Download - Managed Wi-Fi · All of WatchGuard’s new access points offer the flexibility for businesses to ease into Wi-Fi with management via Gateway Wireless Controller, built into every

Managed Wi-Fi

Matthew See

Manager, Sales Engineering - APAC

C3TechTalks | 1800 661 859 | 184 Orlando St Coffs Harbour NSW 2450 | www.c3group.com.au

The Connected Generation & The Growth of Wi-Fi


Number of public hotspots

by 2021

542 Million

Number of Wi-Fi devices on

the planet by 2025

12 Billion

2020 WLAN market size from

$15B 2015

$33.6B

What makes Secure Wi-Fi?

Setting a password on an SSID?

Using a VPN?


“WPA decryption”

3,440 videos

hola!adios!

$718,000 FCC fine: transition.fcc.gov/eb/Orders/2015/FCC-15-146A1.html

Secure Wi-Fi = Defending your airspace • 24/7/365 auto classification of APs and clients: authorized | guest | rogue | external• Automatic detection of malicious activity• Automatic prevention in the air and on the wire• No stress of regulatory fines for accidental “take downs”

What do you do in public (Wi-Fi)?


What are the most common activities consumers use on public wi-fi?

83%

17%

0%

10%

20%

30%

40%

50%

60%

70%

Check PersonalEmail

Log into SocialMedia

Access Bankand/or

FinanicalInformation

Enter PII

What could be worse?83% are willing to check both their

personal and corporate email via free Wi-Fi.

Ignorance is Bliss

92% of people click “Continue” when the“Cannot Verify Server Identity” warning appears.

Wi-Fi in public places can't be trusted. Malicious actorscan potentially view everything you do while connected.


91% of users are aware of public

Wi-Fi security risks

89% ignore them and use it anyway


So How Easy is it to Hack Wi-Fi?

Anatomy of a Man-in-the-middle Wi-Fi Attack


MiTM

Get in at low layer…

SSL Strip

Toxic Proxies

PAC File Exploits

To launch higher layer attacks and gain

remote access

Browser Exploitation Framework

(BEEF)

Evil Portals Back doors

Wi-Fi Clients: Not the Sharpest Tools in the Shed

Client devices with saved SSIDs are constantly beaconing to see if those networks are in range.

Karma attack /’kärmə əˈtak/

verb 1. listen for SSID beacon requests and “pwn” people


EST. 2005

➢ ~77,000 videos: Wi-Fi Pineapple

➢ ~3,460,000: How to hack Wi-Fi

Starting: US $99Intuitive GUI, ready packaged modules

Who are These Wi-Fi Hackers?

Hardcore coders, deep dark hackers right?

Today, we have YouTube. In less than a weekend, anyone can become a Wi-Fi MiTM and launch attacks to steal information across Wi-Fi networks


4,220,000 results for “Wi-Fi hack”

Hacking tools with

easy to use GUIs

SSL Strip in Action


Victim browses to www.paypal.comAnd sees a normal looking Paypal page, but

look at the address… wwwww.paypal.com

Stealing PayPal Credentials


Login credentials!

Victim logs in not realizing this

is a HTTP site and sends

username, password in plain

text to the attacker

SSL Strip

Toxic Proxies

PAC File Exploits

Browser Exploitation Framework

(BEEF)

Evil Portals Back doors

Stop the MiTM, Stop The Hacks


#1Turn on WIPS in the Wi-Fi Cloud

#3Stops the hacks

MiTM

#2Takes out the MiTM

Evil Portals Running Rampant

Hackers mimic popular splash pagesto create an “evil portal”.

Victims fall right into their trap to:• Hand over sensitive information

• Install a browser exploit

• Allow malware to be dropped to theirdevice



WIPS

WIPS / WIDS / What?


Vendor Rogue AP “WIPS” Rogue Device “WIPS”

Detection method(s) Published Warning enabling Prevention (WIPS)?

Real Wi-FiSecurity?

Cisco Meraki Yes Yes MAC Correlation “extreme caution”

Aruba Networks Yes No MAC Correlation

Switch Polling

“may impact neighboring networks”

Aerohive Yes Yes MAC Correlation “can impact the normal operation of valid APs belonging to a nearby business”

Ruckus Wireless No No MAC Correlation N/A

Having a feature is NOT a usable

feature if you’re warned against using it

and that regulatory fines may result.

This is Wireless Intrusion Detection (WIDS).

Administrators respond to alerts manually.

WatchGuard WIPS


Vendor Rogue AP WIPS Rogue Clients WIPS

Detection method(s) Published Warning enabling Prevention (WIPS)?

Real Wi-Fi Security

WatchGuard Yes Yes Marker Packets> 29 issued patents

TURN IT ON!We encourage our customers to use WIPS.

Marker Packets (Patented)

• Sent into the network and broadcasted into the air

• Sent into the air and searched for on the network

Advantages of this technique are:

• Free from false alarms: never marks rogue APs as

external APs; nor marks external APs as rogues

• No intrusive interaction with the switches in the network

• No initial or ongoing configuration to be operational

• Fast detection, no matter network size

Prevent Away!

The MOST

Secure Wi-Fi!

WatchGuard WIPS


Wired-Side Injection

Rogue AP

External APs

Accurate classification

of “good“ vs “bad“ vs

“external“.

Rogue Client

Wireless-Side Injection


Wi-Fi Cloud

Wi-Fi Cloud – 4 Products in 1


Patented Wireless SecurityOnly hands-off automated

WIPS with low false positives on the market

Business Driven AnalyticsLocation tracking, footfall, dwell time, repeat visitors, and more at no extra cost and no 3rd

party requirements

Powerful Engagement ToolsCaptivating splash pages, campaigns

to interact with visitors with social media, video, polls, and more

Management That ScalesOnly platform to scale from 1 tounlimited APs, no infrastructure

Engagement: Managed Guest Experiences


Q: What do these companies have in common?

A: They’re making millions off guest Wi-Fi experiences

Engagement: Portals, Pages and Coupons


Analytics: Footfall to Conversion


Yes, it’s the same story

WatchGuard’s Unique Value Propositions


1. WIPSWhere other Wi-Fi platforms have tried and failed, use Wi-Fi Cloud’s patented WIPS to defend your airspace from Wi-Fi hacking without the risk of accidentally shutting down your neighbor’s Wi-Fi and running into legal trouble.

2. Location AnalyticsBridge the gap between online businesses and the physical, brick and mortar. Empower business owners and sales and marketing teams with location-based data on metrics such as dwell times, new vs. repeat visitors, and demographics on gender and age.

3. Captive portalsProvide unique experiences for guests and customers and turn Wi-Fi into a key marketing tool that turns visits into customer touchpoints, increases fans on social networks, and allows for continued engagement after people leave.

4. Cloud ScalabilityEasily scale from one to an unlimited number of APs across multiple locations without worrying about the hardware limitations of legacy controller infrastructure. APs can be grouped in many ways including location, building, floor, for easy management and policy configuration.

5. Firebox-Managed OptionAll of WatchGuard’s new access points offer the flexibility for businesses to ease into Wi-Fi with management via Gateway Wireless Controller, built into every Firebox. This offers a lightweight Wi-Fi access feature set and when ready, the APs can be upgraded with a Wi-Fi Cloud subscription to enable WIPS, captive portals, and location analytics.

Check Out Our Secure Wi-Fi Web Series!


watchguard.com/wifi-webinars