Transcript Agenda

Security and Wireless Together at Last
Three Things Often Missing from Your Wireless
Robert Neuroth,
Regional Director - West, Wireless Solutions
October 26, 2015
1
Agenda
 Top 3 Problems with Secure Wireless Access
»Problem #1 – Disparate Network Access and Security Platforms
»Problem #2 – Security Challenges
»Problem #3 – Wireless Performance
 The Fortinet Approach
 Q&A
2
Problem #1 – Disparate Network
Access and Security Platforms
October 26, 2015
3
Problem: Multiple Appliances, Management Systems and Policies
Multiple
Management
Systems
VPN
Intrusion Prevention
Application Control
Web Filtering
WAN Optimization
Antispam
Antivirus
Firewall
WLAN APs
Wi-Fi Controller
Switch
4
Solution: Unified Access Layer
Single
Management
System
Gateway with Integrated
Wi-Fi Controller
WLAN APs
Switch
Lower cost of acquisition
Lower cost of ownership
Improves security provisioning
5
Solution: Unified Security Policy
Remote Access
» User Identification
» Access Control
Wired Access
DIGITAL ASSET
Wireless Access
» Content Inspection
» Attack Mitigation
» Integrated Wireless LAN management with security gateway
» Authentication and Security policy consistent across Wired, Wireless and Remote Access
6
Problem #2 – Security Challenges
October 26, 2015
7
BYOD
Organizations must be able to embrace BYOD Securely
Device Identification
» Device & OS Fingerprinting
» Device Classification & Management
» Contextual Device Information
Device Group List
8
Securing BYOD environment
» Enforce appropriate policy based on
device
» Increase network visibility
» Add control beyond traditional Windows
AD environment
Secure Guest Access to the Wireless LAN
 Temporary user Provisioning & Access
» Allow non-IT staff to create Guest account via web portal
» Assign time quota
» Generate temporary password
» Distribute guest credentials:
• Print
• Email
• SMS
» Batch guest users creation
9
Problem: Wireless LAN Introduces Compliance Challenges
 PCI Compliance
» Even if Wireless LAN is not used in the
Cardholder Data Environment
 HIPPA Compliance
 CIPA Compliance
10
Solution: Rogue AP Suppression and WIDS
 Rogue AP Suppression
» Full-time or background scanning
» On-wire correlation
» Automatic suppression
 Wireless Intrusion Detection System
» WiFi protocol & RF level attack detection
» Must be built-in to wireless controller
» Separate WIDS appliances mean another interface
to manage!
 Data Leakage Prevention
 URL Filtering
 Reporting is Critical
11
Problem #3 – Wireless Performance
October 26, 2015
12
Problem: Inability to Prioritize Business Applications
 Shared Bandwidth
» Clients and applications on wireless
networks compete with each other
 WME/WMM
» 802.11e, Wireless Multimedia
Extensions (WME or WMM) doesn't
solve this problem, as Business
applications like Remote Desktop,
VNC, Webex, etc. are not be
prioritized differently
Priority
App
NonPriority
App
Client #1
13
NonPriority
App
Client #2
Solution: Layer 7 Application Control
 Layer 7 Inspection
» Ensures bandwidth is guaranteed for
business critical applications
 Application Control Sensors
» Thousands of signatures
» Dozens of categories
Priority
App
» Advanced IM & P2P control
» Application Control Traffic Shaping
NonPriority
App
NonPriority
App
» SSL Content Inspection
Client #1
14
Client #2
Problem: High Density Environments
 Wireless LANs are becoming extremely dense with clients:
» Device proliferation
» Mobile workforce
» Wireless only offices
» Multiple devices per user common (laptop, tablet, smart phone, etc.)
15
Solution: High Density Radio Control Features
• Frequency Handoff – Moves client to less-loaded band/radio
• AP Handoff – Moves client to less-loaded AP
16
Problem: Interference from other APs and Sources of RF
CH 1
CH 6
CH 11
17
• Legitimate APs
• APs in neighboring
building
• Microwave Ovens
• Cordless Phones
• etc.
Solution: Automatic Radio Resource Provisioning
CH 1
CH 6
CH 11
18
• Channel Assignment
» Automatically assigns
non-overlapping channels
» Reduces chatter between
APs
• Auto TX Power
» Changes radio
transmission power
settings automatically
The Fortinet Approach
October 26, 2015
19
The Fortinet Difference
20
Fortinet Secure WLAN Approach
No additional licenses needed
Captive Portal, 802.1x—Radius /shared key
Assign users and devices to their role
Corporate
Wi-Fi
Examine wireless traffic to remove threats
Identify applications and destinations
Apply policy to users and applications
Ensure business traffic has priority
Report on policy violations, application
usage, destinations and PCI DSS
21
Sample of Fortinet’s Wireless Customers
Distributed Enterprise / Distributed Retail
Education
22
Large Enterprise
Services / Financial / Healthcare / Gov
Outdoor / Mesh
Top 3 Problems with Secure Wireless Access
 Problem #1 – Disparate Network Access and Security Platforms
» A Unified Access Layer is essential
» Unified appliances, unified management, unified policy
 Problem #2 – Security Challenges
» Secure BYOD requires policy based on device, with deep visibility
» Guest Access must be built-in to your Secure Wireless solution
» Compliance is simple when control and reporting is integrated
 Problem #3 – Wireless Performance
» Application control at Layer 7 is critical, WME/WMM is not enough
» Automatic Radio Resource Provisioning, no manual radio configuration required
23
Q&A
24