywell is implementing
secure access for mobile employees no matter
where they are: office, home or the airport
Security Requirements
Support for dual-factor authentication (password
and digital certificates)
MAC authentication
VPN for remote access
Transparent encrypted sessions for employees,
suppliers, contractors, and guests
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Back
Secure Mobility™
Summary of Bluesocket Value Propositions
Security is First
Stateful Firewall and Role/Policy Enforcement
Universal Authentication
Multiple end-user auth methods are supported
Against multiple DBs (LDAP, AD, Radius)
Interoperability
User Security Overlay for any WiFi network
Wired and Wireless Network Admission Ctrl
Enhanced Guest Services
Scalability
Scalable seamless roaming/mobility
Scalable management system
It Just Works!
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™
Delivering Trust and Simplicity
in a Complex Wireless World
Pg-‹#›
© 2006 Bluesocket, Inc.
Copyright and all rights reserved
Secure Mobility™