By Dolan Sullivan, Vice President of Federal at Aruba, a Hewlett Packard Enterprise Company.
Federal and non-government IT teams have long been aware of the risk of blindness from radio frequency (RF) networks. After all, unauthorized communications in a secure area can reveal personnel movements and create a channel for data exfiltration, like the way a fitness tracker can inadvertently reveal the physical movements of military personnel.
The need for RF situational awareness has intensified as the use of mobile and IoT devices has exploded in governments and the private organizations that support these governments. These challenges are compounded by the fact that most devices use many or more different radio frequency technologies, such as Wi-Fi, ZigBee, Bluetooth, and Bluetooth Low Energy (BLE). Even more urgently, federal high security agencies have had to rely on the honor policy and the reporting policy to limit the entry of devices emitting RF without the ability to track and manage them effectively on the ground. network.
A unified solution to mitigate vulnerabilities in RF-emitting devices
Federal contractors needed a unified solution to detect and locate RF-emitting devices in order to improve overall security while better protecting the people using those devices and the physical areas where these devices exist on the network.
To create this unified solution, Aruba’s secure enterprise wireless LAN solution and Aruba ClearPass Policy Manager can be integrated with Bastille Networks, to close the huge security gap created by RF emitting devices. Federal IT agencies can now implement this integrated solution to establish RF security policy based on real-time detection capabilities while establishing automated alerts and enforcement policies.
Automate the application of RF geographic barriers
Bastille uses software-defined passive radio sensor networks to detect and locate cellular, Bluetooth, BLE and Wi-Fi devices with precise locations in real time. All RF-emitting devices, whether or not they are licensed on a campus or advanced deployment location, can be accurately located on a floor plan or area map.
Caption: Cards in ClearPass can help IT teams track and automate the enforcement of pre-defined policies for RF emitting devices on the network
With Bastille and ClearPass, IT can establish geographic barriers that include or exclude areas where devices are or are not allowed. If an RF-emitting device, whether it’s a personal cell phone, fitness tracker, or sensors on the data center infrastructure, is located where it shouldn’t (or should be). which it should not do), an alert is sent through ClearPass and automated execution can then be applied.
Automated actions are taken according to the specified policies of the given government agency. When a mobile device crosses a geographic boundary, Bastille communicates with ClearPass to enforce network access based on the policies defined for that physical location.
If a mobile device crosses a geographic boundary, such as on the wrist of an unintentional federal contractor in a secure facility where no RF-emitting device is permitted, Bastille will contact ClearPass. This time, ClearPass will disconnect all wired terminals and desktops from the network, preventing data exfiltration. Other actions can be taken, such as alerting IT helpdesk to document the breach or even notifying a physical security team to locate the device, if necessary.
With the integration of Aruba and Bastille, federal IT managers have situational awareness of all RF emitting devices in their respective facilities and other defined areas, but with the added ability to immediately mitigate risk. if a threat appears. In short, federal agencies and contractors have a more effective method of reducing risk than simply relying on a policy of honor and good intentions.
Want to learn more about protecting the network from unauthorized RF devices? Watch the on-demand webinar “Get Rid of Shadow IT and RF Network Blindness: RF Geofence Policy Enforcement” with Bob Baxley, CTO in Bastille, and Khuong Tang, Senior Systems Engineer in Aruba.
Find out more about Federal IT solutions from Aruba.
Copyright © 2021 IDG Communications, Inc.