Security No Problem for 802.11

Large enterprise 802.11 wireless LAN can be as secure and manageable as your wired network, according to industry experts from Bluesocket Inc., Extreme Networks Inc. (Nasdaq: EXTR), and Legra Systems Inc. speaking on an Unstrung Web seminar last Thursday.

The Webinar focused on providing network managers with practical recommendations for running their wireless LANs with minimum hassle and maximum return. Major themes included:

  • Centralizing management of the network and creating a system view of all network elements
  • User and device management
  • Control over the Radio Frequency (RF) environment
  • Managing widely distributed access points
  • Security
“For security it is pretty cut and dried,” explained Sean Tippett, product manager for unified access at Extreme Networks, in the introduction. “If you don’t have a secure wireless infrastructure then there is no return on investment for wireless.”

“That’s why the standards bodies and vendors have been moving so quickly over the past two years. You see the fruits of this labor in WiFi Protected Access, which has brought the cost of security down dramatically.”

WiFi Protected Access (WPA) is a Layer 2 security standard backed by the Wi-Fi Alliance. All the speakers agreed that you should implement WPA if your equipment supports it.

A layered approach to security was also recommended. Paul Debeasi, vice president of marketing at Legra Systems, said companies should implement WPA even if they were also using Layer 3 IPSec VPNs, because this would give extra protection from Layer 2 attacks that exploit vulnerabilities in the 802.11 MAC standards.

Dave Juitt, chief technical officer of Bluesocket, identified increased use of PKI certificates and the integration of RF management software into 802.11 chipsets as important trends for the near future of enterprise 802.11.

He also said a major challenge for network managers is the “explosion” in the different types of devices they’ll need to support. “As we move forward, the complexity is moving out from the core of the network to the user’s device,” said Juitt, “and all these devices have very different capabilities, from a computational or application perspective.”

Characteristics such as battery life, the cryptographic algorithms that devices can run, and the built-in IPSec and 802.1x (an IEEE authentication standard) capabilities of various operating systems were cited as areas of importance to the network manager.

The full, hour-long Webinar, including PowerPoint slides and the Q&A session, is archived on the Unstrung Website -- free to view at the following link: Managing and Securing Enterprise 802.11 Wireless LANs

— Gabriel Brown, Research Analyst, Unstrung

Be the first to post a comment regarding this story.
Sign In