News Stay informed about the latest enterprise technology news and product updates.

802.11n Wi-Fi security opportunities on the rise for VARs

Security products and services that support 802.11n Wi-Fi will be a boon for VARs going forward as both new companies and established businesses alike begin to adopt the wireless standard.

As the most robust Wi-Fi standard to date, 802.11n ups the ante for wireless LAN (WLAN) sales and support, providing the channel with new opportunities to help enterprises migrate and secure wireless infrastructures.

With data transmission speeds of up to 160 mbps, and greater range and reliability than the incumbent 802.11a/b/g standards, 802.11n products may soon eliminate the need for hard-wired Ethernet cables.

"We were talking about an all wireless enterprise as sort of the future state, about a year, year-and-a-half ago," said Chris Silva, senior analyst at Cambridge, Mass.-based Forrester Research Inc. "I am now actually entertaining questions like 'What vendor do we look at? How do we need to deploy [a wireless LAN] so that it can be our primary network?'"

Experts believe the biggest driver of 802.11n wireless sales is cost, particularly in new facilities where enterprises have the option of going wired or wireless. By skipping wired infrastructure build-outs, companies can save the $200 to $300 per drop to run cable to each desk. The improved range and reliability offered through WLANs also means fewer wireless access points (APs), even in environments with a lot of transmission interference.

According to Silva and other experts, information security solution providers should position themselves to take advantage of new 802.11n Wi-Fi security opportunities, because even though 802.11n may offer better throughput and range, securing the airwaves still comes with plenty of challenges.

The security differences between 802.11n and previous standards are slight. From a standards perspective, however, 802.11n enforces AES encryption when users negotiate high data rates of above 54 Mbps. Older devices using 802.11a/b/g are therefore potentially vulnerable to attacks on TKIP, the temporal integrity key protocol brought into WPA and used in the 802.11 wireless security standards.

TKIP attacks can include denial-of-service threats, where an attacker sends corrupt packets to suspend WLAN service, or message integrity check key recovery attacks, where a hacker sends short frames to guess the MIC key and, having done so, can then successfully inject short simple frames like phony Address Resolution Protocol (ARP) packets to redirect traffic.

Despite the additional benefit, however, 802.11n always comes with risks. "Eleven-n transmissions go further in ways that are harder to predict," said Lisa Phifer, president of consulting firm Core Competence Inc. in Chester Springs, Pa. "It will bounce off surfaces and go in directions that you can't really envision," meaning that it's easier for someone to capture 11n traffic and, more importantly, easier for attackers to connect to the APs or users.

More on network security

Savvy VARs should capitalize on wireless LAN security services
The channel's best bet to profit from WLAN security is in services, ranging from planning and installing wireless networks to security and compliance monitoring. 

How to perform a network security audit for customers
David Jacobs reviews what network auditors must look for when at the customer site.
Still, enterprises are often eager to implement 802.11n for the speed and range gains it offers. Silva said its extended range and location technology make it ideal for locating rogue APs and tracking down assets in hospitals, factories, warehouses and other large facilities. And, some of its multiple radios can be used for intrusion sensing. Industry observers say looming security questions only serve to crystallize the opportunity for security solution providers.

"If there are channel partners that haven't been trained on this technology, it's the time to do it," said Jon Green, director of product marketing for Aruba Networks Inc. "The single thing that will make them successful is knowing this technology, particularly security."

Phifer said that solution providers can begin by encouraging customers to retire older devices and replace them with more secure 11n devices. "Second, explain to customers that they can no longer rely on weak signal to prevent intrusion attempts or to stop their own users from accidentally connecting to neighbors," she said, adding that wireless IPS should be used to spot intrusion attempts. Automated wireless client configuration and monitoring products should also be deployed to better prevent intentional or accidental mis-associations.

And basic wireless security practices still apply. "You're still going to use a lot of the techniques you used with legacy wired LANs," Phifer said. "If your signal is going to travel further, encryption becomes more important. Having good strong access control is important. Basic security measures grow in importance."

In addition to selling wireless networking gear and security products -- chiefly wireless IPS -- VARs are in a position to capitalize on 802.11n with services. Solution providers can help customers plan optimal deployments, ensure secure configurations and provide ongoing management and monitoring services for customers. Managed services can include wireless IPS management, relieving the customer of the burden of around-the-clock monitoring, and/or WLAN management, with the WLAN controller on premise or in the cloud.

Phifer also said that VARs can use common penetration testing tools or WIPS to audit WLAN infrastructure and clients for vulnerabilities like missing patches and for conformance with a customer's security policies. They can then offer services to help customers eliminate the vulnerabilities that are discovered, and to regularly audit for additional/new vulnerabilities. This kind of professional service is increasingly common for compliance with PCI DSS. "Even just putting a sensor at a customer's location for a week and giving them analysis of what you saw is valuable."

VARs are also in a good position to work with customers on problematic configuration and access policies and RF planning, said Aruba's Green, both for new deployments and replacements in the new environment.

"A lot of partners have developed practices around the concept of network right-sizing," he said. "How you do the financial calculations to figure out what wireless can actually do for me. They'll send in another team for RF deployment and another for security."

Silva said he's seen a lot of 802.11n products moving into enterprises, with manufacturers estimating these products constitute about 85% of the total wireless gear they're shipping. Paul DeBeasi, vice president and research director at Stamford, Conn.-based research firm Gartner Inc., finds the number a bit high, but estimates the number will approach 80% by the end of 2010. Jon Green, director of product marketing for Aruba Networks, said the newer devices now make up about 15% of Aruba Networks' install base.

Senior Site Editor Eric Parizo and Site Editor Billy Hurley contributed to this report.

Dig Deeper on Managed network security services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.