Many vendors are promoting the integration of wired and wireless LAN Security solutions, but some network security experts, such as the Ireland Power Supply Bureau (the electricity Supply board,esb), the IT security experts Ruairi Brennan do not think so. "Isolating wired and wireless networks makes the security vulnerabilities exist only in Wi-Fi networks," Brennan said. "The Wireless LAN of the power supply Bureau is made up of 60 Aruba network access points that support 8000 to 10,000 users, which provide wireless access to conference rooms and other places that cannot use a wired network."
On the security side, the ESB uses airtight's Spectraguard enterprise-class wireless IPs (Wireless intrusion prevention products) and Spectraguard safe terminal protection systems, which, when deployed together, can block the "bridging" of wired and wireless networks.
Brennan said: "If the user on the LAN at the same time access to the wireless AP outside, it will bring great security risks." You will bridge differences a bridge between a secure LAN and an unknown AP in a wireless network. "This provides an illegal entry point for protected data.
Spectraguard Company's package through the implementation of authentication strategy, to prevent unauthorized access to wireless LAN, wireless LAN Security. It also detects illegal APS, prevents them from connecting to the local area network, and it also has centralized management and policy deployment capabilities. Spectraguard safe products are deployed in terminals that prevent users from connecting to a wireless local area network, or vice versa, in connection with wired networks.
Centralized control of wireless LAN policy
Atlantic Health Hospital has broken down a wireless LAN consisting of 2000 Cisco APS into several independent strategies and deployed in 6 hospitals. WLAN provides free public Wi-Fi for patients, provides private wireless access to NICU meeting rooms, provides remote access for ambulances and mobile caregivers, provides Vocera badges communication systems for mobile communications between hospital medical personnel, and telemetry reporting and other types of wireless communications.
According to Atlantic Health Infrastructure support and service Manager Pat Zinno, Atlantic Health will not use Third-party products for Wireless LAN Security. Security mechanisms such as WPA2 encryption, authentication, and RF monitoring for illegal AP detection will be installed in AP and controllers, which are centrally managed by Cisco Wireless positioning devices. It can deploy user policy and RF capacity management geographically, regardless of what device is being accessed.
Cisco integrates wireless network security and wired network intrusion detection systems, but now Atlantic wired and wireless security policies are still independent. Zinno said: "Atlantic Health wired LAN Security is not high demand for wireless, it is not so complicated." After all, the ports on the computer's access network are protected by firewalls. The company also used Sourcefire intrusion detection system products to monitor all traffic through the network, "he believes that integration will come sooner or later." "The more traffic you can get by monitoring your wired/wireless network, the better." "he said.
Consolidate wired and Wireless LAN Security start with logs and reports
Network engineers responsible for wireless and wired network security want their security event information to be unified rather than their security tools unified. They want a platform to collect different reports and use the same standard to present information views to analyze logs on firewalls and servers.
"A security incident management product can correlate these events to help companies see security vulnerabilities rather than create chaos," said John Pescatore, a renowned analyst at Gartner Consulting. Of course, wireless LAN Security products are integrated into the wired security products. ”
"Because of the differences in basic requirements, it is very difficult to further integrate security policies into extremely complex networks," Zinno said. According to the program that the user accesses, the enterprise will set the same basic policy on the wired and wireless network. However, companies should also deploy their own advanced security policies on both wired and wireless. Wireless network Manager is concerned about the RF interface, its testing and troubleshooting technology should be completely different from the wired LAN. ”
Integrate wired and Wireless LAN Security solutions, would anyone like to?
Integrated integration systems such as SonicWALL and fortinet security companies can provide integrated solutions for small, simple companies. Security companies have expanded their UTM (Unified threat Management) systems for access to wireless LANs, including firewalls, content monitoring and intrusion detection.
SonicWALL claims that a "dumb" AP can be used to provide distributed wireless networks that connect wireless traffic to a centralized wired/wireless UTM device.
SonicWALL product line manager Matthew Dieckman, who is responsible for remote access security, said: "All traffic will return to UTM, and we can make informed decisions based on it." SonicWALL that wireless traffic is not credible unless it is scanned by UTM devices. Only in this way can it apply the same access rules as the wired LAN traffic. "For small companies looking for the lowest-priced solutions, a combination of devices may be on the line," Pescator said. Another option is for businesses with small branch offices. If I were in charge of these offices, and they only needed an access point, I would be able to do it easily because I didn't have to use an independent security solution in every branch. But it's not that easy to extend the package to more complex networks.
Larger wireless security issues: a wide range of wireless devices
Many companies are slow to use wired and wireless network security integration programs. Because they have more urgent wireless security issues that haven't been solved yet.
First, the network manager is more worried about how to monitor and solve a variety of wireless devices, such as smartphones, tablets and other wireless devices that flood the network, such as vending machines. Atlantic Health Infrastructure support and service Director Pat Zinno said: "If I have a tool, I want it to manage all the wireless devices in the network." "In addition, the Atlantic Health Network is also affected by microwave and Bluetooth devices. If someone accidentally puts a Bluetooth scanner in a place with Wi-Fi transmission, the Zinno team has to find out where the device is, and the current tool is not working as well. Zinno is testing Cisco's Cleanair Spectrum Analyzer. Cisco says it can detect radio interference problems, find the source of the problem, and solve it automatically.
Engineers also hope that the wireless intrusion prevention system can detect illegal access points, but also to determine whether someone in the corporate network has violated the use of 3G or 4G. In government agencies and the medical profession, it is better to comply with regulatory requirements.
While consolidating wired and wireless network security schemes may seem to make management simpler, wireless network engineers still require wireless networking to be different from corporate wired networks. Unless these security specifications can be merged into a complete system, it is likely that the enterprise will continue to maintain independent management of both security systems.