MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective.

Презентация:



Advertisements
Похожие презентации
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective.
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Introducing Campus Networks Network Requirements.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 3 Cisco PIX Firewall Technology and Features.
© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Wireless LANs Describing WLAN Topologies.
© 2006 Cisco Systems, Inc. All rights reserved.SNRS v Adaptive Threat Defense Examining Cisco IOS Firewall.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Minimizing Service Loss and Data Theft in a Campus Network Protecting Against Spoof Attacks.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 3 Cisco PIX Firewall Technology and Features.
© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Designing Remote Connectivity Designing the Enterprise Branch.
Designing Enterprise Edge Connectivity © 2004 Cisco Systems, Inc. All rights reserved. Designing the Remote Access Module ARCH v
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective.
Designing Network Management Services © 2004 Cisco Systems, Inc. All rights reserved. Designing the Network Management Architecture ARCH v
© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Identifying Voice Networking Considerations Identifying Design Considerations for Voice Services.
© 2006 Cisco Systems, Inc. All rights reserved.ONT v Module Summary Video and voice applications are used with wireless clients as well as wired.
Page 1 MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their.
Designing Virtual Private Networks © 2004 Cisco Systems, Inc. All rights reserved. Designing Site-to-Site VPNs ARCH v
Designing Security Services © 2004 Cisco Systems, Inc. All rights reserved. Evaluating Network Security Policies ARCH v
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Secured Connectivity Examining Cisco IOS VPNs.
© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Evaluating Security Solutions for the Network Selecting Network Security Solutions.
© 2006 Cisco Systems, Inc. All rights reserved.ONT v Implement the DiffServ QoS Model Implementing QoS Preclassify.
Copyright 2003 CCNA 4 Chapter 11 Scaling IP Addresses By Your Name.
Транксрипт:

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Wireless Enterprise Wireless Firewall January 9, 2009

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Account Manager Messaging

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Business Problem 1. Wireless Networks are Exposing Enterprises to a Different Set of Threats Wireless networks can be exploited from outside the premises by hackers Wireless traffic is not inspected by traditional firewalls Physical security is a significant deterrence for wired network, not wireless 2. Traditional Wireless Firewalls do not Provide Complete Protection Do not inspect all traffic leaving the door open for lower level wireless threats Require significant redesign of the network Recent compromise of WPA security under certain circumstances makes wireless protection against lower level threats more critical 3. PCI 1.2 Compliance Requires clean separation between wireless and wired traffic - often lacking in current firewalls

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Wireless Firewall Solution Stateful firewall for wireless threats –Inspects all wireless traffic (Layer 2-7) –Provides clean separation between wireless and wired traffic required for PCI 1.2 compliance Security at the edge –Offer protection across the distributed deployment Identity and Location-based access control –Adds new dimension to Policy Enforcement Unmatched protection in the Industry –Unprecedented Protection in Conjunction with Wireless IPS Easy Operations –Easy to deploy and manage with minimal architecture impact –Central management integrated into RFMS

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Overlay Sales Messaging

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Wireless Enterprise: Technology Vision Independent (Standalone) Dependent (Centralized) Adaptive(Distributed) Challenges Limited Mobility Difficult to manage Limited security Challenges Scalability for 11n Resilient Mesh support Security at the edge Best of both worlds and more… Performance/Scalability for 11n Resilient Eliminate central choke point VoIP and Video reliability Secure

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Problems with Existing Firewall Deployments Traditionally firewalls are deployed to protect corporate network resources from threats originating over the internet Most firewalls are designed to operate at IP layer – Layer 3 and above. Most firewalls require significant changes to the network topology to offer basic firewall protection wireless operates below the IP layer at the MAC layer – Layer 2 and above. Most firewalls do not offer adequate protection to legitimate wireless users

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Branch 1 Wireless Switch Problems: Firewall is not deployed to prevent attacks from the wireless network Branch 2 www Internet Facing Firewall Corporate HQ Corp WAN

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Wireless Switch Problems: Firewall does not inspect bridged MAC layer (Layer 2) traffic Firewall Inspection at IP Layer Only Store

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Wireless Switch Problems: Firewall and offers inadequate protection to valid wireless users Firewall Does not Protect Valid Wireless User Store

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Solution – Wireless Firewall Clean separation between wired and wireless traffic Stateful Layer 2-7 traffic Inspection Wireless firewall protects legitimate wireless users at the edge Defends against Layer 2 attacks such as IP spoofing and ARP Poisoning Enables Identity and Location-based Security Policy Enforcement Reduced Hassle: no network redesign plus Integrated Management

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Wireless Firewall Application: DHCP Enforcement Wireless Switch L2 Firewall Campus LAN Assigned IP ADD: Static IP ADD: DHCP Snooping MAC ADD: 44 : 45 : 53 : 54 : 42 : 00 IP ADD: Lease Obtained: 10/01/08 2:30:47 PM Lease Expires: 10/02/08 3:30:47 PM DHCP Request Benefits -Enforce DHCP policies & prevent IP conflicts as wireless clients are added

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Wireless Firewall Application: ARP Cache Protection Wireless Switch L2 Firewall ARP Cache MAC ADD: 42:00:0F:12:EF:0D IP ADD: Assigned IP ADD: / 24 Default Gateway: Static IP ADD: / 24 MAC ADD: 10 : 00 : 0 : 00 : 10 : F0 Default Gateway: Default Gateway: MAC ADD: 42 : 00 : 0F : 12 : EF : 0D DHCP Request Campus LAN Benefits -Protection from ARP Cache Poisoning for Wireless Clients ARP Request

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Front Desk Cubicles Conference Room Wireless Firewall Application: Location Based Access Control n WIPS/Location Client Access Sensor Visitor Conf Rm#1: Group: Public Device: Any State: Compliant Auth: Any Encp: Any Location: Indoor Policy: Access Granted Visitor Outdoors: Group: Public Device: Any State: Compliant Auth: Any Encp: Any Location: Outdoors Policy: Access Denied Location Based Access Control -AirDefense Sensors / Location Sensors report real time location to WiNG switch -Access Points report Authentication, Encryption, Device information -Wireless Firewall assigns/ updates User Role and applies Location based Policies Advantages - Simplifies Guest Access Provisioning - Protects wireless medium from unwarranted probes, association requests - Improves security

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Front Desk Cubicles Conference Room Wireless Firewall Application: Location Based Access Control Employee Indoor: Group: Corp Device: Any State: Compliant Auth: Any Encp: Any Location: Indoor Policy: Intranet Access Employee Outdoor: Group: Corp Device: Any State: Compliant Auth: Any Encp: Any Location: Outdoors Policy: Remote Access Location Based Access Control -AirDefense Sensors / Location Sensors report real time location to WiNG switch -Access Points report Authentication, Encryption, Device information -Wireless Firewall assigns/ updates User Role and applies Location based Policies Advantages -Granular Location based Access Control -Location information can be used for other business applications

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Wireless Firewall Solution Stateful firewall for wireless threats –Inspects all wireless traffic (Layer 2-7) –Provides clean separation between wireless and wired traffic required for PCI 1.2 compliance Security at the edge –Offer protection across the distributed deployment Identity and Location-based access control –Adds new dimension to Policy Enforcement Unmatched protection in the Industry –Unprecedented Protection in Conjunction with Wireless IPS Easy Operations –Easy to deploy and manage with minimal architecture impact –Central management integrated into RFMS

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc Questions