Windows Wireless LAN Security Primer
Pages: 1, 2
Virtual Private Network technology (VPN) has been used as a means of point to point security since the 1990s. This technology has gained even more popularity, since its proven security can easily be translated to wireless networks.
When a WLAN client uses a VPN tunnel, communications data remains encrypted until it reaches the VPN gateway, which sits behind the wireless AP (as shown in Figure 3). Thus, intruders are blocked from intercepting unencrypted network communications. Since the VPN encrypts the entire link from the PC to the VPN gateway in the heart of the corporate network, the wireless network segment between the PC and the AP is also encrypted. VPN connections can be managed with a variety of credentials including passwords, certificates, and smart cards. This is another great method of securing enterprise level wireless networks.
Figure 3. VPN provides a secure encrypted tunnel for wireless communications
Hardware Security Switches
One of the newest things to hit the wireless security market are wireless security switches. These switches are hardware-based solutions that plug straight in to the backbone of your wired network and often come as packages complete with access points (see Figure 4). The goal of these switches is to centralize security and management for access points in large distributed networks. Often manageable via a web, application, or command-line interface, they are a great means for providing uniformity for all of the access points across a network. Not only that, but they are also great for keeping rogue access points out of a network. If an access point is not configured in the ACL for the security switch, then you quickly know that it should not be operating on your network. All of the major networking component manufacturers now provide some form of wireless security switch.
Figure 4. An Enterasys RBT-8400 wireless security switch
Determining Your Needs
In this article I have really only covered a few of the most common methods of securing a wireless network. In all honesty, you are always going to be putting your data at some risk when you transmit it over the airwaves. All we can really hope to do is to minimize this risk by implementing some of the measures discussed here. That being the case, which of these methods is right for your network? To answer this question I have created a handy little flow chart (Figure 5). Just keep in mind to not go by this flow chart alone. You should do a serious review of the sensitivity of the information flowing across your wireless network and consult organization management before jumping into a wireless security solution.
Figure 5. Follow this flow chart to help determine your wireless security needs
Return to WindowsDevCenter.