The great diversity of wireless equipment with different operating systems and applications promotes the challenge of new techniques to increase intrinsic safety.
By Osvaldo Callegari*
Among the possibilities of this universe we can mention: Tools for wireless protection, as is the case of CounterAct by Forescout™, which contemplates different aspects such as:
In mobile security it is present in the ability to classify, inform the origin mark and the user.
Apply custom policies for corporate and personal smartphones, mobile devices without the need for agents.
Force guest mobile registration on the device through HTTP redirection and can automatically allow or restrict access to network-specific resources against wireless access points.
With more granular security policies it will be available later this year through Android®, Apple® iPhone®, Blackberry®, Windows Mobile® and Symbian® in mobile applications.
Real-time processes
Visibility without agents (that is, small programs installed on the computer that perform certain procedures).
Asset and endpoint inventory control.
Device classification that provides dynamic and accurate control to see who, what, and where network resources are.
An intuitive asset inventory screen allows operators to easily view, search, report, and customize tracking, including support for whitelist metrics, blacklists, and compliance. This operational intelligence allows a greater breadth at the time of repair.
Expanded options for guests
Increased guest check-in options – a broad set of guest policies that offer flexibility to automatically tighten, loosen, and adjust the guest check-in process, authentication, endpoint compliance, and continuous tracking based on visitor type and device integrity, with appropriate resource constraints. The fulfillment center option allows guests to self-evaluate and self-repair in order to meet network access requirements.
Scalability
A variety of management capabilities to organize and streamline the administration, access, and maintenance of multiple devices.
The CounterAct console is capable of managing more than 250,000 device endpoints.
Gord Boyce, CEO of Forescout told us that: "Personal and corporate mobile solutions offer huge business benefits, in turn pre-existing malware, data leakage and acceptable use threats. The automation of mobile security and access policy management is our focus in this latest version of the application. These enhancements allow our customers the means to take advantage of personal productivity and resource accessibility, while managing compliance with security risks."
Methodologies based on device discovery
CounterAct can discover devices as soon as they connect to the network, in centralized and distributed architectures. Through a combination of effective techniques, CA offers the highest possible accuracy in detection, allowing administrators to create effective repair reports and policies, based on the types of network connection devices and their activity while connected.
Type of monitoring processes
Passive surveillance: Passive surveillance makes it possible to accurately detect hosts and devices communicating across your network, without needing to be connected to the critical line of the current data flow.
With passive surveillance CA is limited to receiving a mirror (or SPAN) of the data stream (either port-based or VLAN-based) and from there is able to perform the following functions to list the hosts and their connected devices:
Passive authentication: CA can control traffic to an existing server (or group of servers) and passively control device authentication.
From the conversation you can identify the user, the authentication status in turn register the device that has been authenticated.
Passive NMAP (Universal): CA can analyze L3/L4 data (layer 3 and 4) within a package and compare the production of this data with a detailed database of the known operating system.
DHCP and ARP Monitoring Request: By monitoring DHCP and ARP requests over the network, CA is able to identify when new hosts or network devices connect to the network, by analyzing the source and destination of these requests.
It is able to build a real-time picture of where new devices are connected and which network segments are connected.
IPS Surveillance: CA begins to build a knowledge database that takes an in-depth look at traffic flows and consistency between hosts and connected devices. It is possible with this method to detect malicious actions with port intrusions, attempted infections and service scans, with the possibility of immediately reporting the threat or repairing if it was within range.
Detection of network impersonations (L2 and L3): CA provides the ability to detect hosts attempting to spoof their IP or MAC addresses when they attempt to connect to other machines through controlled network segments.
Active interrogation: CAs can also employ active interrogation techniques to provide more detailed information about the hosts and devices that are connected to the network.
With the active interrogation pointing to the ACT, it can be configured to run with more detailed analyses and report the information collected so that administrators can define the most appropriate response.
CA can run an active external scan against hosts and devices for more detailed information regarding the operating system, vendors, services, applications, processes, and files (where applicable). This data was revealed in counterAct's Management GUI, providing administrators with real-time insight and more details about the exact type of device or the status of the machine that has been connected to the network.
Internal Scan (Windows, MAC, Linux): Perhaps the greatest detail is achieved through an internal analysis of the host devices on the network. Whether through machine access services or on a domain-level account, by installing an 800kb client connector (called a Secure Connector), CA is able to consult with the device in detail to discover almost any piece of information available about the host.
In environments with guest users or unmanaged hosts, the connector can be installed to dissolve, when the user/host is disconnected from the network, so they do not need to be persistent on corporate devices.
Internal scanning using SNMP and CLI: With respect to network devices such as printers, manageable switches, routers and wireless access points, CA can be configured to use SNMP or CLI to read them for more detailed information.
Network integration: In linking and integrating CA networks offers a lot of additional details about the state of the network, the connected hosts and their level of compliance with policies, such as PCI, antivirus, Windows patches, software versions and much more.
CA can be included in the following authentication protocols and media: LDAP, RADIUS, and 802.1X: CA can be integrated into multiple authentication services, to actively or transparently authenticate devices that connect to the network, before allowing them authorized access to network resources.
Patch Management (OS Updates) and Help Desk: CA can be integrated with existing patch management and helpdesk solutions to automate the solution, logging, and reporting of tasks to all non-performing hosts.
Firewalls, Routers, Switches, Remote Access VPN: CA can be integrated with other devices at the network layer to learn more about access and connected users. In the case of VPN remote access solutions it can be seamlessly integrated with the VPN gateway server to control and interact directly with the connected hosts,
Deployment of capabilities and discovery: The discovery of devices, computers and users over a corporate LAN/WAN is achieved through the integrated approach of passive and active interrogation. Other methods are the interrogation of Layer 2 and Layer 3 which we are not going to elaborate on because they are very extensive.
Any concern to expand concepts or doubts can visit www.forescout.com to analyze different case studies and tools related to security.
On the other hand we review the concepts in Wi-Fi to achieve greater objectivity when it comes to securing our devices.
Wi-Fi Direct ™
This new method launched by the Wi Fi organization achieves an easier and simpler connection on wireless devices. Users can now share, print, sync, and display devices automatically and directly.
Although part of these concepts have been correctly poured out by other colleagues, it is equally applicable in different media and particular projects outside of generalization.
Now mobile phones, cameras, printers, PCs and gaming devices can connect directly with each other in one-on-one or one-to-many modes, with the ease of remembering that connection so that when they are back in range they can connect.
Nowadays all over the world people are storing, sharing videos, photos and/or documents like never before. People in the 18-29 age range have an average of 2,400 songs, videos and photos stored on digital devices. With direct WiFi™ it is possible to connect directly with the devices in addition to sharing images, games and video. The simplicity also of showing them on a nearby TV.
Peer to Peer's specifications and certification program are expanding rapidly with this option of being interoperable with new distinctive features.
With WiFi Direct™ the possibility of having all the devices interconnected is very close, you have to be attentive about the presence of this technology. The user will need some study time to get used to such wireless features.
While the security measures necessary to mitigate effects are innumerable to be taken into account, the reader can analyze this guide of options and use the one he deems most convenient to his understanding.
Note: The names and trademarks mentioned in this article are trademarks and registered names of their own companies and or authors.
For inquiries or technical concerns about the article, you can write to the author at your email: [email protected]
Leave your comment