Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
11 June 2007  
Untitled Document
Sections

Market
Management
Technology
Technology Life

Columns

Between The Bytes

Events

Technology Senate
Technology Sabha
Specials

HMA Bankbiz
UPS Batteries

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Network Magazine India
Exp.Channel Business
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Express Healthcare
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Technology - Article

Vendor Accent

Best Practices in Deploying a Secure Wireless Network

While the benefits of wireless technology are inarguable, wireless networks pose inherent security risks as they eliminate physical boundaries for the network. By Shubhomoy Biswas

The old network paradigm of the wired user going to where the data resides is obsolete. The growing popularity of wireless LANs brings the data to the user, resulting in a more productive and efficient workforce. Mobile users access the network from anywhere in range of the wireless network, at any time. However, despite the overriding benefits, business owners and network administrators have raised legitimate concerns about implementing and managing wireless access to the network. Wireless networks introduce a number of critical security risks and challenges, making it important to implement strong security measures to mitigate these risks.

Today’s challenge

Network and security administrators are seeking ways to protect their wireless networks from the very same threats against which they must diligently guard their wired networks. Data security is reported as the primary reason for organizations not implementing wireless LANs. Not coincidentally, unauthorised access to sensitive information and eavesdropping on the network are the same security concerns related to implementing a wired network. Similar to data transmitted from the Internet, one cannot be sure of where wireless data entering the network originates since it is transmitted through walls and buildings. Therefore, as with data from the Internet, the wireless network must be treated with suspicion and segmented from the internal network.

Guarding against a more sophisticated class of threats tends to consume a far greater amount of resources, so duplication of these sorts of threat management systems for a wireless network is not practical. There needs to be a converged method of threat management.

Key security requirements of an integrated network

The basis of a sound wireless security strategy requires the following guidelines:

  • Apply the same security policies to the wireless network as with any suspect network.
  • Implement a layered security approach, starting with a robust firewall (one that integrates a configurable, high performance deep packet inspection engine as the foundation) and then adding a dynamically updated database containing thousands of attack and vulnerability signatures.
  • A layered approach results in a complete security solution that protects your network against a comprehensive array of dynamic threats, including: viruses, worms, Trojans, software vulnerabilities (such as buffer overflows), peer-to-peer and instant messenger applications, backdoor exploits and other malicious code.
  • Apply the same security policies for wireless clients connecting through the wireless network as you would to remote users connecting through the Internet to the internal trusted network.
  • Such a deployment method must be thoughtfully planned and proactive measures must be put into place to ensure security, reliability, scalable performance and the ease of centralised management.

Demand proven security

Any user crossing a suspect network to get to an internal network must use IPSec VPN client software on their computers (laptops, home office desktops or branch office workstations). IPSec has been the standard for many years and has proven to be rock solid in providing everything from VPN access over the Internet to secure communication for financial transactions. The VPN client addresses authentication and traffic encryption with the internal network gateway.

Centralised security products implementing wireless security must also be able to differentiate between trusted and suspect networks and enforce security policies to all traffic traversing the network. A company should employ a user database to identify users for the purpose of granting access and tracking usage for accountability. One user database should be shared between the wired and wireless networks so the network administrator does not have to maintain two discrete databases.

Address evolving threats and productivity issues

Network attacks are evolving rapidly and becoming more sophisticated. A stateful packet inspection firewall and VPN solution are necessary, but no longer sufficient to ensure network integrity and comprehensive security. Even traditional desktop anti-virus clients are not adequate in blocking the latest variants of viruses, worms and Trojans that have taken the spotlight in recent security news headlines. Regardless of the type of network (wired or wireless), it is imperative for business owners and network administrators to take the necessary security precautions to avoid being vulnerable to blended attacks. These types of attacks are introduced through e-mail, attachments, embedded in Web pages or transmitted through peer-to-peer applications. Security solutions such as gateway anti-virus, anti-spyware and intrusion detection and prevention are required to mitigate these types of blended attacks. The centralised security solution should apply security services to all network traffic and between network segments in combination with traditional firewall and VPN policies.

Ensure ease of management

The integration of wireless and wired security into one platform should include the capability to configure and manage both wired and wireless networks, and enforce corporate security policies for the networks from a single central management interface. This eliminates the need to train administrators on multiple security management platforms, as well as the need to perform redundant management activities. Central control of logging and reporting of auditable network activities should also be included.

An effective wireless security solution must allow the network administrator to communicate with hundreds of access points without having to deal with each one individually. Single security management requires the ability to manage and configure all access points from one central management interface, and security policy updates should be automatically provisioned to each access point from the central console.

Easily deploy wireless guest Internet access

A wireless security solution must be able to provide easy-to-deploy guest access, allowing easy, extemporaneous guest access to public resources such as the Internet, while ensuring that they do not have access to trusted network resources such as the wired LAN.

The challenge is in the ability to simultaneously support a wireless environment where trusted users can access network resources while still providing the continuity of guest access to visitors, without the need to deploy a separate, parallel network. To accomplish this goal, the security solution must provide guest access services with authentication mechanisms that differentiate guest users from trusted wireless users, and provide different levels of access based on the user and the company’s acceptable use policies.

Easy deployment of guest access is also an important factor. The solution must provide a simple way to give wireless guest access through the automatic generation of guest accounts without compromising the integrity of the network.

Plan for Growth

A wireless security solution must be easy to deploy and scale, while providing an efficient transition from legacy wireless networks.

Scalability is essential. Organisations with large campuses may need hundreds of access points and a wireless security solution can simplify deployment by automating the initial provisioning of the access points, as well as automating large scale changes such as distribution of new firmware and configurations. A wireless security solution should make it easy to connect and automate the operability of as many sanctioned access points as needed.

Wireless security solutions should also be transparent to the user without the mandatory need for difficult to deploy and manage supplicant software or other changes to their devices.

Anticipate the User Experience

From the user perspective, a wireless solution must provide sustained network access with no discontinuity regardless of the user’s location within a facility. This capability is fundamental if users are to fully leverage the convenience of wireless.

The user demands a transparent and uninterrupted network experience. At the same time, the network administrator must guarantee secure wireless coverage throughout the facility while still protecting the network. Improvements are constantly being made to this level of continuous service, and to enhancements for supporting streaming voice and video applications. It is therefore important to select a wireless security vendor committed to keeping pace with and to adopting emerging standards and innovations in these areas by means of timely and easily deployed updates to their access point’s firmware.

Regardless of whether the network is wired or wireless, steps should always be taken to preserve network security and integrity. Because the strongest security approach is to treat your wireless network with the same distrust as the Internet, a gateway security appliance should be deployed which can centrally manage and enforce security on both the wired and wireless networks as well as segment the suspect network from the internal network.

Although there is much discussion surrounding the latest wireless security standards, it is currently recommended to deploy proven security technologies and techniques such as IPSec VPN. The maturity and proven security of IPSec VPNs assures that your investment in wireless security, as part of a complete security policy, is not wasted. There is no guarantee with these new wireless security standards. They must be proven over time.

A comprehensive firewall appliance that has multiple integrated security functions and integrated wireless functionality offers the most effective and efficient way of providing rock solid protection for your network—both wired and wireless. This solution provides maximum protection by integrating firewall, VPN, gateway anti-virus, intrusion detection, intrusion prevention and content filtering capabilities in a single platform.

Disparately viewed and managed wired and wireless networks are destined for obsolescence. Wireless security must move in a new direction with solutions that bring together both wired and wireless networks in a cost-effective, efficient and highly secure platform. Only this type of comprehensive solution can address the needs of all classes of network user and network administrator.

The author is Country Manager, SonicWALL India

 


UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.