55
AirCUVE & References
About BYOD
Enterprise Mobility Strategy
BYOD Requirement
ByFRONT Introduction ( Enterprise BYOD )
Table of contents
AirCUVE & Reference – about AirCUVE
Intelligent Management of Network & Device with Authentication Solution Wired / Wireless consolidated Authentication Multi Factor / Multi Channel Auth. WEB Authentication, VPN Authentication Network Access Control - Authentication
Proven References in Key Industries ( over 710 customers )
Public 320 Enterprise 230 School 122 Hospital 15 Financial 15 Military 8
Excellent Inter-Operability with Network Equipment
Good Inter-Operability with various type of AP, Switch, WIPS etc.
AirCUVE & Reference – About AirCUVE
Super High Capacity Authentication
Coverage Up to 3 Million Devices High Speed Authentication
800 Authentication per second
Wired and Wireless Devices
Management based on BYOD
WLAN(Wi-Fi) Authentication
AirFRONT
Two Factor Authentication (Mobile OTP, PKI)
V-FRONT ByFRONT
AirCUVE
AirCUVE Introduce - Main Products
Patent Authenticate system Detailed log treatment process
Patent Wired/wireless network quarantine and policy based network access
Patent Wireless network security control equipment ( WIPS related patent )
Patent Private IP based - Remote device control using SIP
Patent Multi-Factor authentication
Patent Location based Security control for high mobility device
AirCUVE & Reference – Patent , Certificate
CC Wi-Fi authentication system- AGS-NPS CC certificate (EAL2)
CC Wi-Fi authentication system- AirFRONT CC certificate (EAL4)
CC Network access control- NacFront CC certificate (EAL2)
CC Wireless LAN authentication – CC certificate (EAL4)
CC Wireless LAN authentication - CC certificate (EAL4)
CC AirFRONT V5.2 Good Software (GS) certificate
AirCUVE & Reference - Certificate, CC
AirCUVE & Reference – BYOD reference
“SK Planet” BYOD Success Story - IT magazine article year 2014 May. get two birds with one BYOD stone Security and Convenience
• SK Planet New office at Seoul • Major Carrier in Korea • 30 million Cellular subscriber
• AirCUVE BYOD solution for SK Planet
“SK Planet” BYOD case “Case of successful development” “Security and Convenience of BYOD” “Chasing two hares at once” “Realizing the automation of the entire authenticate process by adopting the web-server authorization for device” -IT Magazine News article , May 2014-
“SK Planet” BYOD case “Work environment of the company is changing to Smart Office” “Management and security of device, an obstacle of adopting BYOD “ “BYOD is anticipated to become a major IT Trend worldwide” “Gartner expected that 38% of corporate will adopt BYOD soon “
City 1
City 2
City 3
City 4 . . . .
City 15
City 16
City 17
City 6
Teacher net Student net WiFi
Elementary School #1
Metro Switch
F/W
Back Bone
L2 WLC
InterNet
L4
L4
F/W
AirFRONT
AP
Junior High # N
AirFRONT
High School #12,000
Metro Switch
F/W
Back Bone
L2 WLC
AP
Metro Switch
F/W
Back Bone
L2 WLC
AP
City 5 ATM Metro
Net
wIPS wIPS
Teacher Net. Student Net. WiFi Teacher Net. Student Net. Wireless Zone
Net Aggregation Point
AirCUVE & Reference - Smart School Nationwide smart school student authentication project
12,000 schools : 7 million student w/ Smart devices WiFi based classroom : 2 WiFi APs per classroom Intelligent WiFi Auth. : Teacher Net. / Student Net. Smart Edu-Roaming : Student Edu Roaming
Smart School
Telco Carriers
BYOD Enterprise
Smart Mobile
2 Factor Authentication
Government
Electronics authentication solution SK telecom “smart security partner”
“Ministry of Education” smart school partner
3 Major telco - Wi-Fi authenticate security solution partner
“major conglomerate BYOD adopted (Bring Your Own Devices) ”
“Highway control authority adopted “
“Y 2013, Samsung electronics RMS (Remote Maintenance System)
PKI, authentication”
“Y 2013 (NIPA) S/W overseas marketing strategic partner
AirCUVE & Reference – Application industry
Construction & System Integration IT company
AirCUVE & Reference - BYOD Reference
HanHwa Group SK Carrier Group
Physical Security Control DutyFree Shop
AirCUVE & Reference - SAMSUNG Reference
SAMSUNG Group references
Cheil Worldwide
SAMSUNG Heavy Industries SAMSUNG Electronics
SAMSUNG Insurance SAMSUNG CNT
SAMSUNG Engineering
LG U + Wi-Fi authentication
SKT Wi-Fi smart phone
authentication
TV Broadcasting Wi-Fi (FMC)
Authentication/ security
KT telecom Wi-Fi smart phone
Authentication security
Shinsegae department E mart WiFi system
Security authentication
Korea Oil company Smart mobile office
Authentication security
Hiway control authority Hi-mOffice mobile office Authentication security
KISA (internet authority) Smart mobile
Security test bed
Electric power com. Smart mobile office
Authentication / security
Korea Red Cross Smart mobile office
Authentication / Security
Samsung Trading Smart mobile office
Authentication/security
Seoul City hall Smart mobile office
Authentication / security
Kacheon Citi hall Smart mobile office(FMC)
authentication Security system
Samsung engineering Smart mobile office
Authentication/ security
Cheil planning Advertising Smart mobile office
Authentication security
SK planet Smart mobile office
BYOD solution
AirCUVE & Reference – Public organization
AirCUVE & Reference – Public Organization
AirCUVE & Reference - Enterprise
AirCUVE & Reference - Enterprise
AirCUVE & Reference - University
발곡고등학교 한국외국인학교 경북대사범대학부속고 부산디지털고등학교 경남고등학교 운암초등학교
덕계고등학교 미림정보고등학교 인창고등학교 미라초등하교 중동고등학교
영복여자중학교 경기초등학교 안산공업고등학교 경기체육고등학교 청담정보통신고등학교 분포중학교
두원공업고등학교 부산진고등학교 이사벨고등학교 동명정보고등학교 덕문여자고등학교 서해고등학교
부흥중학교 군자공업고등학교 삼락중학교 부산공업고등학교 장평중학교 부산마켓팅고등학교
부산개성중학교 금명중학교 문현여자중학교 경민여자정보고등학교 장전중학교 장안제안고등학교
동남고등학교 포천고등학교 부산정보고등학교 동주여자중학교
부산정보관광고등학교 상계제일중학교
부산전자공업고등학교 부산중학교 부산국제고등학교 연일중학교 부곡중학교 신덕중학교
망미중학교 토현중학교 사직중학교 남산중학교 경남공업고등학교 재송중학교
전남학생교육문화회관 서울의료원 중산고등학교 대곡고등학교 중흥고등학교 이일여자고등학교
부산자동차고등학교 부산동여자고등학교 시화중학교 까치울중학교 장곡고등학교 매화고등학교
전곡고등학교 개금여자중학교 하남중학교 다솜중학교 금곡고등학교 덕정고등학교
수암초등학교 기장고등학교 신일중학교 한울고등학교 장영실고등학교 신일중학교
한울고등학교 청심국제중학교 중산고등학교 남산중학교 충주중산고등학교 영복여자중학교
경남고등학교 한국테크노과학고 발곡중학교 삼정고등학교 인창고등학교 운암초등학교
홍성여자고등학교 경민고등학교 서울영상고등학교 정왕고등학교 한수중학교 평택기계공업고등학교
내정중학교 인송중학교 부천여자중학교 경기외국어고등학교 조종고등학교 포천제일고등학교
한국문화영상고등학교 상암고등학교 동호정보고등학교 부산중앙고등학교 영도중학교 경일고등학교
구름산초등학교 마석중학교 군포중학교 대연고등학교 해운대고등학교 명진중학교
해운대여자중학교 백동초등학교 하성중학교 사상고등학교 분진중학교 홍천초등학교
김포제일고등학교 진위고등학교 주례여자중학교 상암중학교 부산진여자상업고교 장암초등학교
혜광고등학교 시온고등학교 상원고등학교 해송고등학교 국제중고등학교 성보중학교
동산초등학교 진위중학교 풍문여자고등학교 삼각산고등학교 부산신금초등학교 수주고등학교
경기도초등학교 부산진고등학교 정발고등학교 성일정보고등학교 상색초등학교
백석초등학교
AirCUVE & Reference - Schools
Over “100 High schools” Wifi authentication installed
by AirCUVE wireless security solution during last 7 years
Allow Use of Personal Smart Device into Company Work
- In 2009, Intel introduced BYOD concept - Need Private smart devices Use for Company Work
Private device use for company work - Facing “Security control issue” - “ More strong security control “ Vs “Employee Privacy issue “
BYOD mobile office environment drastic change - Need to Increase Work efficiency - Need to Reduce Cost of Company Network Maintenance
About BYOD - Bring Your Own Device
BYOD accelerated by Wireless Infra.
people carry 3+ devices
BYOD spread by VDI
Technology
Demand for Real time
Communication
About BYOD - BYOD Trend
Move from BYOD to CYOD - IDC 2014 mobility trend
- CYOD (Choose Your Own Device)
- COMPANY control Authority of device use for office work
- EMPLOYEE choose proper Device for office work
…….Gartner Research …….. • Employee says 26% Accept BYOD device usage in OFFICE work
15% Conditional Accept BYOD with “ Agreement ”
33% “NO BYOD Security policy exist “
67% “Company Not Recognize what BYOD Problem will be “
59% “Already Use private device in Office Work w/o security control “
About BYOD - Why need BYOD?
Need to Control Company Devices Minimizing “ Employee’s Repulsion “
Employee’s strong demand to use Smart device for office work. - Burden of approval of personal device use Physical Entrance checking of devices at company - Employee’s Resistance Network Access by Unauthorized device. - Already 70% use personal device for company e mail checking Need to check Company network access ( when, where, who, how ) - Difficult to trace in case of Security accident
About BYOD - Why need BYOD?
We need Secured & Efficient company network management…
-Source : Gartner, Paul DeBeasi
Enterprise Mobility Strategy - Trend
Wireless Infrastructure
Mobile App. Development
Management & BYOD
Security &
Threat
User Identify Management
(Authentication)
- Enterprise MUST “Authenticate” User and Device
- Need Access Management Policy of USER / DEVICE
- 3 Key Factors of IAM
Consolidated Authentication System
Systematic Access Management Policy
Protect Privacy
Enterprise Mobility Strategy - IAM
User Identify and Access Management ( IAM )
Mobile User request to access to Personal device and Cloud service Many solution -Authentication, Encryption, MDM , Malware protection But, Difficult to run “Systematic Policy control “ for various Device due to different OS, different types… Cloud Security Control
“Security Risk” Vs. “Cost & Convenience”
Enterprise Mobility Strategy
Security & Threat
BYOD is the most significant Change related to “Client Computing” since Appearance of PC.
“38% of CIO” plan to adopt “BYOD service by Year 2016” - Gartner Report
Enterprise Mobility Strategy
Management by BYOD
IT department Need following Strategy
• PREDICT “Future BYOD Requirement in Company”
• PREPARE “Consistent BYOD Policy”
Enterprise Mobility Strategy
Consolidated Control for most company device ? - Server, PC, Notebook PC, Smartphone, Smart PAD
Additional Multi Factor authentication possible? - OTP, PKI, QR, Biometric, FIDO
Real Name IP and device control ? - User Name, ID, Device (OS, Vendor, MAC), IP, Connection Time
Convenience of Management ? - Agentless
Convenient Device registration with Security ? - Employee Device / Guest Device
Inter-Operability with existing Legacy network and Security Solution ? - Wired Switch, wireless network of various vendor - Firewall , VPN etc.
BYOD Requirement - Analysis
Standard protocol ? IPv6, IEEE802.1x, RADIUS Support for wired network authentication ? IEEE802.1x, RADIUS wireless authentication and data Encryption? IEEE802.1x, IEEE802.11i Variety authentication ? ID, MAC, Certificate, IP based WIPS inter-operability ? Multifactor authentication ? 2 factor / 2 channel auth. CC certified EAL-4 ? Convenient Device registration ?
BYOD Requirement - Function requirement
Device identify without Agent ? Identify OS when IP allocation ? Windows, Android, iOS Support DHCP server function? User Fixed IP allocation ? Protection of important User IP ? Web based authentication ? Web Redirection Blocking for non authorized Device ? Automatic Info. collection of MAC Address, IP ? Auto registration for New dev.
BYOD Requirement - Function requirement
BYOD Requirement – Deploy check point
Intelligent Device and Network Management with IP control ?
Certified Quality
CC Certificate
Operation
User friendly Solution?
Management
Convenient &
Prompt ?
Real Named IP
User Name, ID, Device, IP Address, Connection Time
Inter- Operability
WIPS, FireWall, VPN, User DB
ByFRONT
Total Authenticate - IEEE802.1x, RADIUS authentication - IEEE802.11i data encryption - ID, Certificate, MAC, IP Management
BYOD Policy - BYOD Policy server - Identify devices ( vendor , O/S type ) - DHCP / IP allocation and Protection
InFRONT
Web Authentication Switch (sensor) - WEB based authentication - Blocking unauthorized access : Device, MAC. IP - Auto Info. collect for new device : MAC, IP.
ByFRONT Introduction - Architecture
ByFRONT Suite
Systematic
IP allocation
BYOD
function
Auto
Registration
User device
Total LOG Consolidated management of User and User device
Systematic Device , IP management
Fixed IP allocation , Protection of Key IP
Identify device type without additional client APP installation
DHCP function / Finger Printing of DHCP and TCP
Web based authentication
Automated user registration process
SMS server ( OTP) interface for user device registration
ByFRONT Introduction – Key features
SMS sending interface module
AD interface module
LDAP interface module
DHCP, InFRONT communication module
Total view UI
IP allocation info from DHCP server, and assign access policy from InFRONT.
Master control view page ( display IP, MAC, DHCP, device type. O/S, user info.
When user, device auth. Allocate VLAN in association with employee/partner’s access policy
User PW confirmation.. When user/device authentication
New device & guest registration with OTP authentication
InFRONT
ByFRONT
AirFRONT
User device registration page Registration of user device
device OS confirm module
DHCP server function
interface with office work Interface with PMS, DLP server, device MAC / IP and user information.
IP allocation , wired / wireless.
Identify device type ( notebook, smart phone )
Web Redirection module
AirFRONT policy module Real time Device network access control for authorized and registered device .
Detect unauthorized device, redirection to AirFRONT registration.
ByFRONT Introduction – Key Modules
Minimize employee’s repulsion of personal device control by company - Agentless solution
Systematic Network Access Control of private device - Web Based Authentication with InFRONT. - Automatic MAC collection - Block Unauthorized Device Network Access. ( MAC ,IP ) Automated Network Access Control of Employee and Guest devices - Employee : convenient new device registration w/ SMS OTP KEY - Guest : authorization by employee’s confirmation Convenient management of user device information. - Smart Control : User info. Device info. IP, Mac Address.
ByFRONT Introduction - Advantages
Intelligent Management of Company Network & Device Security !
ByFRONT Introduction - Comparison
item Functions AirCUVE
(ByFRONT) “A” “B”
Certificate Patent
National certificate for public organization CC certificate O - -
Patent of High speed authentication capability (authenticate Detail Log control)
O - -
Multi factor authentication Patent for various type authentication O - -
BYOD function
Intelligent BYOD registration ( Auto registration, new device/guest device )
O △ △
Wired +Wireless +Smart phone authentication O - △
Real named IP (User Name, ID, MAC, IP, Connection Time, Policy) O △ △
IP, MAC, user, real time information sharing ( intelligent firewall, PMS, DMS, Legacy security system )
O △ △
Agentless type BYOD solution O O O
Agentless type , device O/S classification , Specific O/S blocking O O O
Authentication WEB Page Redirection O △ △
Standard protocol
IPv6 support / Mobile IP AVP O O O
IEEE802.11i standard O O O
IEEE802.1x EAP authentication (EAP-MD5/LEAP/TLS/TTLS/PEAP) O O O
Enforced authenticate
(2 factor authenticate)
Enforced multi factor authentication ( Mobile OTP, SMS OTP, e-mail OTP, PKI,QR Code )
O - -
Mobile OTP APP (Android, iOS, Windows) O - -
Private authentication certificate (CA, RA) O - -
ID+MAC+NAS , various combination of authentication O - -
ByFRONT Introduction - Comparison
Item Functions AirCUVE
(ByFRONT) “A” “B”
Stability Of
Management
Flexible interface with personnel DB account O △ △
IT manager’s mobile approval for Guest /New device registration O △ △
Reliable inter-operability with various WIPS solution (Motorola, Cisco, AirTight ) O - -
Consolidated UI menu (device, user, name, auth. status, dept. , phone no. e mail..etc ) O △ △
Automated Device On-boarding ( Auto device approval after user auth. w/o manager’s approval ) O △ △
Intelligent access policy per device. ( profiling, classification and policy application ) O △ △
Emergency Self healing function ( in case of Authentication / Policy server process down ) O - -
IP / MAC control
Packet based Access Control and IP Traffic Scanning function O △ △
Packet Session Blocking function (TCP only)
( For un-authorized device network access ) O - -
IP protection O - -
Data collection and blocking of IP or MAC O - -
Allowance of Specific MAC or IP ( white list ) O - -
VLAN Trunk (802.1q tag) support O O O
DHCP Server
DHCP v4 standard support (RFC2131) O O O
DHCP v6 standard (RFC3315) O O O
DHCP Finger Printing O △ △
ByFRONT Introduction - Web UI
Daily Authentication Weekly Authentication Monthly Authentication
ByFRONT Introduction - Web UI
ByFRONT - Introduction-Network Architecture
F/W
Server Farm ByFRONT Server1
Router
ByFRONT Server2
backbone Switch backbone Switch
Edge Switch Edge Switch
Mobile device
Wired device Wired device Mobile device
1st floor network 2 nd floor network
WiFi / Wired InFRONT Sensor 1
WiFi / Wired InFRONT Sensor 2
Internet note
New installation
Wireless AP
AP controller AP Controller
Wireless AP
ByFRONT Introduction - Network Architecture
Wired/Wireless combined case (Redundancy)
F/W
Server Farm
Router
Back bone Switch Back bone Switch
Edge Switch Edge Switch
Mobile device
Mobile device
1st floor network 2nd floor network
WiFi InFRONT Sensor 1
WiFi InFRONT Sensor 2
Internet note
New installation
Wireless AP
Wireless AP controller Wireless AP controller
Wireless AP
Wired InFRONT Sensor 1
Wired InFRONT Sensor 2
Wired device Wired device
ByFRONT Introduction – Network Architecture
ByFRONT Server 1
ByFRONT Server 2
Wired/Wireless Separated InFRONT architecture
F/W
Router
Back bone Switch
Edge Switch
Edge Switch
Mobile device
Mobile device
InFRONT Sensor
Internet
Wireless AP
Wireless AP controller
Wireless AP
InFRONT Sensor
Wired device
Wired device
ByFRONT Introduction – HQ / Branch Case
ByFRONT Server
Internet
IPSEC
IPSEC
HQ Branch
ByFRONT Introduction – Employee Network
Employee Device Auto Registration (PC, Mobile)
ByFRONT Introduction – Guest Network
Guest Device auto registration (PC, Mobile)
Authentication On Everything
