redes wireless

Document Sample
redes wireless Powered By Docstoc
					Solução de Segurança em Wireless
Wired                                       -Acesso a LAN é limitado aos
                                            usuários autirizados com conexões
                                            físicas a rede…dentro do prédio

                                                 -Garanta que os dados
                                                 permaneçam na LAN cabeada

                                                 - Ponto Focal da Segurança é
                                                 preferencialmente é
                                                 principalmente o trafico vindo da
                                                 WAN

 Wired
  and                                       -Ainda preocupado sobre o trafico vindo
Wireless                                    da WAN

                                                  -Também preocupado sobre o trafico
                                                  entrando da rede WLAN

                                                  -WLAN é acessível a qualquer um
                                                  dentro de um perímetro da rede
                                                  Wireless, incluindo aqueles fora do
                                                  perímetro físico da Rede

                                                  - Multiple access points create multiple
                                                  points of entry to the internal network




        Mudança de um único ponto de vulnerabilidade (WAN) para
           multiplos pontos de vulnerabilidade (WAN + WLAN)
        Virtual Access Point (VAP)

             SonicPoint pretends to be as many as 8 Access Points
                Logical segmentation of wireless clients with unique…
                   Security                                             VAP-1
                   VLAN segmentation
                   Zone Management



                         SSID = corporate_wpa2
                                                                  Zone = Corporate
employees
                                             VLAN ID = 20


                   SSID = scanners_wep        VLAN ID = 30        Zone = Scanners


 scanners                                                                            VAP-2
                             SSID              VLAN                      Zone
      Airport Example
 Multiple Airlines




 Multiple Hotspot Providers




 Airport Needs
    Security, Baggage Control, etc.
                                        Other
                                         > Retail Stores, Kiosks
 Airport Example (cont.)

    The Problem: Overlapping Physical Wireless Networks
       Only three non-overlapping channels for 802.11b/g
       Interference causing performance degradation.
  Wireless Network 1
                                                 Wireless Network 2


Channel 11
                 Channel 1
                                             Channel 1         Channel 6


       Channel 6
                                                      Channel 11
          Airport Example (cont.)

            Solution: Use Virtual APs Logical Separation
                 Each solution with a unique SSID




Airport Kiosk

                    SSID = kiosks_wpa          VLAN ID = 20   Zone = ACME Kiosks

                    SSID = tmobile            VLAN ID = 30     Zone = T Mobile
Hot Spot User

                    SSID = varig              VLAN ID =40      Zone = Varig Airlines


  Varig Employee
          Airport Example (cont.)

            Solution: Each AP supports Multiple SSIDs
                 Using the same physical network
                                                                 Airport Kiosk

    SSID = kiosks_wpa
    SSID = tmobile
                                                          SSID = kiosks_wpa
    SSID = varig
                                                          SSID = tmobile
                                              Channel 1
                   Channel 11                             SSID = varig




                                             SSID = kiosks_wpa
                                              SSID = tmobile
                                 Channel 6 SSID = varig               Varig Employee
Hot Spot User
           Security: Without Virtual AP

            Only one SSID and all traffic sent to the same zone
               Same zone usedcorporate
                       SSID = for SonicPoint auto-discovery and provisioning
                                                                    Zone = Corporate Wireless
                                              VLAN ID = 20
everyone

                             SSID                VLAN                        Zone
                         802.11 Security                             Application Security
                    (None, WEP, WPA/WPA2)                         (WiFiSec, Guest, SSL-VPN)

            A few security options possible but many dependencies
               Only one wireless security side can be used
                  Either None, WEP, WPA-PSK or WPA-Enterprise.
               Application security options are also limited
                  Only one web-based authentication (SSL-VPN, Guest, LHM)
           Security: With Virtual AP

             Multiple SSIDs, each with independent security configurations
                  An independent zone can be used for provisioning.
                     (1) Multiple SSIDs                    (2) Each On a Different Zone




 Airport Kiosk

                     SSID = kiosks_wpa          VLAN ID = 20      Zone = ACME Kiosks

                     SSID = tmobile            VLAN ID = 30        Zone = T Mobile
Hot Spot User

                     SSID = varig_wpa2         VLAN ID =40         Zone = Varig Airlines


Varig Employee         802.11 Security                               Application Security
                     (WEP, WPA, WPA2)                            (WiFiSec, Guest, SSL-VPN)
Hardware Support

   Virtual APs are supported by both Firewall and SonicPoint
       Radios
            multiple SSIDs
            multiple BSSID (the wireless MAC address)
            VLAN tagging
       Firewalls
            VLAN tagging (if using VLAN approach)
            SonicPoint auto-discovery and provisioning




Firewall                                          Radio
    Hardware Support (cont)

      SonicWALL Virtual AP solution
            SonicPoint and SonicPoint G supports VAPs
            SonicOS Enhanced 3.5 supports VAP on PROs 4060, 4100 and 5060
            SonicOS Enhanced 4.0 will add support on PROs 2040 and PRO 3060
PRO 2040
                                       Probably
                                     available with
PRO 3060                             SonicOS 4.0


PRO 4060


PRO 4100

                                          SonicPointG          SonicPoint
PRO 5060
      Company Profile
 Boca Juniors is one of Argentina’s most popular soccer clubs
    With more than 60 employees
         Half use wireless-capable laptops running Windows XP
    Laptops and PCs run on an Active Directory infrastructure
         All computers have Norton Anti-Virus
      Wireless Solution Request
 Secure Wireless Access for Employees                                        employees
    Allow employee mobility with secure and private wireless access.
    Trusted employee wireless access
           Access to LAN resources: intranet, email server, file server, …



 Wireless Internet Access for Journalists with Password
    Common user name and password for all journalist
    Initially free access (may charge in the future)                          guests
    Internet communication only
      Wireless Solution Request (cont)
 Wireless Access for Ticket Scanners
    Provide access for Wi-Fi scanners with WEP security.
    Scanner’s only communicate to a special server on the LAN on port 85.




           Stadium Ticket                                     Scanners
             Scanners                                       Server on LAN
 Other Requirement
    Moderate Cost , leveraging current infrastructure
         Customer is currently using a PRO 4060 firewall
    Low management impact
Summary

 Customer Wireless Requirements
    Secure employee access
    Ticket Scanners using legacy WEP
    Journalist (guest) access with future Hot Spot capabilities

 Multiple Wireless Security Options

 Only Virtual AP implementation can meet these requirements!
Como o Secure Wireless é “a toda prova”


  VPN e Authenticação Forte:
    Global VPN Client Integrado, WLAN IPSec acelerado por hardware
    Segurança completa para todos os tráfegos wireless
      Acesso via VPN Wireless local
      Acesso para WAN protegido por firewall / VPN

  IPSec é padrão de mercado
    O IPSec encriptação forte no link WLAN
    É mais seguro (IPsec ESP) e virtualmente não-crackeável


  Autenticação de usuário robusta
    Uso de autenticação por bases de dados
    Suporte a LDAP, AD, RADIUS, tokens OTP, Alladin, etc.
         Características e Benefícios
“Agora vc pode implementar wireless de modo seguro em sua rede.”

 Seguro – o uso de VPN por IPSec 3DES traz uma segurança à toda prova ao ambinete
  wireless
 Integrada - Firewall, VPN e access point wireless num único appliance para redução de
  custos também de operação e melhor gerenciamento da segurança
 Multiplos Pontos de Segurança – a imposição de VPN 3DES e AES mais Anti-virus e
  Filtros WEB
 Flexivel - Cria multiplas zonas de segurança para usuários de LAN convencioal, usuários
   da rede wireless e visitantes ou terceiros/consultores wireless com um nível sem
   precedentes de flexibilidade e controle
 Simples - Reduz o gerenciamento, custos e tarefas de set-up com uma interface voltada
  a Wizards pre-configurados.
Wireless Switch

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:85
posted:1/3/2011
language:Portuguese
pages:18