How to deploy wireless network security

Many of us are familiar with the development of wireless network technology. We will introduce how to deploy wireless networks in detail here.

Due to business needs, enterprises have higher and higher mobile requirements, and security risks also emerge. Although a solution has been developed to solve specific security problems, we also need to adopt a comprehensive approach to enhance the WLAN (Wireless LAN, Wireless Local Area Network) by using the wired Network infrastructure in the enterprise Network ), security protection.

Wireless Network security deployment: the development of enterprise WLAN

Enterprise WLAN has developed rapidly, and it is no longer just a simple and cheap access point that can cover wireless networks in homes or small offices. There are two major driving forces behind the development of WLAN deployment. The first is to enhance production efficiency and provide wireless access for customers or employees who use laptops.

The second driving force is to replace wired infrastructure with wireless and be promoted by advanced technologies (such as the 802.1n standard. The advantages of increasing the wireless speed to Mbps and the ability to establish a wireless network within the enterprise, all of which make the wireless Technical Performance sufficient to become a better substitute for wired. In addition, many effective attacks have been developed to help determine the optimal network coverage, avoid overlap, and make better use of spread spectrum to reduce collision and maximize performance. Although the focus is on performance, the real benefit of wireless is to bring better mobility to productivity.

Wireless Network security deployment-increasing mobile security risks

However, mobility also causes many security risks and problems. Because the wireless endpoint is not fixed, compared with the wireless network, enterprises are more assured of the security of the wired network, because the wired network is protected by the physical walls and doors of the Enterprise building, there are also access cards and User Authentication Infrastructure. Because wireless networks can be easily accessed by people outside the building, wireless networks are more vulnerable to theft, attacks, and various forms of anonymous attacks.

Of course, many technologies have been developed to solve these problems, including transferring from WEP to LEAP, WPA, 802.1x, and embedding IPSec VPN on clients and access infrastructure. All these methods have certain limitations.

Customer access is also a major problem of Enterprise WLAN, because it may cause serious consequences. If the customer uses an enterprise's wireless network to access and perform illegal operations, the enterprise that provides network interfaces must assume certain legal liabilities. If the wireless network is broken or important databases are attacked, the negative impact on the Enterprise will be more serious. These results may include fines, litigation and reputational losses.

The IT department needs to clearly know whether the enterprise employee's notebook or the customer's notebook is accessing the wireless network. When the notebook accesses the enterprise network through the wireless network, strict encryption is required. The IT department should also use existing infrastructure (such as Active Directory) to authenticate employees and expect customers to do the same.

Limitations of the current solution for deploying wireless network security

There are many enterprise-level WLAN solutions that can solve the above problems, but many solutions are expensive and feature-less perfect, which is much inferior to the encryption and verification functions of common wired infrastructure.

In the wireless world, all WLAN security problems cannot be solved. The strange thing is that many solutions are very independent. Only by obtaining the overall solution from the same supplier can we get the best results. The changing market also makes these mobile products need to constantly update and upgrade their infrastructure to make full use of the necessary improved technologies.

Secure deployment of wireless networks using existing wired infrastructure

In this case, we should ask whether there are different methods. In the wired world, Layer 2 switches exchange a large number of data packets at a magical speed, while Layer 3 switches and routers perform network connection, there are also verification infrastructure (such as Active Directory, LDAP, and RADIUS) for direct verification. In addition, the verification infrastructure (such as firewall and Access Control List) can also enhance protection, access technology (such as IPSec and ssl vpn) can provide external network to internal network connections, of course, there are also NAC infrastructure, endpoint security, IDS/IPS, and many other wired facilities.

Given the existing investment in all these infrastructure technologies and the deployment of various wired and remote users behind these existing infrastructure, if we place WLAN infrastructure in Layer 2 and enable existing technologies to provide other functions, will it save a lot of money? If we do this, we can have a cheap access point, and the Controller does not need to be better than the Layer2/3 switch, which will greatly reduce the cost of wireless deployment for enterprises, in addition, enterprises can mix and use different suppliers to avoid large-scale locking and upgrading.

There are also cheaper alternatives to help enterprises achieve this. The NAC technology has matured so that it can automatically access endpoints and identify whether enterprise access or customer access. The integration of NAC and SSL ensures that the transmission path can be encrypted at all times, and the integration with the verification infrastructure (such as IPSec and ssl vpn) can also provide staff verification. The built-in virtualization technology and the customer's automatic redirection to different virtual ports can eliminate the need for customers and employees to use separate SSID or independent customer access devices. The default routing and VLAN technologies on some SSL VPNs ensure that the client traffic is fully differentiated from the enterprise traffic, and that only through this framework can access other locations.

Authentication for secure deployment of Wireless Networks

The extensive authentication framework allows customers to register for access and possess a permanent token as the real identity of the user, which can be achieved through the customer registration procedure (such as the reception function. You can even differentiate different types of guests and log on to different networks for them.

Identity authentication should be deployed automatically. Logs and accountability can provide clues related to the extremely behavior of users who access the media. When required by law or higher-level supervisors, this clue can be provided.