Secure Mobility ® Solutions
Download
Report
Transcript Secure Mobility ® Solutions
Bluesocket Complete
WLAN Solution Suite
Redefines Trust and Simplicity in Complex Environments
Sales Training Soft-tronik, Prague
Gudrun Weinfurtner – Channel Manager Central & Eastern Europe
February 2006
© 2005inc.
Bluesocket, inc.
© 2005 Bluesocket,
Pg-‹#›
all rights reserved.
Copyright andCopyright
all rights and
reserved.
™
Secure Mobility
SecureSolutions
Mobility® Solutions
Agenda
Solution Overview
Company
Partner Programm & Tools
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Solution Overview
What is it?
Where does it fit?
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Three Customer Scenarios
I don’t
have a wireless
Network But need
do deploy one
I don’t want
any wireless in
my premises
I already have a wireless
network but need to
improve it (Security, New
Applications …)
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Milestones in deploying a wireless network
Deploying a radio infrastructure
Providing a constant service
Securing
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Managing
Secure Mobility® Solutions
Providing a Radio infrastructure
Planning:
Deployment of the AP:
•How many Access Points
•Installation
•Where should I place them
•Configuration
•Which type of AP should I use
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Wireless Lanplanner
Sample Use: Quick Start AP Placement
1. Initial Facility Floorplan
Walls, windows and support
beams each have a unique
impact on your wireless signal.
2. Enter Proposed User Requirements
With LANPlanner, the unique user requirements
of each part of the facility can be documented to
ensure proper coverage.
200 Internet Users in
Conference Hall
3. Software Automatically Recommends
AP Placement
LANPlanner software evaluates the impact of
both the floor plan and the proposed user
requirements to recommend the best
placement of access points in your facility.
A network designer can than adjust the
placement and view the impact of any
potential changes.
6 Executives in
Suite of Offices
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
4 Users with
Streaming Video
Secure Mobility® Solutions
Deploying the AP
Different AP with omni directional antennas or external antennas
Variety of external antennas to cover all radio scenarios
Support for 802.11 a/b/g
Fully featured WPA, WPA2, WMM
PoE – 802.3af to remove power installations
Multiple SSIDs to provide multiple services
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Configuring the AP
Zero configuration Access Point
Can only work in a Bluesecure controller environment
Dynamic RF configuration from the controller for optimized power and channel
selection
Tunneled control channel and data channel permitting the deployment of the AP
anywhere on the LAN
Layer 3 Tunnel
Routed Network
L3 Router
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
BlueSecure Controller
Secure Mobility® Solutions
Securing the WLAN
Securing
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Main Security Threats:
Detect
Isolate
Authenticate
Fake AP
Encrypt
Wired Device
with WLAN
card in ad-hoc
User
Detect
Enterprise
Network
Eavesdropper
Enterprise AP
Rogue AP
Isolate
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Securing the WLAN at the user level
Client
Scanning
Universal
Authentication
Behavior
Control
QoS
Controlled
Destination
Intranet
BlueSecure Controllers
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Internet
End-Point Integrity
OPSEC Partnership with Check Point
Integrated into Bluesocket Controllers
Clientless Scanning
Web Based, no endpoint software required
Check for Antivirus Status (Norton,
TrendMicro, etc)
Check Windows version/patches
Require any application to be running
Scans for worms, trojans, keystroke
loggers, spyware
Self Remediation
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Universal Authentication
Multiple Authentication methods
IPSec (DES, 3 DES, AES)
Digital Certificates, Pre-shared key
L2TP over IPSec
PPTP
Browser-based Auth (SSL)
802.1x, WPA (LEAP, PEAP, TLS,
TTLS, FAST)
Mac-based authorization
Multiple Authentication Servers/Types
RADIUS
802.1x
LDAP
Active Directory
Windows Domain
Transparent Windows Login
Transparent 802.1x Login
Secure Tokens
Kerberos
Cosign, CAS, Pubcookie
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
An Encrypted Link
Layer 2: On the AP (RC4 AES)
Layer 3: On the controller
IPSEC (DES, 3 DES, AES)
PPTP
L2TP
Dimensioned for a Local Area
Network environment (High
Bandwidth)
Standard Implementation with
no proprietary client
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Granular User Role/Policy Enforcement
Match policy to type of user…all simultaneously
ROLE (Examples)
Faculty/
Employee
POLICY
Student/Visitor
Administrator
VoIP Phones
Authentication
LEAP/
PEAP
Browser
Windows Domain
MAC
Encryption
WPA, IPSec
None
WPA, IPSec
Firewall only
Bandwidth
1M/1M
Shared 256k
512k
64k/64k
Allow all
Allow Internet
Deny Intranet
Allow Internet
Allow Email
Admin Databases
Telnet/
AS400
Schedule
24/7
M-F/8-6
M-F/8-6
Shift
Authorized
Location
All
Lobby/Class Room
Select Locations
All
Access Rights
Behavior
Port Lock due to Worm-signature
Auto-Quarantine due to DoS Attack
Real Life demands more than just “employees” and “guests”
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Clientless Intrusion Detection / Auto Quarantine
Unsecured access to
the Internet can
compromise a
student’s device
Remote
Campus
Remediation
Page
Internet
Detect…by user
Protect...Block/Auto Quarantine (for x time)
Notify
User…Remediation Page
Network Manager…GUI/Alarms/Events
X
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Campus
network
Bluesocket Detects
and Protects the new
threat from infecting
your network
Once user disinfects their PC……
Re-authenticate and go
Pg-‹#›
Student Center
Dorm
Corporate
Research
Facility
Secure Mobility® Solutions
Securing the WLAN at the radio level
AP Combo
Distributed sensor overlay system merged
into the AP
Centralized Sensor
Centralized sensor
- Central coverage
- reduces OPEX and CAPEX
- 20:1 ratio vs. distributed sensors
BlueView Management System
Sensor management
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
RF Protection: BlueSecure IPS Server
RF Spectrum Analysis
Site Survey
Coverage Maps
Station auto-discovery
Rogue detection
Vulnerability detection
Intrusion detection
Location Triangulation of the detected WiFi
devices
Rogue AP or Rogue client contention
Dashboard Views for system-wide status
Detailed Reporting
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Providing a constant and reliable service
Fast Layer2 Roaming:
Key Caching, Pre-authentication, proactive key caching
Providing a constant and reliable
service
Fast Layer3 Roaming:
Roaming across IP networks and
Bluesecure controllers
Resilient service:
Dynamic RF for AP going down
High Availability and loadsharing
clusters of controller
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Managing the wireless network
Minimised management of the AP via
the controller:
Automatic firmware update
Dynamic RF adapting to changes in
the environment (Neighbor APs,
Cupboard …)
Managing
BlueView Management System:
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
BlueView Management System (BVMS)
BVMS
BSC
BSC
Patch and
Software
Updates
Central Point for
Alarms, Logs and
Traps
Automated
Policy Updates
BVMS Simplifies Operations for Large Enterprises and Service Providers
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
BlueView Management System v2.2
Centralized configuration,
monitoring, policy
enforcement and
maintenance for your
WLAN infrastructure
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
RF Location Services
BlueView Management System
Import floor plans/buildings
Quickly view RF coverage, power,
channels, usage
Visualize RF issues
Location
One Click on client or AP
Locates client/AP on floorplan
BlueSecure AP or Centralized
Sensor provides location data to
BVMS
Find Rogue APs and location of
Wireless Attackers
Support E-911 requirements
RFID Asset Tracking
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
BVMS
Appliance capable of
managing up to 1,000 BSCs
Uses industry-leading XMLRPC
Management Console with a
Secure Web Based GUI
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Achieved with..
Deploying a radio infrastructure
Providing a constant service
Securing
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Managing
Secure Mobility® Solutions
BlueSecure WLAN Solutions Family
BlueSecure
BlueSecure Controllers
Authentication and Policy Enforcement
BSC-5000
Up to 1000 Users
BSC-2100
50-400 Users
Intrusion Protection System
BSC-1100
15-100 Users
BSC-400
Sensor
Console &
Server
BlueSecure
(branch office)
Up to 50 Users
Access Points
BlueView
Management System
AP / Sensor
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Enforcing a no wireless policy
Need for detecting rogue access
point and wired client with enabled
WLAN interfaces
Locate and isolate such devices
Provided with BlueSecure Intrusion
Protection system
With the type of sensor that suits
your environment
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
I don’t want
any wireless in
my premises
Bluesocket Intrusion Detection & Protection
Distributed RF IDS
Where to use
• Stand Alone
• Small – Med. Deployments
• Feature Rich Requirements
• Complex Building Layout
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Centralized RF IDS
Where to use
• 1 sensor covers 5+ story bldg
• Large Deployments
• Lower Cap-Ex, Op-Ex
• Integrated with Controllers
Secure Mobility® Solutions
Feature Matrix
Pg-‹#›
Distributed
Centralized
No. of Sensors Required
High
Low
Sensor Deployment
Med
Low
Rogue & Alarm Detection
Yes
Yes
Rogue Connected to LAN
Detection
Yes
No
Location
Accurate Location based on
triangulation (sensor overlap)
Approximate Location based on
directional antenna
Rogue Containment
Yes
No/Limited
Reporting
Mature, Detailed Reports
Q4 2005
Admin Access Levels
Yes
Yes
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Improving an existing WLAN
I already have a wireless
network but need to
improve it (Security, New
Applications …)
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Bluesecure Controller in your existing
network
Secure Guest Access
Universal Authentication
Granular user role/policy enforcement
Co-Existence with Heterogeneous
environments
Secure Mobility without client-side software
IDS for user traffic
Client Scanning for Trusted Endpoints
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Bluesocket Seamless Secure Mobility™
No Client Software, No Infrastructure Changes, No Mobile IP
Subnet A
2
3
GRE Tunnel
168.1.1.1
1
168.1.1.1
Subnet B
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Bluesocket Secure Mobility™ Matrix allows for
seamless roaming as users move across multiple
subnets securely
1. Client associates with AP and
receives an IP address,
optionally using WPA (802.1x)
or VPN for security
2. Client roams to new subnet or
roams out of radio coverage
and returns
Corporate
Network
3. Bluesocket Secure Mobility
recognizes roaming event
and provides client with the
same initial IP address
4. Bluesocket Secure Mobility
can be used for VLAN
Corporate
Radius, LDAP,
roaming within a single
Servers
Active Directory,
NT Domain Server
wireless gateway as well
Secure Mobility® Solutions
Bluesocket in a multi-vendor environment
Remote
Campus
Multiple
Client
Devices
Multiple
Access
Points
Bluesocket
Campus
Network
Multi-Vendor
Wireless Networks
Security within an Open, Standards-based environment
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Corporate
Research
Facility
Bluesocket Intrusion Detection & Protection
Centralized RF IDS
Integrated RF IDS
BlueSecure
Access Points
AP /
Sensor
Where to use
• 1 sensor covers 5+ story bldg
• Large Deployments
• Lower Cap-Ex, Op-Ex
• Integrated with Controllers
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Where to use
• AP and Sensor
• Utilize existing WLAN
• Integrated with Controllers
Secure Mobility® Solutions
Company
Who is Bluesocket
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Bluesocket
The Leader in Open Wireless Security and Management Solutions
• Delivering solutions to customers for four years
• 1500+ customers in 45 countries worldwide
• 200+ VAR/Reseller partners worldwide
• 450+ Higher Education/Universities
• 100+ Healthcare Institutions
• Growing presence in Government and Public
Sector Markets
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Partner Programme & Tools
2 tier partner model
Partner status: training + demo box
Support in meetings/events
P@rtnerLINK
Demo boxes
Good margins for everyone!!!
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions
Delivering Trust and Simplicity
in a Complex Wireless World
Pg-‹#›
© 2005 Bluesocket, inc.
Copyright and all rights reserved.
Secure Mobility® Solutions