Windows 7

A New Wireless Risk to the Enterprise

Sri Sundaralingam, VP, Product Management

Dr. Kaustubh Phanse, Senior Wireless Architect
Consumerization of IT (especially wireless/mobile)
is posing a challenge for enterprise security
Evolution of Wi-Fi support on end-user devices

Traditional Wi-Fi
Operate as client/ad-hoc
Windows 7 Virtual WiFi –
The Next Gen Soft AP

First Gen “Soft AP”

Convert laptop into AP

But, single function: Can
operate either as AP OR Can operate as Soft AP and
client/ad-hoc Client/Ad-hoc simultaneously
Setting up a Windows 7 Soft AP is simple!
Download free utility from
http://connectify.m
e/
 Choose SSID,
WPA2-PSK Password,
Interface

Click !
Voilà! We have a hotspot!
You can do the same using
Intel’s My WiFi utility
Windows 7 Soft AP: A User’s Delight
Windows 7 Soft AP: Security?

?
Typical Rogue AP scenario
Windows 7 Rogue AP scenario
Policy Enforcement Challenge

Security administrator has no visibility and no control over

allowing or denying access to devices connecting through
‘Virtual WiFi’
Wired security measures are ineffective!
What can you do about it?
Windows User Group Policy

• Shutdown user privileges for running Virtual WiFi

- Use Windows Active Directory group policy
- Supported on Windows 2008 server R2

• Not always practical

• Lacks flexibility
Wireless Security Endpoint Agent

• Centrally enforce wireless policies

• Enable flexibility
 Wireless Intrusion Prevention System (WIPS)

Permit legitimate devices,

deny access to others


Wire-side scanning

Wired and Wireless correlation
cannot detect presence is necessary to detect and
of Virtual WiFi Soft APs block Virtual WiFi Soft APs
SpectraGuard Enterprise WIPS
1-click drill down
Accurate location tracking
Prevention
turned ON
Our findings

• Windows 7 Virtual WiFi allows simultaneous

operation as client and as Soft AP
- Very easy to set up, e.g., Connectify, Intel My WiFi

• This new type of Rogue AP can now be connected

to your enterprise network also through WiFi

• Presence of Soft AP cannot be detected using wire-

side scanning alone

• Can be detected only using a WIPS that correlates wired

and wireless traffic
 AirTight’s Key Value Propositions

• Automates wireless threat remediation

• Minimizes false alarms
• Provides “always on” protection
• Protects both current and legacy WLANs
• Integrates with any WLAN environment
• Simplifies compliance
• Ideal solution for both secure WiFi and
no-WiFi environments
SpectraGuard Product Family

SpectraGuard Enterprise SpectraGuard Online

Complete Wireless Intrusion Prevention Industry’s Only Wireless Security Service

SpectraGuard SAFE SpectraGuard Planner

Wireless Security for Mobile Users WLAN Coverage & Security Planning
 Thank You!

For more information on wireless security

risks, best practices, and solutions, visit:
www.airtightnetworks.com

The Global Leader in Wireless

Security and Compliance
For up-to-date information on
developments in wireless security, visit
blog.airtightnetworks.com