AirTight Networks WIPS at Wireless Field Day 6 WFD6

67 %
33 %
Information about AirTight Networks WIPS at Wireless Field Day 6 WFD6
Technology

Published on February 3, 2014

Author: AirTightWIPS

Source: slideshare.net

Description

AirTight Networks WIPS at Wireless Field Day 6 WFD6 by Hemant Chaskar

@AirTight WIPS #WFD6 Jan 29, 2014 Part 1: WIPS Product Demo @RickLikesWIPS Rick Farina Part 2: Technology Deep Dive @CHemantC Hemant Chaskar © 2014 AirTight Networks, Inc. All rights reserved. 1

AirTight WIPS § Overlay WIPS or WIPS as part of AirTight APs § Best in the industry § Customer base of 1500+ enterprises including large/Fortune companies, Government & DoD § Extensive patent portfolio © 2014 AirTight Networks, Inc. All rights reserved. 2

WIPS Basics § WIPS addresses threat vectors orthogonal to WPA2 § Offers protection for both - Wired network (e.g. rogue APs), and - Wireless clients/connections (e.g. Evil Twin) § Requires scanning all channels (not just managed AP channels) - Dedicated & background scanning radios 3 © 2014 AirTight Networks, Inc. All rights reserved.

WPA2 and WIPS BYOD 4 © 2014 AirTight Networks, Inc. All rights reserved.

Traditional Approach § User defined rules for classifying devices as managed, neighbor, rogue § Signature matching on packet fields to detect attack tools § Packet statistics based anomaly detection § Lots of alerts § Manual intervention driven reactive workflow © 2014 AirTight Networks, Inc. All rights reserved. 5

User Defined Rules Are No Match For Wireless Environ § Requires cumbersome configuration of rules § Can’t keep up with dynamic wireless environment © 2014 AirTight Networks, Inc. All rights reserved. 6

User Defined Rules Are More Nuisance Than Help § Device alerts, false alarms, manual intervention to act on alerts § Fear of automatic prevention © 2014 AirTight Networks, Inc. All rights reserved. 7

Signature Matching On Packets Is False Alarm Prone § All attack tools don’t have signatures § Signature fields in tools are modifiable § Signatures lag attack tools § Result: Signatures matching approach creates abundant false positives & negatives Does anyone still think that (SSID) signatures is good idea? © 2014 AirTight Networks, Inc. All rights reserved. 8

Packet Anomaly Detection On Unknown Thresholds § Inaccurate stats based on partial observation - Scanning Sensor - RSSI limitations § It doesn’t help to give threshold comparators, when users don’t know the right thresholds - Right threshold to catch real threats, while avoiding false alarms © 2014 AirTight Networks, Inc. All rights reserved. 9

Changing the Status Quo Traditional Approach AirTight Approach WIPS Compass © 2014 AirTight Networks, Inc. All rights reserved. 10

Traditional vs AirTight § Overhead of user defined rules for device categorization § Signatures & threshold anomaly detection § Out of box auto-classification into intrinsic categories § Proactive blocking of risky connections § Constant manual intervention § Highly automated § Alert flood § Concise alerts § Fear of automatic prevention § Reliable automatic prevention © 2014 AirTight Networks, Inc. All rights reserved. 11

AP Auto-classification into Foundation Categories § No user configured rules (SSID, OUI, RSSI, …), § Runs 24x7 Unmanaged APs (Dynamic Part) All APs visible Managed APs (Static Part) Authorized APs External APs © 2014 AirTight Networks, Inc. All rights reserved. Rogue APs 12

Marker Packets™ for Connectivity Detection § No reliance on managed switch infra (CAM tables) § Prompt detection with localized operation for any network size AirTight Device § No false negatives: No “suspects” in neighbor category (like in wired & wireless MAC co-relation) § No false positives: No “legal disclaimers” in automatically AirTight Device containing real rogues © 2014 AirTight Networks, Inc. All rights reserved. 13

Client Auto-classification Connects to secure Authorized AP: Authorized Client Additional ways to autoclassify Clients: Newly discovered Client: Uncategorized Connects to External AP: External Client Integration APIs with leading WLAN controllers to fetch Authorized Clients list. Import MAC addresses of Authorized Clients from file. Connects to Rogue AP: Rogue Client © 2014 AirTight Networks, Inc. All rights reserved. 14

AirTight WIPS Security Policy AP Classification Authorized APs Block Misconfig Policy GO Detect DoS Client Classification Authorized Clients STOP Rogue APs (On Network) Neighborhood APs Rogue Clients STOP IGNORE Neighborhood Clients DETECT AND BLOCK RED PATHS! © 2014 AirTight Networks, Inc. All rights reserved. 15

Reliable prevention § One size doesn’t fit all • There are many permutations & combinations on connection type & Wi-Fi interface hw/sw § Bag of tricks for comprehensive prevention • Deauth, timed deauth, client chasing, ARP manipulation, cell splitting, wireless side, wired side © 2014 AirTight Networks, Inc. All rights reserved. 16

Accurate Location Tracking § Stochastic triangulation – maximum likelihood estimation based technique § No need for RF site survey § No search squads to locate Wi-Fi devices § 15 ft accuracy in most environments © 2014 AirTight Networks, Inc. All rights reserved. 17

Why AirTight WIPS? Automatic Device Classification Cloud Managed or Onsite Reliable Threat Prevention Detailed Compliance Reporting © 2014 AirTight Networks, Inc. All rights reserved. Ease of Operation & Lowest TCO Accurate Location Tracking 18

#wfd6 presentations

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

Wireless Field Day 6 - Tech Field Day

Airtight Networks: A look at WIPS Part 2 ... AirTight at Wireless Field Day 6 ... Prepping for Wireless Field Day 6; IdentiFi Wireless Gearing Up For #WFD6;
Read more

Reflections on Wireless Field Day 6 - Mojo Networks Blog

Reflections on Wireless Field Day 6 ... AirTight Networks Evolution ... AirTight Networks WIPS at Wireless Field Day 6 WFD6.
Read more

AirTight Networks Presents at Wireless Field Day 6 - Tech ...

AirTight Networks Presents at Wireless Field Day 6. ... AirTight WFD6 Introduction with Pravin Bhagwat and Devin Akin. ... Why AirTight WIPS?
Read more

AirTight at Wireless Field Day 6 #WFD6 - Mojo Networks Blog

AirTight at Wireless Field Day 6 #WFD6 ... Thanks to all who watched the AirTight session live stream! ... Do You Have the Right Network Security Strategy?
Read more

Wireless Tech Field Day 6 - Wireless - Spiceworks

For those of you who are into Wireless Networking, Wireless Field Day 6 starts ... Wireless Tech Field Day 6. ... Airtight Networks will be the first one ...
Read more

AirTight Networks Rising | wirednot

... I sat in AirTight Networks' conference room for Wireless Field ... AirTight, but the WIPS ... AirTight at Wireless Field Day 6, ...
Read more

Why AirTight WIPS? - YouTube

Hemant Chaskar, VP of Technology, discusses Wireless Intrusion Prevention System (WIPS). Recorded at Wireless Field Day 6, January 29, 2014. For ...
Read more

AirTight WIPS Demo with Rick Farina - YouTube

Rick Farina, Senior Wireless Security Researcher, demonstrates WiFi pineapple and WIPS. Recorded at Wireless Field Day 6, January 29, 2014. For ...
Read more