Table of contents AirCUVE & References About BYOD Enterprise Mobility Strategy BYOD Requirement ByFRONT Introduction ( Enterprise BYOD )
AirCUVE & Reference about AirCUVE Intelligent Management of Network & Device with Authentication Solution Wired / Wireless consolidated Authentication Multi Factor / Multi Channel Auth. WEB Authentication, VPN Authentication Network Access Control - Authentication Proven References in Key Industries ( over 710 customers ) Public 320 Enterprise 230 School 122 Hospital 15 Financial 15 Military 8 Excellent Inter-Operability with Network Equipment Good Inter-Operability with various type of AP, Switch, WIPS etc.
AirCUVE & Reference About AirCUVE Super High Capacity Authentication Coverage Up to 3 Million Devices High Speed Authentication 800 Authentication per second
AirCUVE Introduce - Main Products AirCUVE V-FRONT Two Factor Authentication (Mobile OTP, PKI) ByFRONT Wired and Wireless Devices Management based on BYOD AirFRONT WLAN(Wi-Fi) Authentication
AirCUVE & Reference Patent, Certificate Patent Authenticate system Detailed log treatment process Patent Wired/wireless network quarantine and policy based network access Patent Wireless network security control equipment ( WIPS related patent ) Patent Private IP based - Remote device control using SIP Patent Multi-Factor authentication Patent Location based Security control for high mobility device
AirCUVE & Reference - Certificate, CC CC Wi-Fi authentication system- AGS-NPS CC certificate (EAL2) CC CC Wi-Fi authentication system- AirFRONT CC certificate (EAL4) Network access control- NacFront CC certificate (EAL2) CC Wireless LAN authentication CC certificate (EAL4) CC Wireless LAN authentication - CC certificate (EAL4) CC AirFRONT V5.2 Good Software (GS) certificate
AirCUVE & Reference BYOD reference SK Planet BYOD Success Story - IT magazine article year 2014 May. get two birds with one BYOD stone Security and Convenience SK Planet New office at Seoul Major Carrier in Korea 30 million Cellular subscriber AirCUVE BYOD solution for SK Planet
SK Planet BYOD case Case of successful development Security and Convenience of BYOD Chasing two hares at once Realizing the automation of the entire authenticate process by adopting the web-server authorization for device -IT Magazine News article, May 2014-
SK Planet BYOD case Work environment of the company is changing to Smart Office Management and security of device, an obstacle of adopting BYOD BYOD is anticipated to become a major IT Trend worldwide Gartner expected that 38% of corporate will adopt BYOD soon
AirCUVE & Reference - Smart School Nationwide smart school student authentication project 12,000 schools : 7 million student w/ Smart devices WiFi based classroom : 2 WiFi APs per classroom Intelligent WiFi Auth. : Teacher Net. / Student Net. Smart Edu-Roaming : Student Edu Roaming City 1 City 17 City 2 InterNet City 16 Elementary School #1 City 3 City 4 City 5 wips AirFRONT L4 F/W L4 ATM Metro Net wips AirFRONT City 6 Net Aggregation Point.... City 15 Back Bone L2 Metro Switch F/W WLC AP Junior High # N L2 Metro Switch F/W Back Bone WLC AP Back Bone L2 Metro Switch F/W WLC AP High School #12,000 Teacher net Student net WiFi Teacher Net. Student Net. WiFi Teacher Net. Student Net. Wireless Zone
AirCUVE & Reference Application industry Electronics SK telecom smart security partner authentication solution Smart School Ministry of Education smart school partner Telco Carriers BYOD Enterprise 3 Major telco - Wi-Fi authenticate security solution partner major conglomerate BYOD adopted (Bring Your Own Devices) Smart Mobile Highway control authority adopted 2 Factor Authentication Government Y 2013, Samsung electronics RMS (Remote Maintenance System) PKI, authentication Y 2013 (NIPA) S/W overseas marketing strategic partner
AirCUVE & Reference - BYOD Reference HanHwa Group SK Carrier Group Construction & System Integration IT company Physical Security Control DutyFree Shop
AirCUVE & Reference - SAMSUNG Reference SAMSUNG Group references SAMSUNG Engineering SAMSUNG Heavy Industries SAMSUNG Electronics SAMSUNG Insurance SAMSUNG CNT Cheil Worldwide
AirCUVE & Reference Public organization LG U + Wi-Fi authentication SKT Wi-Fi smart phone authentication SK planet Smart mobile office BYOD solution Hiway control authority Hi-mOffice mobile office Authentication security Electric power com. Smart mobile office Authentication / security Samsung Trading Smart mobile office Authentication/security Kacheon Citi hall Smart mobile office(fmc) authentication Security system Cheil planning Advertising Smart mobile office Authentication security TV Broadcasting Wi-Fi (FMC) Authentication/ security KT telecom Wi-Fi smart phone Authentication security Korea Oil company Smart mobile office Authentication security KISA (internet authority) Smart mobile Security test bed Korea Red Cross Smart mobile office Authentication / Security Seoul City hall Smart mobile office Authentication / security Samsung engineering Smart mobile office Authentication/ security Shinsegae department E mart WiFi system Security authentication
AirCUVE & Reference Public Organization
AirCUVE & Reference - Government
AirCUVE & Reference - Enterprise
AirCUVE & Reference - Enterprise
AirCUVE & Reference - Hospital
AirCUVE & Reference - University
AirCUVE & Reference - Schools 백석초등학교 덕계고등학교 미림정보고등학교 인창고등학교 미라초등하교 중동고등학교 발곡고등학교 한국외국인학교 경북대사범대학부속고 부산디지털고등학교 경남고등학교 운암초등학교 영복여자중학교 경기초등학교 안산공업고등학교 경기체육고등학교 청담정보통신고등학교 분포중학교 두원공업고등학교 부산진고등학교 이사벨고등학교 동명정보고등학교 덕문여자고등학교 서해고등학교 부흥중학교 군자공업고등학교 삼락중학교 부산공업고등학교 장평중학교 부산마켓팅고등학교 부산개성중학교 금명중학교 문현여자중학교 경민여자정보고등학교 장전중학교 장안제안고등학교 전곡고등학교 개금여자중학교 하남중학교 다솜중학교동주여자중학교 금곡고등학교 덕정고등학교 동남고등학교 포천고등학교 부산정보고등학교 부산정보관광고등학교 상계제일중학교 Over 100 High schools Wifi authentication installed by AirCUVE wireless security solution during last 7 years 부산전자공업고등학교부산중학교부산국제고등학교연일중학교부곡중학교신덕중학교 망미중학교토현중학교사직중학교남산중학교경남공업고등학교재송중학교 전남학생교육문화회관서울의료원중산고등학교대곡고등학교중흥고등학교이일여자고등학교 부산자동차고등학교부산동여자고등학교시화중학교까치울중학교장곡고등학교매화고등학교 홍성여자고등학교경민고등학교서울영상고등학교정왕고등학교한수중학교평택기계공업고등학교 내정중학교 인송중학교 부천여자중학교 경기외국어고등학교 조종고등학교 포천제일고등학교 한국문화영상고등학교 상암고등학교 동호정보고등학교 부산중앙고등학교 영도중학교 경일고등학교 구름산초등학교 마석중학교 군포중학교 대연고등학교 해운대고등학교 명진중학교 해운대여자중학교 백동초등학교 하성중학교 사상고등학교 분진중학교 홍천초등학교 김포제일고등학교 진위고등학교 주례여자중학교 상암중학교 부산진여자상업고교 장암초등학교 혜광고등학교 시온고등학교 상원고등학교 해송고등학교 국제중고등학교 성보중학교 동산초등학교 진위중학교 풍문여자고등학교 삼각산고등학교 부산신금초등학교 수주고등학교 수암초등학교 기장고등학교 신일중학교 한울고등학교 장영실고등학교 신일중학교 한울고등학교 청심국제중학교 중산고등학교 남산중학교 충주중산고등학교 영복여자중학교 경남고등학교 한국테크노과학고 발곡중학교 삼정고등학교 인창고등학교 운암초등학교 경기도초등학교 부산진고등학교 정발고등학교 성일정보고등학교 상색초등학교
About BYOD - Bring Your Own Device Allow Use of Personal Smart Device into Company Work - In 2009, Intel introduced BYOD concept - Need Private smart devices Use for Company Work BYOD mobile office environment drastic change - Need to Increase Work efficiency - Need to Reduce Cost of Company Network Maintenance Private device use for company work - Facing Security control issue - More strong security control Vs Employee Privacy issue
About BYOD - BYOD Trend Move from BYOD to CYOD - IDC 2014 mobility trend - CYOD (Choose Your Own Device) - COMPANY control Authority of device use for office work - EMPLOYEE choose proper Device for office work BYOD spread by VDI Technology BYOD accelerated by Wireless Infra. people carry 3+ devices Demand for Real time Communication
About BYOD - Why need BYOD? Need to Control Company Devices Minimizing Employee s Repulsion.Gartner Research.. Employee says 26% Accept BYOD device usage in OFFICE work 15% Conditional Accept BYOD with Agreement 33% NO BYOD Security policy exist 67% Company Not Recognize what BYOD Problem will be 59% Already Use private device in Office Work w/o security control
About BYOD - Why need BYOD? We need Secured & Efficient company network management Employee s strong demand to use Smart device for office work. - Burden of approval of personal device use Physical Entrance checking of devices at company - Employee s Resistance Network Access by Unauthorized device. - Already 70% use personal device for company e mail checking Need to check Company network access ( when, where, who, how ) - Difficult to trace in case of Security accident
Enterprise Mobility Strategy - Trend User Identify Management (Authentication) Wireless Infrastructure Management & BYOD Security & Threat Mobile App. Development -Source : Gartner, Paul DeBeasi
Enterprise Mobility Strategy - IAM User Identify and Access Management ( IAM ) - Enterprise MUST Authenticate User and Device - Need Access Management Policy of USER / DEVICE - 3 Key Factors of IAM Consolidated Authentication System Systematic Access Management Policy Protect Privacy
Enterprise Mobility Strategy Security & Threat Mobile User request to access to Personal device and Cloud service Many solution -Authentication, Encryption, MDM, Malware protection But, Difficult to run Systematic Policy control for various Device due to different OS, different types Cloud Security Control Security Risk Vs. Cost & Convenience
Enterprise Mobility Strategy Management by BYOD BYOD is the most significant Change related to Client Computing since Appearance of PC. 38% of CIO plan to adopt BYOD service by Year 2016 - Gartner Report
Enterprise Mobility Strategy IT department Need following Strategy PREDICT Future BYOD Requirement in Company PREPARE Consistent BYOD Policy
BYOD Requirement - Analysis Consolidated Control for most company device? - Server, PC, Notebook PC, Smartphone, Smart PAD Additional Multi Factor authentication possible? - OTP, PKI, QR, Biometric, FIDO Real Name IP and device control? - User Name, ID, Device (OS, Vendor, MAC), IP, Connection Time Convenience of Management? - Agentless Convenient Device registration with Security? - Employee Device / Guest Device Inter-Operability with existing Legacy network and Security Solution? - Wired Switch, wireless network of various vendor - Firewall, VPN etc.
BYOD Requirement - Function requirement Standard protocol? Support for wired network authentication? wireless authentication and data Encryption? Variety authentication? IPv6, IEEE802.1x, RADIUS IEEE802.1x, RADIUS IEEE802.1x, IEEE802.11i ID, MAC, Certificate, IP based WIPS inter-operability? Multifactor authentication? 2 factor / 2 channel auth. CC certified EAL-4? Convenient Device registration?
BYOD Requirement - Function requirement Device identify without Agent? Identify OS when IP allocation? Windows, Android, ios Support DHCP server function? User Fixed IP allocation? Protection of important User IP? Web based authentication? Web Redirection Blocking for non authorized Device? Automatic Info. collection of MAC Address, IP? Auto registration for New dev.
BYOD Requirement Deploy check point Certified Quality CC Certificate Operation User friendly Solution? Intelligent Device and Network Management with IP control? Inter- Operability Real Named IP Management Convenient & Prompt? WIPS, FireWall, VPN, User DB User Name, ID, Device, IP Address, Connection Time
ByFRONT Introduction - Architecture ByFRONT ByFRONT Suite Total Authenticate - IEEE802.1x, RADIUS authentication - IEEE802.11i data encryption - ID, Certificate, MAC, IP Management BYOD Policy - BYOD Policy server - Identify devices ( vendor, O/S type ) - DHCP / IP allocation and Protection InFRONT Web Authentication Switch (sensor) - WEB based authentication - Blocking unauthorized access : Device, MAC. IP - Auto Info. collect for new device : MAC, IP.
ByFRONT Introduction Key features Systematic Device, IP management Systematic IP allocation Fixed IP allocation, Protection of Key IP Identify device type without additional client APP installation BYOD DHCP function / Finger Printing of DHCP and TCP function Auto Registration User device Web based authentication Automated user registration process SMS server ( OTP) interface for user device registration Total LOG Consolidated management of User and User device
ByFRONT Introduction Key Modules SMS sending interface module New device & guest registration with OTP authentication AirFRONT AD interface module LDAP interface module DHCP, InFRONT communication module Total view UI User device registration page User PW confirmation.. When user/device authentication When user, device auth. Allocate VLAN in association with employee/partner s access policy IP allocation info from DHCP server, and assign access policy from InFRONT. Master control view page ( display IP, MAC, DHCP, device type. O/S, user info. Registration of user device ByFRONT InFRONT device OS confirm module DHCP server function interface with office work Web Redirection module AirFRONT policy module Identify device type ( notebook, smart phone ) IP allocation, wired / wireless. Interface with PMS, DLP server, device MAC / IP and user information. Detect unauthorized device, redirection to AirFRONT registration. Real time Device network access control for authorized and registered device.
ByFRONT Introduction - Advantages Intelligent Management of Company Network & Device Security! Minimize employee s repulsion of personal device control by company - Agentless solution Systematic Network Access Control of private device - Web Based Authentication with InFRONT. - Automatic MAC collection - Block Unauthorized Device Network Access. ( MAC,IP ) Automated Network Access Control of Employee and Guest devices - Employee : convenient new device registration w/ SMS OTP KEY - Guest : authorization by employee s confirmation Convenient management of user device information. - Smart Control : User info. Device info. IP, Mac Address.
ByFRONT Introduction - Comparison item Certificate Patent Functions AirCUVE (ByFRONT) National certificate for public organization CC certificate O - - Patent of High speed authentication capability (authenticate Detail Log control) O - - Multi factor authentication Patent for various type authentication O - - Intelligent BYOD registration ( Auto registration, new device/guest device ) O Wired +Wireless +Smart phone authentication O - A B BYOD function Standard protocol Enforced authenticate (2 factor authenticate) Real named IP (User Name, ID, MAC, IP, Connection Time, Policy) O IP, MAC, user, real time information sharing ( intelligent firewall, PMS, DMS, Legacy security system ) O Agentless type BYOD solution O O O Agentless type, device O/S classification, Specific O/S blocking O O O Authentication WEB Page Redirection O IPv6 support / Mobile IP AVP O O O IEEE802.11i standard O O O IEEE802.1x EAP authentication (EAP-MD5/LEAP/TLS/TTLS/PEAP) O O O Enforced multi factor authentication ( Mobile OTP, SMS OTP, e-mail OTP, PKI,QR Code ) O - - Mobile OTP APP (Android, ios, Windows) O - - Private authentication certificate (CA, RA) O - - ID+MAC+NAS, various combination of authentication O - -
ByFRONT Introduction - Comparison Item Stability Of Management IP / MAC control DHCP Server Functions AirCUVE (ByFRONT) Flexible interface with personnel DB account O IT manager s mobile approval for Guest /New device registration O Reliable inter-operability with various WIPS solution (Motorola, Cisco, AirTight ) O - - Consolidated UI menu (device, user, name, auth. status, dept., phone no. e mail..etc ) O Automated Device On-boarding ( Auto device approval after user auth. w/o manager s approval ) O Intelligent access policy per device. ( profiling, classification and policy application ) O Emergency Self healing function ( in case of Authentication / Policy server process down ) O - - Packet based Access Control and IP Traffic Scanning function O Packet Session Blocking function (TCP only) ( For un-authorized device network access ) O - - IP protection O - - Data collection and blocking of IP or MAC O - - Allowance of Specific MAC or IP ( white list ) O - - VLAN Trunk (802.1q tag) support O O O DHCP v4 standard support (RFC2131) O O O DHCP v6 standard (RFC3315) O O O DHCP Finger Printing O A B
ByFRONT Introduction - Web UI Daily Authentication Weekly Authentication Monthly Authentication
ByFRONT Introduction - Web UI
ByFRONT - Introduction-Network Architecture
ByFRONT Introduction - Network Architecture Wired/Wireless combined case (Redundancy) Server Farm ByFRONT Server1 Internet note Router New installation ByFRONT Server2 F/W WiFi / Wired InFRONT Sensor 1 WiFi / Wired InFRONT Sensor 2 1 st floor network AP controller backbone Switch backbone Switch AP Controller 2 nd floor network Wireless AP Wireless AP Edge Switch Edge Switch Mobile device Wired device Wired device Mobile device
ByFRONT Introduction Network Architecture Wired/Wireless Separated InFRONT architecture Server Farm ByFRONT Server 1 Internet Router New installation note ByFRONT Server 2 F/W WiFi InFRONT Sensor 1 WiFi InFRONT Sensor 2 Wireless AP controller Back bone Switch Back bone Switch Wireless AP controller 1 st floor network 2 nd floor network Wireless AP Edge Switch Edge Switch Wireless AP Wired device Wired device Mobile device Mobile device Wired InFRONT Sensor 1 Wired InFRONT Sensor 2
ByFRONT Introduction HQ / Branch Case HQ Internet Branch ByFRONT Server Router IPSEC Internet F/W InFRONT Sensor IPSEC Edge Switch Wireless AP Wireless AP controller Wireless AP Back bone Switch Wired device Edge Switch InFRONT Sensor Mobile device Mobile device Wired device
ByFRONT Introduction Employee Network Employee Device Auto Registration (PC, Mobile)
ByFRONT Introduction Guest Network Guest Device auto registration (PC, Mobile)
Authentication On Everything