Intel WLAN wireless network security experience

Intel Wireless Network deployment

The irresistible charm of wireless networks has prompted intel to start deploying 802.11b-standard WLAN for 80 thousand employees across the company ). The 802.11b wireless standard is favored by Intel because it provides seamless wireless connections, which can significantly improve network access performance and improve the company's productivity.

This has become more practical as more and more Intel employees begin to use laptops based on the latest intel® mobile computing technology or Intel® mobile processors. Intel employees often carry laptops to conference rooms and other places. With wireless networks, they can access the company's network at any time. The project team can search for files, access presentations, send emails, and perform Web searches as needed without interrupting the meeting process. Currently, about 65% of Intel employees are equipped with laptops.

However, it is not easy to protect such a large network as intel. Intel has two main security goals:

Use powerful authentication features to prevent unauthorized access to the company's network.

Use excellent encryption performance to prevent data from being eavesdropped during transmission.

802.11b Technical Specifications provide a certain degree of protection. Its built-in wired peer-to-peer Security WEP protocol is a common method for user authentication and data encryption. WEP encapsulation technology can disrupt data before transmission, and then use an algorithm named shared key authentication) to authentication the client. Theoretically, only those who have Access Points can decrypt the signal. However, in actual use, WEP does not meet Intel's network security requirements. You can obtain the key infrastructure used to disrupt data from the 802.11b data stream. This means that hackers can re-organize valid keys and use them to impersonate authorized customers on the network to access the WEP-protected 802.11b wireless network. After careful selection, Virtual Private Network VPN technology was eventually favored by Intel IT department.

By deploying a verified VPN security mechanism in the 802.11b network, enterprises can establish secure connections between wireless clients and the enterprise network. After more than three years of practical experience, VPN is still the most popular solution for users. R & D managers of Intel's IT department call IT a tested security solution and are confident that IT can help intel expand its macro chart.

During work, the Virtual Private Network VPN will establish one-to-one security connection between the client and the VPN gateway. In the 802.11b network, the VPN gateway is located behind the wireless access point. Generally, each client of the network connects to the network through a dedicated VPN channel. When data packets are sent from one client to another over a wireless network, they must first pass through the VPN channel and then pass through the Access Point and VPN gateway. Data packets will then arrive at another VPN gateway through a wireless LAN, which will be encrypted and then sent to the receiving client through a wireless access point. By placing the VPN gateway behind the 802.11b access point, the company can ensure that all wireless transmission information is under strict protection.

VPN solution for 802.11b wireless networks:

Data will remain encrypted until it reaches the VPN gateway behind the wireless access point.

Now, with an end-to-end compatibility solution, Intel is deploying this solution on the network. For example, if you select a firewall and VPN solution from the same manufacturer, the compatibility between the two solutions will be relatively high. If multiple mobile and remote communication devices exist in the network, the client's VPN should be controlled by the software. In this case, it is critical that all the terminals of an enterprise use the same software.

Use VPN to enhance the company's network security

Deploying VPN in a wireless LAN has another advantage: Because VPN is a cross-transmission solution, it can become the only technical standard for enterprises to protect wired and wireless networks. From local clients to employees' home computers to laptops used by employees in hotels, the IT department can provide them with a continuous and unified security network.

One real challenge for the IT department is to standardize the numerous VPN solutions in the market. There are many solutions that provide a certain degree of consistency. This is important because it depends on the media involved when using different VPN solutions.) It may cause unnecessary troubles. Intel IT believes that this environment is gradually maturing and will provide higher interoperability and cross-platform support for IT administrators. With the emergence of these solutions, deploying appropriate VPN technologies and corresponding management work for the network will become easier. However, administrators still need to exercise caution in planning to create a solution that supports all related platforms and usage modes. The work will be very difficult, but the return will be gratifying. During the VPN deployment process, Intel has summarized a series of experiences for your reference.

Deployment skills

There is no absolute security in terms of network operations. The intel IT department spends thousands of hours every year revising policies and procedures, deploying the latest technology, and managing the network environment. With the development of wireless networks, we must be more careful. The following are some important things for IT administrators to keep in mind when using wireless technology:

Mastering and flexible application of professional knowledge: security is a special discipline that requires you to have unique insights and rich experience. In the process of mastering IT capabilities dedicated to security issues, all work needs to be carefully considered.

Testing, testing, and retest: The company should consider hiring external consultants to review and test its own security facilities and policies. If you lack relevant professional knowledge, this is the most effective way to help you find the weakest link in the network.

Focus on the wireless environment: from a defined perspective, wireless networks are facing the biggest threat. Almost anyone can use an antenna to easily steal network traffic ...... It can be done even a few miles away. Your security policies and deployment plans should focus on solving this threat.

Seeking for Standardization: One of the charm of WEP is that it provides a general foundation to protect the 802.11b network, and has nothing to do with the specific manufacturer or equipment. VPN is more complex than VPN, but the company can achieve smooth transplantation by purchasing products from a single manufacturer as much as possible. For many large companies, the enhanced security of VPN can make up for the expensive cost.

Exercise caution: If hackers get the key, encryption will lose its due role. Similarly, if attackers can access trusted clients, such as employees' home computers, and use them to access your network, VPN will not help. Therefore, you need to provide employees with a lot of training on password management and computer usage to enhance your security solutions.

Prepare to terminate access at any time: ensure that your account terminates the access process as soon as necessary. If, due to a defect in the IT process, an employee who is dissatisfied or hostile and can access sensitive or critical systems accidentally retains access to the network after termination of employment, the consequences will be disastrous. Therefore, you must be prepared at any time.

Summary

With technologies that maximize mobility and communication flexibility, enterprises can significantly improve employee productivity. The 802.11b wireless standard has many advantages, such as seamless integration, excellent data transmission rate, and support for multi-vendor interoperability. It is an ideal choice for deploying wireless connections. Through careful deployment, Virtual Private Network VPN) and 802.11b wireless standard built-in Wired peer-to-peer Security WEP) protocol combination, will be able to provide powerful security protection for the company's wireless 802.11b environment. Although deploying a Virtual Private Network VPN in an enterprise requires careful planning and management, Intel understands that despite the hard work, it is worth the money.

1. How to protect enterprise wireless network security
2. Brief Analysis of Wireless Network Security