©2004 Check Point Software Technologies Ltd. Proprietary & Confidential Policy and Configuration Compliance for Devices Connecting to the Wireless Network.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Software SSL VPN Solutions Technical Overview Thorsten Schuberth Technical.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
Mobile and Wireless Communication Security By Jason Gratto.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
70-411: Administering Windows Server 2012
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Implementing Network Access Protection
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Network Access Technology: Secure Remote Access S Prasanna Bhaskaran.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
Module 8: Configuring Network Access Protection
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Wireless Network Security Presented by: Prabhakaran Theertharaman.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS.
Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.
Configuring Network Access Protection
Data Communications and Networks Chapter 10 – Network Hardware and Software ICT-BVF8.1- Data Communications and Network Trainer: Dr. Abbes Sebihi.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Lecture 24 Wireless Network Security
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Security fundamentals Topic 10 Securing the network perimeter.
Wireless and Mobile Security
Agency Introduction to DDM Dell Desktop Manager (DDM) Implementation.
Module 6: Network Policies and Access Protection.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Module 5: Network Policies and Access Protection
Access · management security · performance Wick Hill Ltd Value Added Distribution Check Point End Point.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
So how to identify exactly who and what is on your network at any point in time? Andrew Noonan, SE ForeScout February 2015.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0— © 2003, Cisco Systems, Inc. All rights reserved.
Implementing Network Access Protection
Configuring and Troubleshooting Routing and Remote Access
Security of a Local Area Network
Check Point Connectra NGX R60
Implementing Client Security on Windows 2000 and Windows XP Level 150
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential Policy and Configuration Compliance for Devices Connecting to the Wireless Network Check Point Endpoint Security Strategy

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 2 Agenda  Trends and Benefits in Wireless LANs  Endpoint Security Challenges  802.1X Authentication  Securing Wireless LANS with Integrity  Securing Wireless LANS with SecureVPN  Summary  Questions We’re raising the bar in Endpoint Security!

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 3 Wireless LAN Forecasts IDC, April 2001

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 4 The Benefits of Wireless LANs Business Case for Wireless LANs Operational Benefits Higher productivity Increased flexibility New applications Financial Benefits Lower deployment costs Increased ROI for wireless- accessible applications

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 5 Wireless LAN Applications Business Applications Retail: Kiosks, mobile cash registers Healthcare: Triage, billing, mobile patient record access Manufacturing: Bar code readers for inventory and shipping, mobile access to diagrams Offices: Mobile access to information Public Applications Coffee houses, airports, home offices, neighborhood area networks

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 6 Current Wireless LAN Security  SSID  MAC Address Filtering  Wired Equivalent Privacy –RC4 encryption algorithm –Shared, static encryption key

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 7 Wireless LAN Insecurity Radio Link WiFi Access Point Authorized access University resource University resource Financial Data Financial Data Student Information Student Information Client-Client attacks Access point not always needed for client-client communication Denial of Service Port Scanning Eavesdropping Malicious Code Injection

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 8  Endpoint PC Vulnerabilities Present Risk –Legitimate, authenticated users may be infected & contagious –Laptops returning to the network exacerbate the problem  Endpoint Security Difficult to Deploy and Manage –Existing endpoint security solutions are poorly integrated –Access, security and enforcement require separate solutions  Endpoint IPS unmanageable –Static/Server-Oriented models not functional for Endpoint PCs  Network access policy enforcement is difficult for IT to implement –Disparate solutions –Hardware & software installation required –Disparate management Endpoint Security Challenges

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 9 End Point Security Requires More than IPS Endpoint Policy Enforcement Application Control Intrusion Prevention Remediation Assistance Security Must Be Intelligent, Adaptive and Pre-Emptive Network Application

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 10 Solutions  Standard 802.1x Authentication  802.1X with Integrity Agent  SecureVPN with Integrity SecureClient

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 11 Enterprise Network SupplicantAccess Point RADIUS Server EAP Start EAP Request/ID Start EAP Authentication Ask Client for Identity EAP Response/ID (UserID) RADIUS Access Request Access Request w/ UserID EAP Request/ Challenge RADIUS Access: Accept EAP Success RADIUS Access Challenge: EAP RADIUS Reply/ Challenge EAP Response/ Password RADIUS Access: Restrict EAP Success (restricted access) OR, Standard EAP Session Perform EAP Sequence (MD5, TLS, PEAP)

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential X only Risks  Identifies Machine or User not the security profile of the machine.  Infected machine has “Red Carpet” access to internal resources.  No mid session security check only at session creation.

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 13 EAP Integration with Integrity Enterprise Network SupplicantAccess Point RADIUS Server Integrity Server RADIUS “Proxy” ***EAP Client Extension RADIUS Access: Accept EAP Success Accept Proxy (success) Proxy (failure) RADIUS Access: Restrict EAP Success ( restricted access) OR, RADIUS Request EAP Request/ Challenge: ZLX RADIUS Access Challenge: EAP ZLX RADIUS Reply/ Challenge EAP Response/ ZLX (policy) Policy Query Policy Lookup Reject (Std. EAP Session) = New components or data extensions = EAP existing standard

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 14 EAP Integration Overview Wireless LAN RADIUS Server D W.A.P. B Firewall Wireless Computer A Firewall Wireless Computer A Policy Server C Client computer (A) initiates connection to WAP (B). 1 WAP generates EAP authentication request to RADIUS Proxy Server (C2). 2 RADIUS Proxy Server (C2) sends client access rights to WAP (B): WAP grants full or restricted access to the network. 5 RADIUS Proxy Server (C2): a.Receives the authentication request and authenticates the client via the RADIUS Server. b.Via EAP challenge, acquires the security policy and state from the client computer (A). c.Requests Policy Server (D) to approve the client computer’s security policy and state. 3 Policy Server (C): a.Validates the security policy and state of the client computer (A) b.Decides whether to grant full or restricted access to the client computer. 4 Corporate Network RADIUS Proxy Server C2

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential X + Integrity Agent Benefits  Checks the security profile of the machine. –AV –Patches / Service Pack –Other Software  Infected machine is quarantined from other internal assets, Zero Day protection.  Security profile is check throughout the Wireless session and can be switched to Guest VLAN or quarantine VLAN if found to be out of compliance.

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 16 Integrity Agent Functionality Check List Stateful Personal Firewall Outbound Threat Protection (Application Control) and Instant Messaging Security Location Aware Policy Switching (Office, Remote) HIPS (Host Based IPS) Scalable, Flexible Management Assured Network Access Policy Enforcement

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 17 Integrity Agent Functionality (Cont)  Additional Security Policy Compliance Checks  Anti-Virus –Running Status (Real Time Options enabled) –Signature file age verification  Patch –Registry Value Checking –File Version Checking  Application –File Version Checking

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 18 HIPS Value (Host Intrusion Protection)  Proactively detect and prevents buffer overflows on the wire.  Supports a variety of protocols –Scans potentially compromised parts of the protocol –Works on HTTP, FTP, iMap, SMTP, Pop3, NNTP.  Early detection on the network  Zero day buffer overflow protection  Catches: –Slammer –Blaster –CodeRed I & II –Nimda –and more….

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 19 SecureVPN for Wireless LANs  Universal VPN –Access anywhere from remote location or wireless LAN  Integrated security –Proven protection of network integrity and information confidentiality  Smart management VPN-1 Gateway Solutions VPN-1 Integrity SecureClient

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 20 VPN Access From Anywhere  Enables universal VPN access –Wireless LAN, Remote Access, Intranet, and Extranet –Windows, Pocket PC, clientless VPN Internet

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 21 Comprehensive Security Assurance  Provides strong encryption of data –DES, 3DES, or Advanced Encryption Standard (AES)  Protects against unauthorized network access –Integrated firewall for gateway and client –Flexible authentication Certificates, OS passwords, tokens, biometrics, and more “Access Denied” “Access Denied”

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 22 End-to-End Data Confidentiality  Provides strong encryption of data –DES, 3DES, or Advanced Encryption Standard (AES)  Flexible security options –Client-server or client- gateway VPN-1 Pro VPN-1 SecureServer VPN-1 Integrity SecureClient

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 23 Smart Management for Wireless LAN Security  Enables single policy for all security endpoints  Lowers cost of managing wireless LAN VPN –Automated software updates for VPN-1 Integrity SecureClient SmartCenter

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 24 Summary  Corporations and University’s are deploying wireless LANs for cost and operational benefits  Current wireless LAN technologies are inherently insecure  Check Point SecureVPN solutions provide WLAN security integrated into the enterprise network

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential Thank You Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.