Getting the Most from Wireless
As the wireless network becomes critical to operations, organizations need a comprehensive approach to management, security and compliance.
Wireless networks have evolved from a “nice-to-have” technology to become an essential part of the IT infrastructure. School districts are using wireless to create a richer learning environment and support computer-assisted testing initiatives. In retail and hospitality, Wi-Fi creates opportunities to boost sales, increase loyalty and enhance the customer experience. Healthcare, manufacturing and many other sectors rely upon wireless networks to connect a wide range of devices and streamline operations.
While Wi-Fi delivers many business benefits, it comes with inherent security risks. Hackers can monitor wireless signals to obtain sensitive data, or perpetrate a man-in-the-middle attack to gain network access. Wi-Fi networks are also vulnerable to Distributed Denial of Service (DDoS) attacks. The Internet of Things (IoT) is adding millions of devices to wireless networks, each of which is a potential security weakness.
Wi-Fi also brings management complexity to the enterprise network environment. In addition to traditional network management capabilities, administrators need real-time visibility into radio frequency (RF) interference and other issues that impact capacity and performance. They also need the ability to monitor and control growing numbers of mobile devices, particularly in a bring-your-own-device (BYOD) model.
“Many wireless LANs were deployed as secondary networks — they weren’t designed to support pervasive services, bandwidth-intensive applications, real-time communications or BYOD. In light of that, network managers often lack the tools they need to troubleshoot radio frequency and ensure the overall health of the wireless network,” said Russ Chow, Director of Enterprise Solutions, PKA Technologies.
“Wireless LANs require a comprehensive architectural approach that prioritizes security, regulatory compliance and ongoing operational support. It is critical to not only protect sensitive information and prevent unauthorized access but to effectively identify and mitigate vulnerabilities while providing a seamless experience for users.”
Because endpoint devices are a primary vector for cyber threats, network access control (NAC) plays a critical role in securing wireless networks. In essence, NAC requires devices to prove they are secure before they are allowed to connect. If not, they can be blocked, quarantined or redirected to different parts of the network.
Many NAC solutions are based upon RADIUS (Remote Authentication Dial-In User Service), a proven technology that authenticates users and authorizes access to requested network resources. As a result, NAC enables centralized management of user profiles and provides for granular policy enforcement. Policies can be based upon a user’s role, device, location, time-of-day and other factors, across heterogeneous, multivendor networks.
“A NAC-enabled wireless LAN integrates scalable authentication, authorization and accounting with contextual awareness,” Chow said. “NAC also provides visibility into what devices are on the network and can be used to perform device health checks for endpoint compliance.”
Legacy NAC solutions required the installation of an agent on the endpoint, which meant they could only support specific types of devices and operating systems. Because modern NAC appliances are agentless, they can support a wider range of devices and provide extended policy enforcement capabilities for BYOD and guest access. They also have the ability to monitor and control users and devices in real time, provide extensive reporting and integrate with other security controls to create a defense-in-depth architecture.
“Modern NAC solutions can detect when users or devices aren’t behaving as expected,” said Chow. “These potential threats can be mitigated automatically by linking NAC with advanced threat protection and mitigation systems. APIs and data feeds from NAC can also be integrated with mobile device management, security information and event management and other third-party systems in a layered security approach.”
The increasingly mobile workforce and explosion of employee-owned devices has made it difficult for enterprises to deliver an optimal user experience. This challenge is exacerbated by the organic growth of many wireless LANs, which often incorporate products from a number of vendors across multiple generations of technology. Network administrators often struggle to monitor performance, troubleshoot problems and respond to support requests.
A centralized, multivendor wireless LAN management solution provides visibility and control of the entire Wi-Fi environment from a single, intuitive interface. Multiple dashboard views make it possible to diagnose potential issues with coverage, bandwidth usage and application performance. Clustering simplifies the management of thousands of users, devices, access points (APs) and controllers across any number of remote locations.
“Leading management solutions take a user-centric approach to identifying causes of service-quality issues through real-time monitoring and proactive alerts,” said Chow. “Maps display the real-time health and performance of individual devices and applications as well as the network as a whole.”
Network performance is assessed based upon the infrastructure, user location and signal coverage using data gathered from APs, controllers and devices. Deep packet inspection provides IT with greater control of applications based upon quality of service requirements and bandwidth usage policies. RF scanning pinpoints sources of interference, rogue devices and APs, and attacks on the network. This information enables better service quality, faster problem solving and rapid identification of security threats.
“In the past, management and protection of the wireless infrastructure have often been an afterthought, with organizations implementing point solutions to address specific problems,” Chow said. “Given the mission-critical nature of today’s wireless LAN, organizations should invest in the tools they need to ensure optimal performance, security and control.”
Read the Executive Brief – AAA Policy Management