Industry View

Accountability in Enterprise Wireless Deployments

Sunil Cherian of Array Networks looks at using wired infrastructure to better secure wireless networks

By Sunil Cherian, Array Networks

Page 3

Fortunately, there are inexpensive alternatives that allow enterprises to do just that. NAC technology has matured to a point where it can automatically assess the endpoint and classify it as corporate or guest. The integration of NAC with SSL ensures that the transport path is encrypted all the time. Integration with authentication infrastructure such as Active Directory, LDAP and RADIUS provides authentication for employees. The built-in virtualization technology and automatic redirection of guests to different virtual portals eliminate the need to have separate SSIDs for guests and employees or separate guest access infrastructure. The default routing and VLAN technology available on some SSL VPNs can ensure that the guest traffic is completely separated from the corporate traffic and also ensures that nobody is able to reach anywhere except through this framework.

Focus on Identity
The extensive authorization framework allows guests to register for access, and be identified with a permanent token associated with the user's real identity. This can be implemented through a guest registration program such as those managed at many reception desks. It even allows one to differentiate between different types of guests  people visiting the campus for a meeting vs. a contractor who is onsite for a longer time period. Their access needs are different. People attending a meeting only need access to the Internet. Contractors need controlled access to specific applications, but not as much access as the employees on the same network.

Access really needs to be a function of user identity, machine identity and network identity. Implementing this should be automatic and painless. The extensive logging and accountability provided through the access medium provides that persistent association between the user and his actions that is required to provide that audit trail when required by law or higher authorities. The addition of such Layer 7 intelligence is relatively inexpensive and separates out Layer 2 from advanced functionality.

Conclusion
By using what is available in the market place today, enterprises can avoid expensive lock-in, and continue to gain performance improvements when they want, without compromising on security and gain substantially in the area of accountability.

The author is Vice President of Product Marketing at Array Networks, a leading Enterprise Secure Application Delivery vendor who specializes in high performance SSL VPNs, Universal Access Controllers, Application Delivery Controllers, Traffic Management and Public Key Infrastructure solutions. He may be contacted at sunil@arraynetworks.net or 408-240-8700. A member of the founding team at Array, Cherian has served as Sr. Director of Product Management and Director of Engineering at Array. Previously, Cherian served as senior architect for Alteon WebSystems where he was responsible for several layer 4-7 technologies. Before that Cherian worked with Lucent, Octel and VMX. Cherian holds a Bachelors Degree in Computer Science and Engineering from College of Engineering, Trivandrum, India, and a Masters in Computer Science from the State University of New York, Albany, NY.

enterprise WLANs

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors