March 4, 2010

Building Secure Wireless LANs

Security of a wireless network still ranks as one of the largest concerns of IT professionals planning to roll out an enterprise wireless LAN. Many people erroneously believe that a wireless LAN is inherently insecure. This is largely due to security flaws in early Wi-Fi protocols like WEP (Wired Equivalency Protocol), more recent vulnerabilities found in TKIP and lack of awareness as to how to deploy a secure WLAN. Today the security concerns of the legacy protocols have been largely eliminated and best practices for secure deployment have been developed allowing many wireless deployments to be arguably more secure than their wired counterparts.

When people first think of wireless security they typically first think of things like WEP, WPA and rogue detection. While these things are an important part of wireless security, they are only a part of building a secure wireless network.

Wireless security just like wired security has gone through evolutionary improvement over the years. As security evolved, more capabilities were added to improve the security of the network and deal with new threats. Today security is more than just a single feature and instead is a solution and set of practices defined to provide security for a specific network configuration. This whitepaper will help the wireless network administrator or security manager to understand the security capabilities in a modern Wi-Fi solution, where they should be used and how the WLAN integrates with other security devices in the network. Finally this document will describe how Aerohive provides a comprehensive and market leading Wi-Fi security solution for the enterprise.

Download Paper
(Webtorials registration required. Click here if you forgot your username/password.)


This is a great complement to the current discussion on WIPS

In particular, it gives a broad view of a wide range of wireless security issues, including Wireless Privacy, Authentication, Client Management and NAC, Identity Based Access Control, Network Firewall and Intrusion Detection and Protection, ogue Detection and WIDS, Security Reporting and Security Event Management (SEM), Device Physical Security and Data Storage, and Compliance.

I highly recommend your adding this to your personal library.

The Wireless Intrusion Protection discussion is primarily directed toward dedicated WIPS solutions.

Can you give us some insight as to when a separate overlay WIPS solution is needed as compared to the WIPS protection that can be integrated into APs?

The most obvious places for dedicated, overlay WIPS solutions are in locations where Wireless access is prohibited (often called “no wireless zones”). However there are other useful places, in organizations that separate their security and infrastructure teams overlay sensors provide appropriate checks and balances. Finally, where full time sensors are required an overlay network is also a good idea. For classic rogue and attack detection, most wireless infrastructure vendors, including Aerohive, offer a comprehensive solution.

When looking at WLAN security from a broad perspective, what are the two or three most common mistakes that organizations make in deployment that could be easily rectified?

The single largest mistake that organizations make is to assume that WPA2 Enterprise (802.1X) is too complex and end up deploying WPA Personal (Pre-Shared Key). Pre-Shared Key (PSK) does not offer the managability, revocation or authentication required by most enterprise deployments. Putting together a plan for supplicant management (802.1X client) along with RADIUS and directory integration does not need to be hard. Active Directory can be used to push out supplicant configuration to Vista and Windows 7 clients taking care of the hardest components. RADIUS and Directory integration can be made easy With Aerohive’s integrated RADIUS and directory integration with AD, eDirectory, OpenLDAP and other directories. In places where this is impossible, Aerohive offers Private PSK, which provides individual Pre-Shared Keys to each client and therefore offers 802.1X like management and security.

Search Webtorials

Get E-News and Notices via Email




I accept Webtorials' Terms and Conditions.

Trending Discussions

See more discussions...

Featured Sponsor Microsites



Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Continuing past this point indicates your acceptance of our terms of use as specified at Terms of Use.

Webtorial® is a registered servicemark of Distributed Networking Associates. The Webtorial logo is a servicemark of Distributed Networking Associates. Copyright 1999-2018, Distributed Networking Associates, Inc.