AirTight
CASE STUDY
Challenge
• Enforce no Wi-Fi policy
on a 24 x 7 basis
• Ensure compliance with
appropriate industry regulations to maintain information confidentiality
AirTight Solution
• Deployed SpectraGuard
Enterprise 4.0
• Provides continuous airwave
monitoring for all Wi-Fi
activity
• Ensures rogue APs aren’t
introduced
• Prohibits embedded laptop
wireless clients from connecting to external Wi-Fi
networks
Results
• Enables administrators to
take control of air space
• Ensures industry regulatory
compliance for wireless connections
• Creates confidence that
future wireless LAN deployment can be implemented
securely
Taking Back Control of the Air Space
Creates Peace of Mind for Leading
New York Financial Institution
C.E. Unterberg, Towbin provides investment banking, research and
investment management services to emerging growth companies and
investors in the technology and health care sectors. Originally established in
1932, Unterberg is headquartered in New York, with offices in California
and Israel.
As the enormous security risks posed by wireless LANs were revealed,
Unterberg chose to not implement Wi-Fi networks in its offices out of concern for the damage that could be caused with improper usage or malicious
hacking. And as a financial services company, Unterberg also faced the
need to ensure compliance to relevant industry regulations.
Putting Teeth in the ‘No Wi-Fi’ Policy
To prevent security breaches through the wireless medium, Unterberg instituted a ‘no Wi-Fi’ policy. However, as time went on, concern rose about the
possibility of rogue access points compromising the network. Rogue access
points are consumer-grade devices with no security brought in by employees. Typically used without malice, when attached to the enterprise network behind the firewall, they bypass all security protections.
C.E. Unterberg Towbin rightly recognized that although a formal ‘no Wi-Fi’
policy was in place, it was difficult to enforce it on a continuous basis.
Keeping the workforce educated about the risks of unmanaged wireless
access points was challenging and certainly not foolproof. Similar challenges with employees initiating viruses sent through email attachments
had led to a joint strategy of education and anti-virus software. A similar
solution was needed for rogue access points. Keith Luca, Information
Technology Manager, was charged with making it happen.
Handheld solutions that sniff the air for Wi-Fi activity are only an intermittent solution as they require an IT administrator to physically roam the
building. Being situated in Manhattan with many neighboring offices using
wireless LANs results in a great deal of work to identify the Wi-Fi device
location. As wireless signals travel through building walls a great distance,
many signals would be discovered to be neighboring, harmless wireless
LANs. “Finding my neighbors’ wireless LANs doesn’t help me,” said Keith
THE LEADER IN WIRELESS INTRUSION PREVENTION
About AirTight
Networks
Founded in 2002, AirTight
Networks is the leader in
wireless intrusion prevention
and performance management
(WIPPM) solutions. AirTight
Networks’ SpectraGuard®
family of WIPPM performance
products and services
provides enterprises and service providers with
around-the-clock wireless
monitoring and automatic
intrusion prevention, while
managing wireless LAN network performance
for maximum performance,
capacity and uptime. The
SpectraGuard family of
products is the industry’s only
solution that correctly classifies
wireless devices and events;
and automatically identifies,
automatically stops, and accurately locates wireless security
risks and attacks. AirTight
Networks’ solutions scale from
a single laptop to networks
with millions of wireless
devices. AirTight Networks is a
privately held company based
in Mountain View, CA. For
more information, visit the
company’s Web site at
www.airtightnetworks.net.
Luca. In addition, this type of solution did not work at all for remote
offices where IT resources were even more limited.
Other Wireless Threats Uncovered
After examining the available wireless IDS/IPS solutions on the market,
Keith selected AirTight Networks. Fortunately, the deployment revealed
that there were no rogue access points. However, in a surprise to the IT
department, the AirTight system found that wireless clients in laptops were
connecting to neighboring wireless networks. As many employees travel
and use wireless connectivity on the road at hot spots or at home, barring
them from laptops was not possible. However, preventing connections to
neighboring networks was imperative to ensure that the enterprise network was not compromised or industry regulations were violated. Many
employees had no idea that the wireless client would automatically search
for a wireless LAN network name it had already connected to, such as
‘linksys’ or ‘T-mobile.’ The wireless client then might connect to a neighboring network while the laptop was also connected to the wireline enterprise network. This would create a direct portal to both the laptop and the
enterprise network that could be exploited.
“Install and Forget” Gives Back Time as well as Peace of Mind
AirTight Networks SpectraGuard Enterprise 4.0 was installed throughout
the Manhattan office. SpectraGuard Sensors automatically scan the air
waves for all Wi-Fi signals. All information is sent back to the
SpectraGuard Server for analysis and action. Administrators used the webbased wizard to quickly set up policies specific to C.E. Unterberg Towbin in
less than half an hour. All wireless activity is prevented, both rogue access
points as well as connections to neighboring networks. “We see the wireless clients trying to connect on a daily basis to neighboring networks,” said
Keith Luca, “and SpectraGuard Enterprise stops them cold. We don’t even
worry about it anymore.”
Administrators have also installed SpectraGuard Sensors in the remote
offices as well. A single centralized security policy is enforced from the
SpectraGuard Server, which manages the sensors in the remote sites. As
sensors cannot be modified locally, this ensures that all sites and all employees are operating under a consistent set of policies. “This is a very low
maintenance solution that doesn’t alarm unnecessarily,” said Keith Luca.
“It’s about as close to install and forget as you can get.”
AirTight Networks
339 N. Bernardo Avenue
Suite 200
Mountain View, CA 94043
Tel: +1 877 424 7844
Tel: +1 650 961 1111
Fax: +1 650 961 1169
www.airtightnetworks.net
[email protected]
THE LEADER IN WIRELESS INTRUSION PREVENTION