802.11n enables deployment of more demanding mobility applications and represents a maturity milestone at which many customers will employ wireless on a broader scale, even replacing Ethernet. This expansion increases the business importance of wireless security and thus wireless security services. VARs and systems integrators can capitalize on this by offering more effective and scalable WLAN security solutions, including cloud-based services.
802.11n security starts with availability
Because all WLANs compete for limited unlicensed spectrum, radio frequency (RF) interference mitigation is important to ensure availability and reduce denial-of-service events. This starts by observing RF at the customer's site. Here, we are not talking about site surveys that plot signal strength. Rather, we are concerned about finding heavily utilized frequencies to avoid entirely. Free "
RF interference changes all the time, however. Downtime-averse customers may be willing to purchase RF spectrum analyzers and training from VARs. But new products from Aruba, Cisco, Meru and Motorola have created an alternative delivery model: selling wireless APs with on-board spectrum analysis. Cloud services can even be spun by having these APs report their RF readings to a provider-operated server like Meru's E(z)RF Spectrum Manager or Cisco's MSE with CleanAir Technology. In large WLANs, centralized RF insight can pay off by speeding investigation and improving availability -- and customers may gladly pay for outside experts to solve hard-to-diagnose RF problems.
Wireless security services: Controlling WLAN access
New 802.11n devices incorporate the same security as 802.11a/g devices -- WPA2, long required in all Wi-Fi-certified products. However, 802.11n devices cannot achieve high-throughput data rates (>54 Mbps) when configured to older, weaker options (i.e., WPA-TKIP or WEP). Furthermore, as companies embed wireless access more deeply into their networks, they become more sensitive to unauthorized use. As a result, customers often look at 802.11n upgrades as the right time to strengthen baseline WLAN security.
Customers expect WPA2-PSK and WPA2-802.1X to be built into WLAN infrastructure. However, resellers can tap this trend by offering complementary authentication and network access control products. For example, APs and controllers enforce 802.1X authentication, but an 802.1X-capable RADIUS server is needed to complete the picture. VARs have long resold RADIUS servers like Cisco ACS or Juniper SBR, but remote offices and SMBs may not need on-site RADIUS or have staff to support it. This market gap may be filled by offering (or reselling) cloud-based 802.1X authentication services like NoWiresSecurity AuthenticateMyWifi.
More lucrative opportunities may exist for Network Access Control. NAC products dovetail with 802.1X and RADIUS, adding pre-connect scans to ensure that Wi-Fi clients are clean and compliant, denying or quarantining those that are not. But NAC can be a pain to integrate into a large network with diverse clients, and that has caused disillusionment. WLAN upgrades provide an opportunity to deploy NAC in a simple isolated fashion, helping customers feel better about extending wireless access while experiencing NAC benefits with little pain. VARs have long sold NAC in appliance form -- for example, Juniper UAC or Cisco NAC. But today there are new opportunities to resell NAC as a managed (private or public cloud) service -- see Mirage and TrustWave.
Detecting and preventing wireless intrusions
Customers expect rogue AP detection, like WPA2, to be built into WLAN infrastructure. Customers that are risk-averse -- especially in regulated industries like retail, healthcare and financial services -- may realize that rogue scans are not enough to effectively detect and prevent a broad spectrum of airborne threats. These accounts present opportunities to sell integrated or third-party Wireless Intrusion Prevention Systems (WIPS).
Integrated WIPS can be an easier sale; regular APs are converted into dedicated sensors that monitor wireless traffic for possible threats, including clients associating to unauthorized APs and attackers attempting to DoS, probe or penetrate the WLAN. Third-party WIPS (e.g., AirMagnet, AirTight) use purpose-built sensors to monitor and respond -- disrupting malicious client attacks, for example. Today, most products straddle this line. For instance, Motorola AirDefense can be deployed with dedicated sensors and/or Motorola APs. VARs may want to develop several WIPS offerings in order to pair well with different vendor WLANs and meet more diverse customer needs.
Traditionally, VARs have sold third-party WIPS server appliances and sensors, or integrated WIPS software to be installed on WLAN controllers or management appliances. Here again, new opportunities exist to sell WIPS as a cloud service -- see AirTight SpectraGuard On-Line, for example. Cloud-based WIPS can be attractive as a low-cost way for customers to try-before-you-buy or as a permanent solution for customers with hundreds of small distributed WLANs to monitor (e.g., retail stores).
Investigating and remediating 802.11n security threats
Whether a wireless security incident is reported by a WLAN controller, an integrated WIPS or a third-party WIPS or is discovered during a wired-side investigation, WLAN operators need forensic tools and expertise to locate the source and assess the impact. A WIPS can assist by offering real-time Wi-Fi device tracking, historical locationing, and event logs that detail what happened over the air in the vicinity. Dedicated WIPS sensors can usually be flipped into packet-capture mode to record an attack in progress.
At some point in the investigation, mobile Wi-Fi packet capture and analysis tools are likely to be needed. Some customers are comfortable using freely available or open source tools like WireShark or Airodump-NG. Others will invest in commercial Wi-Fi traffic analyzers to save a lot of time in large, busy WLANs and get more expert insight. VARs often resell tools like AirMagnet Analyzer or WildPackets OmniPeek for WLAN troubleshooting and diagnostics. But these tools can also be used by security staff -- pitching them as multi-purpose can help to close deals. Opportunities also exist to sell new easy-to-use Wi-Fi analyzers that have been simplified to cater to frontline staff.
Finally, VARs and systems integrators may want to consider offering more proactive wireless security services and products -- solutions designed to find vulnerabilities before they're exploited. For example, VARs can resell Wi-Fi vulnerability assessment offerings like the Motorola AirDefense Wireless Vulnerability Assessment module (sold as a software module or cloud service). Systems integrators can also spin their own Wi-Fi penetration test services, combining freely available toolkits like BackTrack4 with expertise in using them effectively and interpreting results.
Wireless security services -- a job never done
Although WLAN upgrades and expansions fostered by 802.11n are expected to stimulate market interest in wireless security, this opportunity isn't short-term. Security isn't something customers can just buy once and forget. Security is an ongoing process that requires continued vigilance to address new threats and vulnerabilities. VARs and systems integrators that actively seek out and tap into these near-term needs may find themselves with ongoing revenue streams and a foot in the door for future sales.
This was first published in August 2010