Enterprise Wireless LAN Security

By Motorola
Published 2008, Posted August 2008

Abstract:

Users within segregated large enterprise network environments share the commonality of the data within their corporate LAN, but not necessarily the data residing within carefully defined and proprietary WLAN segments. These WLANs are typically restricted to just those users requiring access to it.

While large corporate LANs are still somewhat viable, they are increasingly being augmented by multiple WLAN segments devised to support unique blends of multi-media and traditional data traffic. Whether these WLAN segments reside in close proximity of one another or in remote locations, each requires unique security mechanisms and must be able to periodically grant and restrict user permissions across their virtual networks.

Today’s network administrator’s must devise security schemes general enough for all to share access to corporate assets, while simultaneously providing provisional or temporary restrictions to specific mission-critical network resources and domains. No single security method can optimally protect data corporately while simultaneously protecting segregated network segments from unsolicited user access.

For this reason, today’s network administrators can be equated to “wireless traffic cops” who enforce laws at both the federal (corporate) and local (individual WLAN) level. Federal laws can be seen as security mechanisms providing data protection for corporate assets regardless of one’s local domain restrictions. These “federal” security mechanisms are designed to protect data from unauthorized access and the hacking of corporate resources. Security mechanisms at the “local” level are often mechanisms authenticating user credentials before access is granted to a WLAN whose data is interpreted as proprietary. Only through deploying an intuitive combination of these federal and local security mechanisms can an enterprise class network administrator enforce a “lawful” population of network segments whose security infractions are kept at the absolute minimum. Fortunately, the savvy network administrator has numerous options available to them for both local and remote wired and wireless deployments.

This paper describes the security challenges network administrators face defining and implementing security mechanisms within diverse wired and wireless network environments.

Paramount in this discussion are the existing Motorola solutions in place now to meet and exceed the data protection expectations of enterprise-class administrators, and Motorola’s plan to support 802.11n as products are introduced.