Novità Soluzioni Wireless Fortinet



Similar documents
Fortigate Features & Demo

Connect and Secure Retail

Fortinet Integra il Wi-Fi nella Gestione della Sicurezza

How To Secure Your Store Data With Fortinet

FortiOS Handbook Deploying Wireless Networks for FortiOS 5.0

Best Practices for Outdoor Wireless Security

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3

Fortinet Secure Wireless LAN

Deploy and Manage a Highly Scalable, Worry-Free WLAN

Intelligent WLAN Controller with Advanced Functions

The Ultimate WLAN Management and Security Solution for Large and Distributed Deployments

Advantages of Consolidating Network Security with Wireless for Small & Mid-Size Businesses

High Performance NGFW Extended

WIRELESS PRODUCT MATRIX JANUARY 2015

Transforming Your WiFi Network Into A Secure Wireless LAN A FORTINET WHITE PAPER. Fortinet White Paper

The Fortinet Secure Health Architecture

Managed WiFi. Choosing the Right Managed WiFi Solution for your Organization. Get Started Now: to learn more.

Extending the range of a wireless network by using mesh topology

Deploying Wireless Networks. FortiOS Handbook v3 for FortiOS 4.0 MR3

BYOD Networks for Kommuner

Cisco Outdoor Wireless Mesh Enables Alternative Broadband Access

A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

The All-in-One, Intelligent WLAN Controller

Design and Implementation Guide. Apple iphone Compatibility

All You Wanted to Know About WiFi Rogue Access Points

FortiOS Handbook - PCI DSS Compliance VERSION 5.4.0

Move over, TMG! Replacing TMG with Sophos UTM

WHITE PAPER SECURING DISTRIBUTED ENTERPRISE NETWORKS FOR PCI DSS 3.0 COMPLIANCE

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business.

BUSINESS OPPORTUNITY 4 CONNECTED UTM FOR SMALL OFFICES 6 SECURE COMMUNICATIONS FOR SMALL OFFICES 10 COMPETITIVE COMPARISONS 15

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Simple security is better security Or: How complexity became the biggest security threat

How To Ensure Security In Pc Ds 3.0

1.1 Demonstrate how to recognize, perform, and prevent the following types of attacks, and discuss their impact on the organization:

The All-in-One, Intelligent WLAN Controller

The Fortinet Secure Health Architecture

Unified Threat Management, Managed Security, and the Cloud Services Model

Wireless Best Practices For Schools

VLANs. Application Note

Cisco Wireless Control System (WCS)

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Wireless Controller DWC-1000

The All-in-One, Intelligent NXC Controller

Cisco Small Business ISA500 Series Integrated Security Appliances

NX 9500 INTEGRATED SERVICES PLATFORM FOR THE PRIVATE CLOUD

Securing your IOT journey and beyond. Alvin Rodrigues Market Development Director South East Asia and Hong Kong. What is the internet of things?

D-View 7 Network Management System

FortiAP Wireless Access Points

Link Layer and Network Layer Security for Wireless Networks

Cisco s BYOD / Mobility

MR Cloud Managed Wireless Access Points

Is Your Network Ready for the ipad?

Fighting Advanced Threats

Secure Access Architecture

SOLUTIONS GUIDE. Secure Wireless LAN Solutions Guide. Complete Wi-Fi Security for Any Network Topology

Cisco Unified Access Technology Overview: Converged Access

Best practices for WiFi in K-12 schools

Networking for Caribbean Development

Enabling Secure BYOD How Fortinet Provides a Secure Environment for BYOD

How To Unify Your Wireless Architecture Without Limiting Performance or Flexibility

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

Cloud-based Wireless LAN for Enterprise, SMB, IT Service Providers and Carriers. Product Highlights. Relay2 Enterprise Access Point RA100 Datasheet

Deploying a Secure Wireless VoIP Solution in Healthcare

BYOD: BRING YOUR OWN DEVICE.

Closing Wireless Loopholes for PCI Compliance and Security

L2+ Unified Wired/Wireless Gigabit PoE Switches

MR Cloud Managed Wireless Access Points

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN

Meraki Wireless Solution Comparison

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

MR Cloud Managed Wireless Access Points

Internal Network Firewall (INFW) Protecting your network from the inside out

Designing, Securing and Monitoring a/b/g/n Wireless Networks

Zscaler Internet Security Frequently Asked Questions

Cisco Meraki solution overview Cisco and/or its affiliates. All rights reserved.

SonicWALL PCI 1.1 Implementation Guide

Enterprise A Closer Look at Wireless Intrusion Detection:

NXC5200/ NWA5000-N Series Wireless LAN Controller/ a/b/g/n Managed Access Point

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

CISCO WIRELESS CONTROL SYSTEM (WCS)

Recommended Wireless Local Area Network Architecture

Simplify Your Network Security with All-In-One Unified Threat Management

HUAWEI Enterprise AP Series ac Brochure

FortiGate Multi-Threat Security Systems I Administration, Content Inspection and SSL VPN Course #201

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Firewall and UTM Solutions Guide

EndUser Protection. Peter Skondro. Sophos

Potential Security Vulnerabilities of a Wireless Network. Implementation in a Military Healthcare Environment. Jason Meyer. East Carolina University

Transcription:

Webinar Fortinet Italia 12/09/2013 Novità Soluzioni Wireless Fortinet Dr Aldo Di Mattia, CISSP Systems Engineer Fortinet 1 September 13, 2013

Agenda Introduzione: - FortiGate Wireless Controller - Implementazione soluzione wireless Mai Wireless più sicuro: - Rilevazione, classificazione e risoluzione attacchi rogue - Wireless Intrusion Detection System - UTM completo Dall'AntiVirus alla nuova Protezione Avanzata delle minacce: - Nuovo sistema ATP (Advanced Threat Protection) - Sandbox Locale e in Cloud Autenticazione: - WPA, WPA2, 802.1X, PSK - Single Sign On, NTLM e portale autenticazione - Gestioni utenti Guest Modelli Access Point Fortinet: - Per uso interno ed esterno - Per l'accesso da remoto 2

3 Fortigate

Ubiquitous Access Unified Access Layer Remote Access (RAP, VPN Client) Wired Access User Identification Access Control DIGITAL ASSET Content Inspection Attack Mitigation Wireless Access 4

Wireless Solutions: Thick vs. Thin Fortinet APs FortiWifi FortiAP 5

FortiGate Wireless Controller 20+ FortiGate Platforms 5 AP/100user to 10,000 AP / 32K user capacity 6

7 Adding Access Points

8 Create New SSIDs

9 Automatic Interface creation per SSID

10 Edit Access Points and SSID association

FortiAP CAPWAP & CAPWAP encrypted Traffic flows to controller Increased control No trunking No VLAN management No Layer-3 roaming, just fast Layer-2 switching No need to re-dhcp Controller Redundancy 11

FortiAP Bridging (Local and Remote application) Headquarter Internet Branch Bridges WiFi trafic to FortiAP Ethernet port No u-turn to HQ to access local network Resiliency in case of WAN failure WAN 12

Signal optimizations AP Handoff o Balancing Access point Frequency Handoff o Balancing between Radio Auto TX Power Control o Changes radio transmission power settings automatically Automatic Radio Resource Provisioning o Automatically assigns non-overlapping channels o Changes channel and TX power to avoid RF interference impacting Wireless LAN o Selects channels with least noise and interference Beamforming (FAP-221B/FAP-223B/FAP-320B) o Radio beams add at the device to enhances the signal and link-rate 13

Wireless Mesh Dynamic Multi-hop Mesh with resiliency Point-to-point / Multipoint Bridging 14

Agenda Introduzione: - FortiGate Wireless Controller - Implementazione soluzione wireless Mai Wireless più sicuro: - Rilevazione, classificazione e risoluzione attacchi rogue - Wireless Intrusion Detection System - UTM completo Dall'AntiVirus alla nuova Protezione Avanzata delle minacce: - Nuovo sistema ATP (Advanced Threat Protection) - Sandbox Locale e in Cloud Autenticazione: - WPA, WPA2, 802.1X, PSK - Single Sign On, NTLM e portale autenticazione - Gestioni utenti Guest Modelli Access Point Fortinet: - Per uso interno ed esterno - Per l'accesso da remoto 15

Fortinet Secure WLAN Approach No additional licenses needed Captive Portal, 802.1x Radius /shared key Corporate Wi-Fi Assign users and devices to their role Examine wireless traffic to remove threats Identify applications and destinations Apply policy to users/devices and applications Ensure business traffic has priority Report on policy violations, application usage, destinations and PCI DSS 16

Layer 1: Rogue AP Detection & Suppression Rogue AP Detection» Determines whether an AP is indeed a Rogue device connected to your physical wired LAN network Rogue AP suppression» DeAuthentication Frames are sent to render unauthorized Rogue AP s unusable by clients 17

Layer 2: WIDS Wireless Intrusion Detection System WiFi protocol & RF level attack detection Detection includes attacks & vulnerabilities such as:» Weak WEP Encryption Usage» Null SSID Probes» Deauth Broadcasts» Various Management, EAP, Auth & Beacon floods 18

Layer 3-7: FortiGate UTM features Firewall VPN IPS App. Ctrl AntiVirus Web Filter AntiSpam DLP NAC Vuln Mgmt Traffic Shaping WAN opt. 2,500+ Application control signatures 12,000 Vulnerability management signatures 70 Terabytes Of Threat Samples 900 Web application firewall attack signatures 250 Million Rated websites in 78 categories 19

Layer 3-7: Traffic prioritization and performance Clients and applications on wireless networks compete with each other for shared bandwidth 802.11e Wireless Multimedia Extensions (WME) doesn't solve this problem, as Business applications like Remote Desktop, VNC, Webex, etc. are not be prioritized differently Identify Applications Policy Marking of TOS/DSCP Rate Limit Unwanted Apps FortiGate with Traffic Shaping Policy solve this problem Client #1 Client #2 20

Agenda Introduzione: - FortiGate Wireless Controller - Implementazione soluzione wireless Mai Wireless più sicuro: - Rilevazione, classificazione e risoluzione attacchi rogue - Wireless Intrusion Detection System - UTM completo Dall'AntiVirus alla nuova Protezione Avanzata delle minacce: - Nuovo sistema ATP (Advanced Threat Protection) - Sandbox Locale e in Cloud Autenticazione: - WPA, WPA2, 802.1X, PSK - Single Sign On, NTLM e portale autenticazione - Gestioni utenti Guest Modelli Access Point Fortinet: - Per uso interno ed esterno - Per l'accesso da remoto 21

From AV to ATP (Advanced Threat Protection) Antivirus flow & proxy mode Behavior / Attribute based Heuristic detection Botnet blacklist IP DB FortiOS AV Engine Provides Local Sandbox Still Suspicious Samples Sent for Cloud Sandbox Analysis Results are correlated across all FortiGuard Services Updates pushed out by FortiGuard Network 22

APT Reactive & Proactive Fighting Advanced Persistent Threats >25 VB100 Awards, VB100 RAP Leaders >96% Reactive and Proactive Detection 100% In the Wild Detection 23

Agenda Introduzione: - FortiGate Wireless Controller - Implementazione soluzione wireless Mai Wireless più sicuro: - Rilevazione, classificazione e risoluzione attacchi rogue - Wireless Intrusion Detection System - UTM completo Dall'AntiVirus alla nuova Protezione Avanzata delle minacce: - Nuovo sistema ATP (Advanced Threat Protection) - Sandbox Locale e in Cloud Autenticazione: - WPA, WPA2, 802.1X, PSK - Single Sign On, NTLM e portale autenticazione - Gestioni utenti Guest Modelli Access Point Fortinet: - Per uso interno ed esterno - Per l'accesso da remoto 24

25 Guest User Management Portal - login

26 Guest User Management Portal - New user

Guest Access to Secure Wireless LAN Temporary user Provisioning & Access o Allow non-it staff to create Guest account via web portal o Assign time quota o Generate temporary password o Distribute guest credentials: Print Email SMS o Batch guest users creation option Enables Guest Access to the Secure WLAN via a Captive Portal 27

Local users, remote and Single Sign On Local Users Remote Single Sign On: Microsoft Active Directory Novel edirectory Citrix FortiAuthenticator Radius SSO NTLM 28

BYOD Device Identification and Policy Identification Device User Application Policies Enforcement on Device/User/App 29

30 Granular Visibility and Control Applications

Agenda Introduzione: - FortiGate Wireless Controller - Implementazione soluzione wireless Mai Wireless più sicuro: - Rilevazione, classificazione e risoluzione attacchi rogue - Wireless Intrusion Detection System - UTM completo Dall'AntiVirus alla nuova Protezione Avanzata delle minacce: - Nuovo sistema ATP (Advanced Threat Protection) - Sandbox Locale e in Cloud Autenticazione: - WPA, WPA2, 802.1X, PSK - Single Sign On, NTLM e portale autenticazione - Gestioni utenti Guest Modelli Access Point Fortinet: - Per uso interno ed esterno - Per l'accesso da remoto 31

Remote Telecommuter / Road Warrior Headquarter Automatic connection to HQ Data is encrypted Multiple devices can share WiFi Internet Hotel 32

33 FAP-11C

Single Radio 802.11n 802.11n Dual Radio Dual Band 802.11AC Fortinet 802.11n AP family 3x3 Versatility FAP-320B 2x2 Performance FAP-28C FAP-222B FAP-223B FAP-221B FAP-210B 1x1 Value FAP-14C FAP-11C FAP-112B Remote Outdoor Indoor 34

FortiPlanner Planning tool» Up to 50 APs (Free)» Unlimited (Pro license) Dynamic Heat Map Site-Survey (Upgrade License) Download from: http://planner.fortinet.net/update/publish.htm 35

Why Fortinet, Why Now! Sophisticated Simplicity Unified global management All-in-one appliance Business controls High Security UTM cleansing of wireless Rogue AP control for PCI In-House Security Experts Sensible Use existing FortiGate, No additional Licenses Well rounded wireless features Less devices to manage Lower TCO 36

Webinar Fortinet Italia 12/09/2013 Grazie Dr Aldo Di Mattia, CISSP Systems Engineer Fortinet 37 September 13, 2013

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information