Integrated wired and wireless LAN security solutions? Not so fast (1)

Many vendors are promoting The integration of wired and wireless LAN security solutions, but Ruairi Brennan, an IT security expert from some network security experts, such as The privacy Supply Board, ESB, of The Irish Power Supply Bureau, thinks less. "Isolating wired and wireless networks only causes security vulnerabilities to exist in Wi-Fi networks," she said ." The wireless LAN of the Power Supply Bureau is composed of 60 Aruba network access points and supports 8000 to 10000 users. It provides wireless access to conference rooms and other areas that cannot use wired networks.

In terms of security, ESB uses the AirTight SpectraGuard enterprise-level wireless IPS wireless Intrusion Prevention product) and SpectraGuard SAFE terminal protection system. After deploying them together, these products can block "bridging" between wired and wireless networks ".

"If a user on a LAN accesses a Wireless AP at the same time, it will bring a lot of security risks," she said. You will build a bridge between a secure LAN and an unknown AP in a wireless network ." This provides an invalid entry point for protected data.

SpectraGuard's packages implement authentication policies to prevent unauthorized devices from accessing the wireless LAN and ensure the security of the wireless LAN. It can also detect illegal APs and prevent them from connecting to the LAN. It also provides centralized management and policy deployment functions. SpectraGuard SAFE is deployed on a terminal to prevent users from connecting to a wireless LAN when connected to a wired network, and vice versa.

Centralized Control of Wireless LAN policies

The Atlanta Health hospital divided a wireless LAN consisting of 2000 Cisco APs into several independent policies and deployed them in six hospitals. Wireless LAN provides free public Wi-Fi for patients, provides private wireless access to the room in the intensive care unit, and remote access to ambulances and mobile caregivers, the Vocera badges communication system is provided for the mobile communication between hospital medical staff, as well as telemetry reports and other types of wireless communication.

According to Pat Zinno, head of infrastructure support and services for the Atlantic Health service, the Atlantic Health service will not use third-party products for wireless LAN security. Security mechanisms such as WPA2 encryption, authentication, and RF monitoring of illegal AP detection will be installed in the AP and controller, which are centrally managed by Cisco wireless positioning devices. No matter what devices are connected to, it can deploy user policies and manage RF capacity according to geographical locations.

Cisco integrated wireless network security and wired network intrusion detection system solutions, but now, the Atlanta wired and wireless security policies are still independent. Zinno said: "The security of the Atlanta Health wired LAN is not as high and complex as that of wireless networks. After all, the ports on the computer access network are all protected by the firewall. Enterprises also use Sourcefire's intrusion detection system to monitor all network traffic. "He believes integration will come sooner or later. "The more traffic you use to monitor Wired/wireless networks, the better the effect ." He said.

Integrate wired and wireless LAN security from logs and reports

Network engineers responsible for wireless and wired network security want to unify their security event information rather than their security tools. They want a platform to collect different reports and display the information view with the same standard to analyze logs on the firewall and server.

John Pescatore, a well-known analyst at Gartner, said: "A set of security event management products can be associated with these events to help enterprises identify security risks, rather than creating chaos. Of course, wireless LAN security products are integrated into wired security products ."

Zinno said: "because of the differences in basic requirements, it is very difficult to further integrate security policies into extremely complex networks. According to the User Access Program, enterprises will set the same basic policy on wired and wireless networks. However, enterprises should also deploy their respective advanced security policies on both wired and wireless networks. The Wireless Network Manager pays attention to the RF interface. Its Testing and troubleshooting technology should be completely different from that of the wired LAN ."