Professional Documents
Culture Documents
com
WHITE PAPER
ENTERPRISE
Brocade Mobility products feature an end-toend architecture that integrates key security and
wireless solutions to deliver standards-based,
industry-leading wireless network protection.
Finally, 802.11 networks operate in the unlicensed frequencies of 2.4 GHz and 5 GHz. Unlike
cellular frequencies, which require licenses, these unlicensed frequencies are open for use
by anyone. While the FCC mandates certain rules of engagement, which prohibit aggressive
or malicious use, the difficulty in enforcing such rules means that most unlawful use of the
frequency goes unpunished.
In response to the pervasive security threats faced by enterprise WLANs, Brocade Mobility
features a range of capabilities addressing multi-tiered enterprise data protection for
enterprise WLANs. Brocade Mobility WLAN controllers and Access Points (APs) include a
range of WLAN security mechanisms to meet (and exceed) the needs of expanding wireless
networks and provide administrators with additional options as their data protection needs
expand. Compared with other leading wireless network equipment providers, Brocade offers
the strongest and most efficient wireless security portfolio on the market. Brocade integrates
key security features directly into controllers and APs to provide superior access control and
network defense.
The Wireless Intrusion Prevention System (WIPS) is the eyes and ears of the Radio Frequency
(RF) network. AirDefense WIPS can detect more than 200 current and lethal attacks and
threats in real- time. Furthermore, the AirDefense 24x7 WIPS can reside alongside a WLAN
radio on a single AP. The ability to transport packets and detect intruders on the same AP is
extremely cost-effective and extremely secure. WIPS sensors are solely dedicated to detecting
and preventing intruders. Note that many other WLAN systems on the market use a far
less effective approach called time-slicing, in which the radio on an access point spends
some time broadcasting network traffic and some time scanning the network for intruders.
Unfortunately, these time-slicing solutions end up spending only about 4 minutes per day
scanning for intruders. In addition, the AirDefense WIPS is not band-lockedmeaning that it
can monitor both 2.4 and 5 GHz bands simultaneously. This is important for any network that
utilizes both the 802.11b/g and802.11a standards.
WWW
Corporate
HQ
Figure 1.
A Brocade Mobility wireless firewall
provides a complete solution for user,
data, and network protection.
Branch 1
Branch 2
Corporate
WAN
Corporate
WAN
Wireless
Controller
By converting the physical dimensions of a network segment into a representative site map,
AirDefense for Brocade Mobility Wireless Intrusion Protection Software (WIPS) can accurately
track the deployment of and operation of authorized devices and use their location to
triangulate the location of potentially hostile devices.
Figure 2.
AirDefense WIPS
provides comprehensive
rogue threat mitigation.
WIPS
appliance
Laptop
Terminated:
accidental
association
Sensor
Neighboring AP
Switch
APs
AP
ACL enforced:
rogue station
Port
suppressed:
rogue AP
AirDefense WIPS sensors continuously monitor WLAN activity and report network events
to the centralized AirDefense appliance server. The AirDefense WIPS management server
correlates and analyzes the data to provide real-time rogue detection, policy enforcement,
and intrusion protection. If an unauthorized device is detected, AirDefense WIPS has the
means of interrogating the rouge to obtain valuable data to aid forensics by reporting and
recording the event.
AirDefense WIP converts the physical dimensions of a network segment into a representative
site map to accurately track the deployment and operation of authorized devices and use
their location to triangulate the location of potentially hostile devices.
Data Center 1
Data Center 2
WAN
4
Branch
Office 1
Branch
Office 2
Figure 3.
Brocade Mobility products provide central
security policy management and control
with multiple points of enforcement:
Mesh
Rogue
AP
Brocabe Mobility RFS7000 and RFS6000 also fully satisfy the Common Criteria evaluation
at Evaluation Assurance Level 4 (EAL4). This represents the highest compliance level with
the US governments WLAN Authorization Server Protection Profile for Basic Robustness
Environments. This ensures that Brocades enterprise-class switch solutions are properly
certified to meet and exceed the FIPS requirement.
Summary
Wireless networking is changing the way IT approaches network security. The physical
characteristics of wireless and the experience of mobility mean information moves more
freely, with little regard to physical boundaries. The optimum security approach for wireless
is a layered end-to-end approach consisting of encryption, authentication, network access
control, and wireless intrusion protection supported across enterprise wireless access point
and controller infrastructure.
In response to the pervasive security threats faced by enterprise WLANs, Brocade Mobility
features a range of capabilities addressing multi-tiered data protection for enterprise WLANs.
Brocade Mobility family supports the strongest and most comprehensive wireless edge
security offering, including encryption, firewall support, and authentication.
Brocade Mobility controllers implement a next-generation wireless firewall which supports
fine-grained security within an enterprise-level wireless network including location-, user
identity-, and role-based policy enforcement.
AirDefense for Brocade Mobility provides industry-leading intrusion protection capabilities
for small to very large enterprise.
Brocade Mobility products meet and exceed the US Department of Defense FIPS 140-2
security criteria.
For more information about Brocade products, services, and solutions, visit
www.brocade.com.
WHITE PAPER
Corporate Headquarters
San Jose, CA USA
T: +1-408-333-8000
info@brocade.com
www.brocade.com
European Headquarters
Geneva, Switzerland
T: +41-22-799-56-40
emea-info@brocade.com
2009 Brocade Communications Systems, Inc. All Rights Reserved. 01/10 GA-WP-1440-00
Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, IronPoint, IronShield, IronView, IronWare, JetCore, NetIron,
SecureIron, ServerIron, StorageX, and TurboIron are registered trademarks, and DCFM, Extraordinary Networks, and
SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
All other brands, products, or service names are or may be trademarks or service marks of, and are used to identify,
products or services of their respective owners.
Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied,
concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the
right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This
informational document describes features that may not be currently available. Contact a Brocade sales office for
information on feature and product availability. Export of technical data contained in this document may require an
export license from the United States government.