www.airpatrolcorp.com 2012 AirPatrol Corporation White Paper: Wireless Endpoint Security

Similar documents
McAfee Enterprise Mobility Management Performance and Scalability Guide

ProCurve Mobility Manager 1.0

How To Test For Performance And Scalability On A Server With A Multi-Core Computer (For A Large Server)

AuditMatic Enterprise Edition Installation Specifications

Endpoint protection for physical and virtual desktops

Cisco IP Communicator (Softphone) Compatibility

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

White Paper: Managing Security on Mobile Phones

Endpoint protection for physical and virtual desktops

Minimum Software and Hardware Requirements

Cisco Wireless Control System (WCS)

Verizon Remote Access User Guide

COMMUNICATION SERVER 1000 COMMUNICATION SERVER 1000 TELEPHONY MANAGER

CBE Architectural Overview and System Requirements

AT&T Connect Video Conferencing Functional and Architectural Overview. v9.5 October 2012

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

Kaseya IT Automation Framework

Total Defense Endpoint Premium r12

Kaspersky Endpoint Security 10 for Windows. Deployment guide

CBE system requirements

Remote Deposit Terms of Use and Procedures

ClickOnce Deployment Notes

QuickSpecs. HP PCM Plus v4 Network Management Software Series (Retired) Key features

Sage Grant Management System Requirements

Terminal Server Software and Hardware Requirements. Terminal Server. Software and Hardware Requirements. Datacolor Match Pigment Datacolor Tools

Client Hardware/Software Requirements for Dictaphone Enterprise Speech System, Version 8.3

McAfee Endpoint Security Software

CISCO WIRELESS CONTROL SYSTEM (WCS)

SECURITY FOR ENTERPRISE TELEWORK AND REMOTE ACCESS SOLUTIONS

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Symantec Protection Suite Small Business Edition

AT&T Global Network Client User s Guide

SERENA SOFTWARE Authors: Bill Weingarz, Pete Dohner, Kartik Raghavan, Amitav Chakravartty

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story

ClearOS Network, Gateway, Server Quick Start Guide

WEB COMPAS MINIMUM HOSTING REQUIREMENTS

Sage CRM Technical Specification

System Environment Specifications Network, PC, Peripheral & Server Requirements

AT&T Global Network Client Client Features Guide. Version 9.6

Rule 4-004G Payment Card Industry (PCI) Remote and Mobile Access Security (proposed)

Addressing BYOD Challenges with ForeScout and Motorola Solutions

Performance Analysis and Capacity Planning Whitepaper

Medisoft Clinical v17 System Requirements

Cisco Secure Control Access System 5.8

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

Lepide Active Directory Self Service. Configuration Guide. Follow the simple steps given in this document to start working with

Dragon NaturallySpeaking and citrix. A White Paper from Nuance Communications March 2009

Server Recommendations August 28, 2014 Version 1.22

McAfee epolicy Orchestrator

System Requirements for TaxWise November 21, 2011

Compulink Advantage Cloud sm Software Installation, Configuration, and Performance Guide for Windows

Softline VIP Payroll System Requirements v2.9a January 2010

Hardware and Software Requirements. Release 7.5.x PowerSchool Student Information System

Total Protection for Enterprise-Advanced

NCP Secure Enterprise Management Next Generation Network Access Technology

Master s STI GDWP. Authors: Mark Baggett, mark.baggett@morris.com Jim Horwath, jim.horwath@rcn.com. Submitted: June 6, 2010

System Requirements. SuccessMaker 5

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

Network Access Control ProCurve and Microsoft NAP Integration

Workflow Solutions Data Collection, Data Review and Data Management

QUICKBOOKS 2015 MINIMUM SYSTEM REQUIREMENTS & NETWORK SETUP

Symantec Backup Exec.cloud

STI Hardware Specifications for PCs

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

msuite5 & mdesign Installation Prerequisites

FortiClient dialup-client configurations

The governance IT needs Easy user adoption Trusted Managed File Transfer solutions

Symantec Mobile Management 7.2

Recommended Pentium III 1.0 GHz processor (or faster) with 2 GB RAM (or higher)

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

Ignify ecommerce. Item Requirements Notes

Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

Windows 7. Qing Liu Michael Stevens

Microsoft Office Outlook 2013: Part 1

MoversSuite by EWS. System Requirements

WhatsUp Event Alarm v10x Quick Setup Guide

Revit products will use multiple cores for many tasks, using up to 16 cores for nearphotorealistic

Symantec Protection Suite Small Business Edition

Data Sheet. NCP Secure Enterprise Management. General description. Highlights

DEPLOYMENT OF I M INTOUCH (IIT) IN TYPICAL NETWORK ENVIRONMENTS. Single Computer running I m InTouch with a DSL or Cable Modem Internet Connection

QHR Accuro EMR IT Hardware Requirements

Cloud Data Protection for the Masses

Videofied Video Verification A Guide for Central Monitoring Stations

CAMAvision v18.5.x System Specification Guide 7/23/2014

Citrix XenDesktop Architecture and Implementation on ProLiant Servers

MedInformatix System Requirements

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

McAfee Enterprise Mobility Management

Detecting rogue systems

Minimum System Requirements

Symantec Protection Suite Small Business Edition

Cross-channel protection GSelector s exclusive cross-station protection prevents the same song from playing at the same time across your stations.

1 HARDWARE AND SOFTWARE REQUIREMENTS FOR HAL E-BANK SYSTEM

Personal Computer Standard. National Infrastructure Group. National Infrastructure Group, ehealth Leads, ehealth Architecture and Design.

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

Compulink Advantage Online TM

Dragon Medical Enterprise Network Edition Technical Note: Requirements for DMENE Networks with virtual servers

Transcription:

www.airpatrolcorp.com 2012 AirPatrol Corporation

To enhance productivity and efficiency, employees are increasingly turning to wireless devices and networks to get the job done. The security experts at AirPatrol believe that a defense-in-depth approach to wireless security yields the greatest results, especially when it comes to protecting corporate laptops. Armed with AirPatrol s endpoint security solution, an IT administrator can ensure the proper use of wireless laptops for those users on the go. At the center of AirPatrol s protection suite is its Wireless Endpoint Client software (WEC), a small application that runs as a system service on wireless laptops. WEC protects the laptop by strictly defining how the wireless interface will be used. The policy defining wireless usage can be as flexible or rigid as the corporate security policy dictates. By leveraging Microsoft s Active Directory and AirPatrol s native Wireless Policy Manager (WPM), the Wireless Endpoint Client (WEC) can begin to ease the burden of managing and securing wireless assets. Enhanced wireless security policies can also be centrally managed using AirPatrol s Wireless Policy Manager (WPM). WPM is a web based server application that allows wireless security policy to be easily designed and effectively deployed. WPM enables configuration and enforcement of granular wireless usage polices and USB device control capabilities on your managed wireless assets. AirPatrol WPM is available as a stand-alone product and is also offered as a plug-in to McAfee s e-policy Orchestrator (epo). The foundation for building a secure wireless endpoint solution begins with the understanding of three configuration concepts: Users, Groups, and Policy. WPM utilizes existing Microsoft s Active Directory (AD) or McAfee epo infrastructure to ease the burden of managing a large deployment across the enterprise. WPM can query AD and epo to build a subscriber list of users that wireless security policy will apply. In addition, AD or epo can distribute AirPatrol wireless endpoint client software to those laptops which require enforcement of wireless security policy. With ease of use and scalability at the center of its design, a single instance of WPM can manage up to 10,000 deployed endpoints. Larger managed installations (50,000 or 100,000 deployed endpoints) are feasible by using redundant WPM servers in a load-balanced configuration. All of AirPatrol s products undergo rigorous software security testing. All the underpinnings of WPM are security hardened to greatly reduce the attack surface of the application. Moreover, all network communications between WPM and wireless endpoints are fully encrypted. Once installed, the IT administrator simply opens a secure HTTPS connection to WPM using a standard web browser. Once successfully authenticated, the task of designing wireless security policy is underway. Just as HTTPS is used to secure connections between an administrator s web browser and WPM, the same secure SSL based communications paradigm is used for all communications between WPM and wireless endpoints. 2

This ensures the confidentiality and integrity of the policy data as it travels over the network. WPM based wireless security policies include: AirSafe Automatic, out-of-the-box protection against multi-homing. Anytime a laptop s wireless interface (802.11 card or cellular broadband modem) is active, and a wired Ethernet connection is attempted, WEC automatically disables the wireless connection. This completely mitigates the possibility of bridging a potentially untrusted wireless network with a trusted corporate wired LAN. In addition, this protection is carried over into the realm of cellular broadband connections and traditional 802.11 networks. Should the system detect an active cellular broadband connection, it will automatically disable the wireless adapter. Virtual Wi-Fi Control Windows 7 Virtual Wi-Fi works by converting a single physical 802.11 Wi-Fi network interface card into multiple Virtual Wi-Fi devices. AirPatrol WPM addresses Virtual Wi-Fi security risks by enabling IT Administrators to enforce group-based Virtual Wi-Fi policies. 802.11 Infrastructure Authentication policy enforcement WPM allows the system administrator to define minimum levels of security that must be used when connecting to wireless networks. 802.11 AdHoc Authentication policy enforcement WPM allows the system administrator to set minimum levels of security used or completely disable the use of AdHoc wireless networks. Virtual Private Network (VPN) policy enforcement The ability to force the use of a VPN within a specified amount of time. If a VPN connection is not made within the specified interval, wireless network connectivity is terminated protecting the laptop from a potentially unsecure wireless network. Connection Exceptions Allows the administrator to create either a list of permitted or disallowed wireless networks. The network SSID must be present (white list) or not be present (blacklist) in order to allow wireless network connections. Endpoint Firewall The ability to enforce the use of a host-based endpoint firewall prior to allowing wireless network connections. Location-Aware The ability to predefine a list of trusted, preferred wireless networks that will be made exclusively available for connection when their presence is detected. This ensures connectivity control whenever corporate laptops are within range of corporate wireless access network while preventing accidental or intentional wireless connections to uncontrolled (rogue) access points residing off premise. USB Device Control Provides the capability to control what types of USB devices can connect to the managed laptop. For example, the user may be allowed to connect a USB capable mouse while USB mass storage devices are disallowed. 3

Secure Passphrase Distribution WPM enables administrators to easily and securely distribute SSID passphrases to users, mitigating the risk that comes with writing passphrases on paper or distributing in emails. Also, passphrases are hidden from end users, preventing accidental SSID passphrase loss. Each endpoint managed WPM must have an installed version of the AirPatrol Wireless Endpoint Client (WEC). Once installed, the overall footprint and processor consumption of WEC running on a laptop or wireless workstation is minimal. The installed package uses only 16MB of system memory along with 10 MB of hard disk space. The host platform running the WEC client must meet the following minimum requirements: 1000 MHz Pentium class machine or better 128 MB of RAM or higher Ethernet 10/100 Network Interface Card (NIC) NDIS 5.1-compliant wireless adapter and driver Microsoft Windows XP (32 bit only), Microsoft Windows 7 (32-bit and 64-bit) The server hosting WPM must meet the following minimum requirements in order to manage up to 10,000 WEC endpoints: Quad Core 2.6 GHz Pentium Class Processor or better 4 GB of RAM or higher 10 GB of hard disk space or greater Microsoft Windows Server 2008 R2 At AirPatrol, we believe that wireless and security are not mutually exclusive terms. Armed with the proper tools, IT departments can effectively manage and mitigate wireless risks while supporting all the benefits that wireless networking offers. AirPatrol s Wireless Policy Manager plays an integral part in any organization s approach to enforcing wireless security policy. Whether an IT department is responsible for only small number of wireless laptops or tens of thousands of wireless laptops, WPM facilitates the secure use of these valuable assets. 4

AirPatrol Corporation offers an end-to-end suite of location-based mobile and wireless enterprise endpoint security solutions that enable businesses and governments to keep pace with the expanding requirements of a wireless world. AirPatrol delivers the capabilities required to confidently deploy, monitor, manage, empower and protect enterprises against present and future wireless threats. Customers and partners include leading network infrastructure and wireless vendors, Fortune 100 enterprises and high-profile government agencies around the globe. For more information about the contents of this white paper, AirPatrol products or our company, please contact us at info@airpatrolcorp.com or call us at +1-866-430-4227. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information