Special Coverage Series

Network Computing

Special Coverage Series


Enterprise WLAN Security Essentials

As Wi-Fi grows in the enterprise, companies are under pressure to secure their wireless networks. Here are some basic steps for Wi-Fi security.

The wired world enterprises have come to know is increasingly turning wireless, and the proliferation of wireless networks makes WLAN security increasingly critical to corporate security.

In its annual Network Barometer Report, IT services firm Dimension Data said most of the clients it assessed had networks composed of roughly 80% wired ports and 20% wireless LAN ports, but it expects that ratio to reverse in the future. Meanwhile, analysts with research firm TechNavio estimate the global WLAN equipment market will see an annual growth rate of nearly 18% between 2012 and 2016.

More Insights

Webcasts

More >>

White Papers

More >>

Reports

More >>

Wireless guest policies are a first step toward WLAN security, vendor executives said.

"Organizations need to determine how much bandwidth they want to give guests and whether or not they should have access to any corporate resource," says Peter Lane, senior product manager at Aruba Networks. "Traditional guests [typically] will be limited to Internet access (including VPN protocols), while contractors, consultants or other VIP guests may have additional access to some internal resources such as printers, database servers and email."

Employee WLAN access is a little more complicated, he says. "Questions organizations need to answer to determine appropriate employee access include: What device types are employees using? How should they connect, and what resources/systems should they be able to access?" says Lane.

The growth of the bring-your-own-device (BYOD) trend has added new challenges for securing Wi-Fi networks, driving the need for additional mobile policies, says Hemant Chaskar, VP of technology and innovation at AirTight Networks.

Consequently, enterprises need to find ways to address the secure onboarding of employee-owned devices and should look to develop separate Wi-Fi access policies for BYOD devices and devices provisioned by IT, he says.

In addition to creating policies, enterprises need to implement Wi-Fi encryption and 802.1x-based authentication. "For smaller organizations that do not have RADIUS/AD infrastructure, WPA2-PSK (Pre-Shared Key) is also a viable standards-based alternative," says Chaskar. "WEP should be considered equivalent to open--i.e., insecure."

[Find out about detecting rogue APs, supplicant settings, wireless intrusion prevention and more in "How To Secure WLANs: A Visual Overview" slideshow.]

User traffic should also be segmented, Lane advises.

"Use an integrated stateful firewall with user roles to segment traffic," says Lane. "For example, a university could segment guests, students and faculty into different roles behind different sets of firewall rules in the mobility controller or virtual controller. This would allow the organization to scale their network easily without making large security compromises and exposing applications or servers to attack or unauthorized access by those who don’t need or shouldn’t have access."

Running VPNs also an option, but since this is typically software-based, it can result in significantly degraded performance, says Lane. "VPNs also have issues with regard to 'starting' a connection. To secure the connection, no traffic should leave the client until the VPN is up and operating. This can be a problem for applications that automatically try and connect to other systems."

While some in the industry suggest organizations can also consider making their network ID invisible, the effectiveness of that has been questioned due to the availability of hacking tools that can be used to reveal SSIDs.

"SSID hiding reduces temptation from casual attackers, so it’s a useful feature," James Lyne, director of technology strategy at Sophos, noted in a report on Wi-Fi security. "However, be aware that within a few seconds any attacker with basic knowledge will reveal this wireless network name. It is a very light defense that you shouldn't rely on. Make sure you combine it with strong encryption and a good password."



Related Reading



Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 

Editor's Choice

Research: 2014 State of Server Technology

Research: 2014 State of Server Technology

Buying power and influence are rapidly shifting to service providers. Where does that leave enterprise IT? Not at the cutting edge, thatís for sure: Only 19% are increasing both the number and capability of servers, budgets are level or down for 60% and just 12% are using new micro technology.
Get full survey results now! »

Vendor Turf Wars

Vendor Turf Wars

The enterprise tech market used to be an orderly place, where vendors had clearly defined markets. No more. Driven both by increasing complexity and Wall Street demands for growth, big vendors are duking it out for primacy -- and refusing to work together for IT's benefit. Must we now pick a side, or is neutrality an option?
Get the Digital Issue »

WEBCAST: Software Defined Networking (SDN) First Steps

WEBCAST: Software Defined Networking (SDN) First Steps


Software defined networking encompasses several emerging technologies that bring programmable interfaces to data center networks and promise to make networks more observable and automated, as well as better suited to the specific needs of large virtualized data centers. Attend this webcast to learn the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging.
Register Today »

Related Content

From Our Sponsor

How Data Center Infrastructure Management Software Improves Planning and Cuts Operational Cost

How Data Center Infrastructure Management Software Improves Planning and Cuts Operational Cost

Business executives are challenging their IT staffs to convert data centers from cost centers into producers of business value. Data centers can make a significant impact to the bottom line by enabling the business to respond more quickly to market demands. This paper demonstrates, through a series of examples, how data center infrastructure management software tools can simplify operational processes, cut costs, and speed up information delivery.

Impact of Hot and Cold Aisle Containment on Data Center Temperature and Efficiency

Impact of Hot and Cold Aisle Containment on Data Center Temperature and Efficiency

Both hot-air and cold-air containment can improve the predictability and efficiency of traditional data center cooling systems. While both approaches minimize the mixing of hot and cold air, there are practical differences in implementation and operation that have significant consequences on work environment conditions, PUE, and economizer mode hours. The choice of hot-aisle containment over cold-aisle containment can save 43% in annual cooling system energy cost, corresponding to a 15% reduction in annualized PUE. This paper examines both methodologies and highlights the reasons why hot-aisle containment emerges as the preferred best practice for new data centers.

Monitoring Physical Threats in the Data Center

Monitoring Physical Threats in the Data Center

Traditional methodologies for monitoring the data center environment are no longer sufficient. With technologies such as blade servers driving up cooling demands and regulations such as Sarbanes-Oxley driving up data security requirements, the physical environment in the data center must be watched more closely. While well understood protocols exist for monitoring physical devices such as UPS systems, computer room air conditioners, and fire suppression systems, there is a class of distributed monitoring points that is often ignored. This paper describes this class of threats, suggests approaches to deploying monitoring devices, and provides best practices in leveraging the collected data to reduce downtime.

Cooling Strategies for Ultra-High Density Racks and Blade Servers

Cooling Strategies for Ultra-High Density Racks and Blade Servers

Rack power of 10 kW per rack or more can result from the deployment of high density information technology equipment such as blade servers. This creates difficult cooling challenges in a data center environment where the industry average rack power consumption is under 2 kW. Five strategies for deploying ultra-high power racks are described, covering practical solutions for both new and existing data centers.

Power and Cooling Capacity Management for Data Centers

Power and Cooling Capacity Management for Data Centers

High density IT equipment stresses the power density capability of modern data centers. Installation and unmanaged proliferation of this equipment can lead to unexpected problems with power and cooling infrastructure including overheating, overloads, and loss of redundancy. The ability to measure and predict power and cooling capability at the rack enclosure level is required to ensure predictable performance and optimize use of the physical infrastructure resource. This paper describes the principles for achieving power and cooling capacity management.