THEY ARE UBIQUITOUS IN HOTELS, AIRPORTS and the coffee shop next door. Wireless LANs are surging in popularity, and over the next two years, research firm META Group Inc. predicts more than 50 percent of organizations will be deploying them.
This growth in adoption is creating new headaches for network administrators, who face serious challenges when it comes to securing the WLAN. Application layer intrusions such as viruses, spyware, worms and trojans seemingly are amplified in the wireless world. Rogue access points present yet another obstacle to secure computing.
Wireless technology is evolving rapidly, but the same cannot be said for wireless security. Many wireless networks implemented today are not as secure as they should be. Organizations that do properly secure their wireless networks are finding some existing solutions to be expensive and often difficult to deploy and manage. However, there are cost-effective and secure wireless technologies on the market today that can solve many of the issues faced by wireless security and tame this tiger with less effort and expense.
Although conventional wireless solutions do not address all the needs of both the network administrator and the wireless user, emerging wireless security solutions that integrate both wired and wireless security into one security appliance solve many of these problems by eliminating the need for a parallel network infrastructure, and providing a unified wired and wireless security solution that is easy to deploy and manage.
An integrated WLAN security package should include single security management. The integration of wireless and wired security into one platform should include the capability to configure and manage both wired and wireless networks, and enforce corporate security policies for the networks from a single central management interface. Central control of logging and reporting of firewall and network activities should be included. Security policy updates also should be provisioned automatically to each access point from the central console, so the network administrator can communicate with hundreds of access points without having to deal with each one individually.
Also, a wireless security solution should not differentiate between the security needs of wired and wireless, but rather ensure the same levels of security are met on both networks. For this reason, the integration of the networks also should bring core wired network services to the WLAN. These services include firewalls and VPNs, as well as deep packet inspection capabilities such as antivirus and content filtering.
Seamless roaming is another feature that should be included in an integrated WLAN security package. The user demands a transparent and uninterrupted network experience regardless of location within a facility, while the network administrator must guarantee secure wireless coverage throughout the facility while still protecting the network. A key to maintaining this connectivity is to find a wireless security vendor committed to keeping pace with standards updates for access point chipsets that address roaming issues.
A wireless security solution also must be able to provide easy-to-deploy guest access, allowing guest users to access only untrusted public resources, such as the Internet, while ensuring they do not have access to trusted network resources, such as the wired LAN.
Rogue access point detection also is critical for a wireless security solution to protect the network from unauthorized users. This requires the appropriate sensor mechanisms not only to detect the intrusion but also react to the security breach. “Finding rogue access points is only half the battle; the other half is determining their intent and doing something about it,” says Peter Firstbrook, senior research analyst with META Group’s Infrastructure Strategies. “CIOs must make sure that they employ antirogue systems that can identify a legitimate security concern and disable the threat using radio signals.”
Finally, a complete solution should support wireless security standards such as wired equivalent privacy and WPA. IEEE has released robust standards in recent years, and it is an advantage to the network administrator to have a security solution that is compliant with these standards. However, CIOs also should be careful not to rely overly on WPA. “While WPA will improve authentication and encryption, it is not a security silver bullet,” says Firstbrook. “The widespread pervasiveness of wireless will make radio frequency monitoring a critical part of the WLAN security puzzle as well.”
In addition to security standards, the wireless solution also must comply with wireless standards such as 802.11a/b/g as well as emerging multimedia standards and access point management standards.
Parallel wired and wireless networks do not represent the future of WLAN security. Wireless security must move in a new direction with solutions that integrate both wired and wireless networks in a cost-effective, efficient and highly secure platform. Only this type of comprehensive solution will allow organizations both to streamline IT administration and maintain a secure network, opening the door to a whole new array of connectivity options for a productive and flexible work environment.
| Links |
| IEEE www.ieee.org META Group Inc. www.metagroup.com SonicWALL Inc. www.sonicwall.com |
