The market is poised to leave concerns over WLAN security behind in 2005. Vendors have made the technical moves necessary to resolve the security issues that have delayed widespread deployments of wireless networks in the enterprise over the past few years. It now incumbent upon the vendor community to do three primary things:
- Educate enterprise customers that there are now wireless security features in place that should allay their concerns centred around the use of the wireless LAN as a productivity enhancing tool.
- Provide 'ease of use' tools to ensure that IT Manager can implement an appropriate level of security and maintained this without the requirement to call in (expensive) external consultants.
- Assist IT managers in the development of a wireless policy appropriate for their organisation. This holds valid even if a conscious decision has been taken NOT to deploy wireless – it is still critical to understand what is occurring in the enterprise air space by means of an Intrusion Prevention system (IPS).
As it becomes generally accepted that Wireless LANs can be deployed in a secure fashion then new fronts will be opened up as vendors strive for innovation and differentiation. These new battlegrounds will be focused on four critical areas. First, ease of deployment; second, wired and wireless network integration; third, scalability; and, finally, how users will be able to take advantage of emerging standards.
The latest multi-function wireless LAN appliances, which today feature elements formerly offered as individual components, are starting to make the deployment of wireless LANs far more scalable – from wireless network 'out-of-a-box' solutions for branch offices to the corporate campus with many thousands of users. Multi-function devices typically feature an Ethernet switching with integrated Power over Ethernet (POE), security – in terms of authentication, hardware encryption, VPN termination, certificate authority and fire-walling, management and the capability to interface with the existing enterprise network management system. Amalgamating all these features together straight away leads to easier and quicker deployment plus tighter integration = smaller upfront equipment and running costs.
Such systems enforce a policy based approach, configuring trusted wireless access points by profiles, are secure out-of-the-box, for infrastructure and clients, at the same time as isolating rogue APs and 'untrusted' wireless activity, and communicate defined exception conditions back to incumbent IT infrastructure management systems.
The market is also changing with regards to radio access methods. Access points are rapidly converging to become all-in-one devices supporting multiple 802.11 standards. They are automatically configured ('Zero Config') and feature enterprise class security coupled with Intrusion Prevention monitoring features. All this for little more than a SOHO AP cost 12 months ago, due to the economies of scale reaped from the production of millions of SOHO devices and the complete commoditization of the hardware.
The issue of integrating wireless with existing wired networks will become increasingly important. No one wants an additional network management system for Wireless LANs. Enterprises have invested significant amounts of capital and expertise in large scale wired network management systems, (such as HP Openview, CA Unicenter, IBM Tivoli etc) and will accept nothing less than the full integration of the wireless component.
A successful solution must integrate with legacy networks and their management systems on a multi-site basis, offer integrated WAN connectivity options, plus have the ability to provide quality of service (QoS) enabling additional applications such as voice over WLAN (VoWLAN) and seamless handoff to and from cellular networks going forward.
There are few WLAN offerings ready for these challenges. What is needed is an architecture that contains all the elements to integrate the various existing and emerging trends and technologies in order to significantly increase the return on WLAN investments.
The most important element of the implementation of wireless LANs (WLANs) is that of the establishment of a wireless policy. It could be as simple as a 'zero wireless' policy enforced by employee discipline (or termination in the extreme case of some financial institutions), right through to controlled, secure access for employees complimented by completely open access in public areas for guests.
Whatever the policy adopted by the organization -- it needs to be backed up by fact-based decision-making. The only effective way to understand who or what is using the organization's air space is by installing a dedicated Wireless Intrusion Detection System that provides those facts.
About the Author:
Martin Malina is CEO of Madge Limited, a global supplier of advanced networking product solutions to enterprises, and is the market leader in Token Ring networking. Malina is pioneering next generation networking solutions, which enable the painless and secure deployment of wireless networks in enterprises while protecting customers' investments in existing LAN's. For more information visit www.madge.com