MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Wireless Enterprise Wireless Firewall January 9, 2009
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Account Manager Messaging
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Business Problem 1. Wireless Networks are Exposing Enterprises to a Different Set of Threats Wireless networks can be exploited from outside the premises by hackers Wireless traffic is not inspected by traditional firewalls Physical security is a significant deterrence for wired network, not wireless 2. Traditional Wireless Firewalls do not Provide Complete Protection Do not inspect all traffic leaving the door open for lower level wireless threats Require significant redesign of the network Recent compromise of WPA security under certain circumstances makes wireless protection against lower level threats more critical 3. PCI 1.2 Compliance Requires clean separation between wireless and wired traffic - often lacking in current firewalls
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Wireless Firewall Solution Stateful firewall for wireless threats –Inspects all wireless traffic (Layer 2-7) –Provides clean separation between wireless and wired traffic required for PCI 1.2 compliance Security at the edge –Offer protection across the distributed deployment Identity and Location-based access control –Adds new dimension to Policy Enforcement Unmatched protection in the Industry –Unprecedented Protection in Conjunction with Wireless IPS Easy Operations –Easy to deploy and manage with minimal architecture impact –Central management integrated into RFMS
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Overlay Sales Messaging
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Wireless Enterprise: Technology Vision Independent (Standalone) Dependent (Centralized) Adaptive(Distributed) Challenges Limited Mobility Difficult to manage Limited security Challenges Scalability for 11n Resilient Mesh support Security at the edge Best of both worlds and more… Performance/Scalability for 11n Resilient Eliminate central choke point VoIP and Video reliability Secure
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Problems with Existing Firewall Deployments Traditionally firewalls are deployed to protect corporate network resources from threats originating over the internet Most firewalls are designed to operate at IP layer – Layer 3 and above. Most firewalls require significant changes to the network topology to offer basic firewall protection wireless operates below the IP layer at the MAC layer – Layer 2 and above. Most firewalls do not offer adequate protection to legitimate wireless users
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Branch 1 Wireless Switch Problems: Firewall is not deployed to prevent attacks from the wireless network Branch 2 www Internet Facing Firewall Corporate HQ Corp WAN
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Wireless Switch Problems: Firewall does not inspect bridged MAC layer (Layer 2) traffic Firewall Inspection at IP Layer Only Store
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Wireless Switch Problems: Firewall and offers inadequate protection to valid wireless users Firewall Does not Protect Valid Wireless User Store
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Solution – Wireless Firewall Clean separation between wired and wireless traffic Stateful Layer 2-7 traffic Inspection Wireless firewall protects legitimate wireless users at the edge Defends against Layer 2 attacks such as IP spoofing and ARP Poisoning Enables Identity and Location-based Security Policy Enforcement Reduced Hassle: no network redesign plus Integrated Management
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Wireless Firewall Application: DHCP Enforcement Wireless Switch L2 Firewall Campus LAN Assigned IP ADD: Static IP ADD: DHCP Snooping MAC ADD: 44 : 45 : 53 : 54 : 42 : 00 IP ADD: Lease Obtained: 10/01/08 2:30:47 PM Lease Expires: 10/02/08 3:30:47 PM DHCP Request Benefits -Enforce DHCP policies & prevent IP conflicts as wireless clients are added
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Wireless Firewall Application: ARP Cache Protection Wireless Switch L2 Firewall ARP Cache MAC ADD: 42:00:0F:12:EF:0D IP ADD: Assigned IP ADD: / 24 Default Gateway: Static IP ADD: / 24 MAC ADD: 10 : 00 : 0 : 00 : 10 : F0 Default Gateway: Default Gateway: MAC ADD: 42 : 00 : 0F : 12 : EF : 0D DHCP Request Campus LAN Benefits -Protection from ARP Cache Poisoning for Wireless Clients ARP Request
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Front Desk Cubicles Conference Room Wireless Firewall Application: Location Based Access Control n WIPS/Location Client Access Sensor Visitor Conf Rm#1: Group: Public Device: Any State: Compliant Auth: Any Encp: Any Location: Indoor Policy: Access Granted Visitor Outdoors: Group: Public Device: Any State: Compliant Auth: Any Encp: Any Location: Outdoors Policy: Access Denied Location Based Access Control -AirDefense Sensors / Location Sensors report real time location to WiNG switch -Access Points report Authentication, Encryption, Device information -Wireless Firewall assigns/ updates User Role and applies Location based Policies Advantages - Simplifies Guest Access Provisioning - Protects wireless medium from unwarranted probes, association requests - Improves security
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Front Desk Cubicles Conference Room Wireless Firewall Application: Location Based Access Control Employee Indoor: Group: Corp Device: Any State: Compliant Auth: Any Encp: Any Location: Indoor Policy: Intranet Access Employee Outdoor: Group: Corp Device: Any State: Compliant Auth: Any Encp: Any Location: Outdoors Policy: Remote Access Location Based Access Control -AirDefense Sensors / Location Sensors report real time location to WiNG switch -Access Points report Authentication, Encryption, Device information -Wireless Firewall assigns/ updates User Role and applies Location based Policies Advantages -Granular Location based Access Control -Location information can be used for other business applications
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Wireless Firewall Solution Stateful firewall for wireless threats –Inspects all wireless traffic (Layer 2-7) –Provides clean separation between wireless and wired traffic required for PCI 1.2 compliance Security at the edge –Offer protection across the distributed deployment Identity and Location-based access control –Adds new dimension to Policy Enforcement Unmatched protection in the Industry –Unprecedented Protection in Conjunction with Wireless IPS Easy Operations –Easy to deploy and manage with minimal architecture impact –Central management integrated into RFMS
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Questions