Industry View
Accountability in Enterprise Wireless Deployments
Sunil Cherian of Array Networks looks at using wired infrastructure to better secure wireless networks
By Sunil Cherian, Array Networks
IT needs to know that when they are dealing with a corporate owned laptop vs. a guest laptop. There needs to be strong encryption from the laptop through the wireless network in to the corporate network. IT also would like the users to authenticate themselves using existing infrastructure such as Active Directory, and would like the guests to somehow authenticate themselves too.
The Limits of Today's Solutions
There are many enterprise WLAN solutions that have developed features to address some of these problems. Unfortunately, many of the solutions end up being a patchwork of features that one pays dearly for and is inadequate compared to what is commonly used with the wired infrastructure.
In the wireless world, rather then addressing the overall problem of WLAN security, problems get addressed independently as they come along. Not surprisingly, many of these solutions are silos unto themselves and work best when deployed from one vendor. The ever changing nature of the market place has also made these moving targets with continuous updates and upgrades of infrastructure to take advantage of the improvements in technology that have become so necessary.
Leverage the Existing Wireline Infrastructure
Given this landscape, it is worth asking if there is a different way to do things. In the wired world, there are Layer 2 switches that do a great job of switching packets at tremendous speeds. There are Layer 3 switches or routers that do a great job connecting networks together. There are authentication infrastructures such as Active Directory, LDAP and RADIUS that validate identity. There are authorization infrastructures such as firewalls and Access Control Lists. There is an accountability infrastructure that provides logging and reports. There are access technologies such as IPSec and SSL VPNs that provide bridge from outside world to the inside. There is a NAC infrastructure, end point security, IDS / IPS etc. And the list goes on.
Given the existing investment in to all of these infrastructure technologies, and the deployment of many wired and remote users behind this existing infrastructure, wouldn't it make sense to have the WLAN infrastructure do Layer 2 and leverage existing technologies to provide the rest of the capabilities? If we could do that, then we can have cheap access points, and the controllers do not need to become any fancier than layer 2/3 switches. This would dramatically lower the cost of enterprise wireless deployments and allows us to mix and match appropriate technology from different vendors, avoiding lock-in and large-scale forklift upgrades.
enterprise WLANs
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- The Strategic Advantage of Cloud-Based Email and BlackBerry Services
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
