From Dolan Sullivan, vice president of the Federal Office in Aruba, a company of Hewlett Packard Enterprise.
Federal and non-governmental IT teams have long been aware of the risk of radio frequency (RF) blindness. Ultimately, unauthorized communications in a protected area can reveal staff movements and create a data retrieval channel, such as how a fitness tracker can inadvertently revealed physical movements of servicemen.
The need to be aware of the situation with radio frequency signals has increased as the use of mobile and IoT devices has exploded in both governments and the private organizations that support these governments. These challenges are compounded by the fact that most devices use many or many different radio frequency technologies, such as Wi-Fi, ZigBee, Bluetooth, and Bluetooth Low Energy (BLE). Most oppressively, federal high-security agencies had to rely on honor and reporting policies to restrict the entry of radio broadcasting devices without the ability to effectively track and manage them on the network.
Unified solution for mitigating the vulnerabilities of radio transmitting devices
Federal implementing organizations need a unified solution for detecting and locating radio broadcasting devices to improve the overall security position, while better protecting people who use these devices and the physical areas where these devices exist on the network.
To create this unified solution, Aruba’s secure corporate wireless LAN solution and Aruba ClearPass Policy Manager can be integrated with Bastille Networks, to bridge the huge security gap created by radio broadcasting devices. Federal IT agencies can now implement this integrated solution to establish a radio frequency system security policy based on real-time detection capabilities, while creating automated signals and enforcement policies.
Automation of the application of radio frequency fences
Bastille uses passive software-defined radio sensor arrays to detect and locate cellular, Bluetooth, BLE and Wi-Fi devices with accurate real-time location. All radio transmitting devices, whether authorized or unauthorized on campus or located ahead, can be accurately located on a floor plan or area map.
ArubaCaption: ClearPass maps can help IT teams track and automate the implementation of predefined policies related to radio broadcasting devices on the network
With Bastille and ClearPass, IT can identify geozones that include or exclude areas where devices are or are not allowed. If a radio transmitting device, whether it is a personal mobile phone, fitness tracker or sensors in the data center infrastructure, is where it should not be (or does what it should not do), a signal is sent via ClearPass and automated after this can be applied implementation.
Automated actions are taken on the basis of the defined policies of the given state agency. When a mobile device crosses a geozone boundary, Bastille communicates with ClearPass to enforce network access based on policies set for that physical location.
If a mobile device crosses a geozone boundary, such as the wrist of an involuntary federal contractor, in a protected facility where radio broadcasting devices are not allowed, Bastille will communicate with ClearPass. This time, ClearPass will disconnect all cable terminals and desktops from the network, preventing data retrieval. Other actions may be taken, such as alerting the IT services office to document the breach or even notifying a physical security team to track the device, as justified.
With the integration of Aruba and the Bastille, federal IT leaders have situational awareness of all radio broadcasting devices in their respective facilities and other designated areas, but with the added ability to immediately mitigate risk if a threat arises. In short, federal agencies and contractors have a more effective method of reducing risk, rather than simply relying on a policy of honor and good intentions.
Want to learn more about protecting your network from unauthorized radio transmitters? Watch the webinar on demand “Get rid of shady IT and RF network blindness: Implementing RFID policies” with Bob Bucksley, Chief Technical Officer in the Bastille, and Khuong Tang, Senior Systems Engineer in Aruba.
Copyright © 2021 IDG Communications, Inc.