Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential Policy and Configuration Compliance for Devices Connecting to the Wireless Network.

Published byJane Flowers Modified over 8 years ago

Similar presentations

Presentation on theme: "©2004 Check Point Software Technologies Ltd. Proprietary & Confidential Policy and Configuration Compliance for Devices Connecting to the Wireless Network."— Presentation transcript:

1 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential Policy and Configuration Compliance for Devices Connecting to the Wireless Network Check Point Endpoint Security Strategy

2 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 2 Agenda  Trends and Benefits in Wireless LANs  Endpoint Security Challenges  802.1X Authentication  Securing Wireless LANS with Integrity  Securing Wireless LANS with SecureVPN  Summary  Questions We’re raising the bar in Endpoint Security!

3 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 3 Wireless LAN Forecasts IDC, April 2001

4 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 4 The Benefits of Wireless LANs Business Case for Wireless LANs Operational Benefits Higher productivity Increased flexibility New applications Financial Benefits Lower deployment costs Increased ROI for wireless- accessible applications

5 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 5 Wireless LAN Applications Business Applications Retail: Kiosks, mobile cash registers Healthcare: Triage, billing, mobile patient record access Manufacturing: Bar code readers for inventory and shipping, mobile access to diagrams Offices: Mobile access to information Public Applications Coffee houses, airports, home offices, neighborhood area networks

6 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 6 Current Wireless LAN Security  SSID  MAC Address Filtering  Wired Equivalent Privacy –RC4 encryption algorithm –Shared, static encryption key

7 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 7 Wireless LAN Insecurity Radio Link WiFi Access Point Authorized access University resource University resource Financial Data Financial Data Student Information Student Information Client-Client attacks Access point not always needed for client-client communication Denial of Service Port Scanning Eavesdropping Malicious Code Injection

8 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 8  Endpoint PC Vulnerabilities Present Risk –Legitimate, authenticated users may be infected & contagious –Laptops returning to the network exacerbate the problem  Endpoint Security Difficult to Deploy and Manage –Existing endpoint security solutions are poorly integrated –Access, security and enforcement require separate solutions  Endpoint IPS unmanageable –Static/Server-Oriented models not functional for Endpoint PCs  Network access policy enforcement is difficult for IT to implement –Disparate solutions –Hardware & software installation required –Disparate management Endpoint Security Challenges

9 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 9 End Point Security Requires More than IPS Endpoint Policy Enforcement Application Control Intrusion Prevention Remediation Assistance Security Must Be Intelligent, Adaptive and Pre-Emptive Network Application

10 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 10 Solutions  Standard 802.1x Authentication  802.1X with Integrity Agent  SecureVPN with Integrity SecureClient

11 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 11 Enterprise Network SupplicantAccess Point RADIUS Server EAP Start EAP Request/ID Start EAP Authentication Ask Client for Identity EAP Response/ID (UserID) RADIUS Access Request Access Request w/ UserID EAP Request/ Challenge RADIUS Access: Accept EAP Success RADIUS Access Challenge: EAP RADIUS Reply/ Challenge EAP Response/ Password RADIUS Access: Restrict EAP Success (restricted access) OR, Standard EAP Session Perform EAP Sequence (MD5, TLS, PEAP)

12 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 12 802.1X only Risks  Identifies Machine or User not the security profile of the machine.  Infected machine has “Red Carpet” access to internal resources.  No mid session security check only at session creation.

13 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 13 EAP Integration with Integrity Enterprise Network SupplicantAccess Point RADIUS Server Integrity Server RADIUS “Proxy” ***EAP Client Extension RADIUS Access: Accept EAP Success Accept Proxy (success) Proxy (failure) RADIUS Access: Restrict EAP Success ( restricted access) OR, RADIUS Request EAP Request/ Challenge: ZLX RADIUS Access Challenge: EAP ZLX RADIUS Reply/ Challenge EAP Response/ ZLX (policy) Policy Query Policy Lookup Reject (Std. EAP Session) = New components or data extensions = EAP existing standard

14 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 14 EAP Integration Overview Wireless LAN RADIUS Server D W.A.P. B Firewall Wireless Computer A Firewall Wireless Computer A Policy Server C Client computer (A) initiates connection to WAP (B). 1 WAP generates EAP authentication request to RADIUS Proxy Server (C2). 2 RADIUS Proxy Server (C2) sends client access rights to WAP (B): WAP grants full or restricted access to the network. 5 RADIUS Proxy Server (C2): a.Receives the authentication request and authenticates the client via the RADIUS Server. b.Via EAP challenge, acquires the security policy and state from the client computer (A). c.Requests Policy Server (D) to approve the client computer’s security policy and state. 3 Policy Server (C): a.Validates the security policy and state of the client computer (A) b.Decides whether to grant full or restricted access to the client computer. 4 Corporate Network RADIUS Proxy Server C2

15 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 15 802.1X + Integrity Agent Benefits  Checks the security profile of the machine. –AV –Patches / Service Pack –Other Software  Infected machine is quarantined from other internal assets, Zero Day protection.  Security profile is check throughout the Wireless session and can be switched to Guest VLAN or quarantine VLAN if found to be out of compliance.

16 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 16 Integrity Agent Functionality Check List Stateful Personal Firewall Outbound Threat Protection (Application Control) Email and Instant Messaging Security Location Aware Policy Switching (Office, Remote) HIPS (Host Based IPS) Scalable, Flexible Management Assured Network Access Policy Enforcement

17 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 17 Integrity Agent Functionality (Cont)  Additional Security Policy Compliance Checks  Anti-Virus –Running Status (Real Time Options enabled) –Signature file age verification  Patch –Registry Value Checking –File Version Checking  Application –File Version Checking

18 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 18 HIPS Value (Host Intrusion Protection)  Proactively detect and prevents buffer overflows on the wire.  Supports a variety of protocols –Scans potentially compromised parts of the protocol –Works on HTTP, FTP, iMap, SMTP, Pop3, NNTP.  Early detection on the network  Zero day buffer overflow protection  Catches: –Slammer –Blaster –CodeRed I & II –Nimda –and more….

19 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 19 SecureVPN for Wireless LANs  Universal VPN –Access anywhere from remote location or wireless LAN  Integrated security –Proven protection of network integrity and information confidentiality  Smart management VPN-1 Gateway Solutions VPN-1 Integrity SecureClient

20 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 20 VPN Access From Anywhere  Enables universal VPN access –Wireless LAN, Remote Access, Intranet, and Extranet –Windows, Pocket PC, clientless VPN Internet

21 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 21 Comprehensive Security Assurance  Provides strong encryption of data –DES, 3DES, or Advanced Encryption Standard (AES)  Protects against unauthorized network access –Integrated firewall for gateway and client –Flexible authentication Certificates, OS passwords, tokens, biometrics, and more “Access Denied” “Access Denied”

22 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 22 End-to-End Data Confidentiality  Provides strong encryption of data –DES, 3DES, or Advanced Encryption Standard (AES)  Flexible security options –Client-server or client- gateway VPN-1 Pro VPN-1 SecureServer VPN-1 Integrity SecureClient

23 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 23 Smart Management for Wireless LAN Security  Enables single policy for all security endpoints  Lowers cost of managing wireless LAN VPN –Automated software updates for VPN-1 Integrity SecureClient SmartCenter

24 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 24 Summary  Corporations and University’s are deploying wireless LANs for cost and operational benefits  Current wireless LAN technologies are inherently insecure  Check Point SecureVPN solutions provide WLAN security integrated into the enterprise network

25 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential Thank You Questions?

Download ppt "©2004 Check Point Software Technologies Ltd. Proprietary & Confidential Policy and Configuration Compliance for Devices Connecting to the Wireless Network."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Software SSL VPN Solutions Technical Overview Thorsten Schuberth Technical.

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Software SSL VPN Solutions Technical Overview Thorsten Schuberth Technical.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

Similar presentations

Ads by Google