One of the core challenges in selling wireless LAN (WLAN) security solutions is understanding the big picture of this critical part of enterprise networking within the current security climate. As it turns out, there are a number of distinct categories of products involved in a complete WLAN security strategy, with significant functional overlap between them. Crafting the right solution for your customer involves a detailed understanding of their specific requirements, as well as the ability to define a cost-effective and manageable solution based on the components available -- and there are a lot to choose from!
I generally break down the wireless LAN security landscape as follows:
- Spectrum Assurance (SA) -- This is a relatively new function, but one that I think will become critical over time. SA looks at the whole issue of interference, not just interference from other WLANs. While this element is more about integrity than security, it's also good at identifying challenges such as wireless denial-of-service (DoS) attacks.
- Wireless LAN Assurance (WLA) -- These products have been around for some time, and contain all of the features missing from many system-vendor management tools. These are usually policy-based, and emphasize security monitoring.
- Wireless Intrusion Detection and Prevention (WIDS/WIPS) -- These systems, which often involve a network of sensors independent of access points, are particularly useful for detecting rogue APs and ad hoc networks, and making sure that your clients are only associating with your network and not another (possibly hostile) WLAN.
- Wireless LAN Management (WLM) -- This is the core network management software that comes with enterprise-class wireless LAN systems, and which is also available from a number of third-party network-independent vendors. While these systems have many functions, security is a core feature in all of them.
And, just to provide a complete picture here, additional security functionality may exist in upper-layer network management tools (NMS), enterprise service and network application management tools, and, for carriers and operators, operational support systems (OSS). Looking ahead, we expect a general roll-up of wireless security functionality into a smaller number of products -- a trend that is already evident. We also expect that wireless and wired LAN management will converge, resulting in a single security management platform for all networks and users within a given building or even across the enterprise.
The specific combination of products required for a particular solution will vary with local security policies and, of course, budgets. The good news is that all of the above functionalities will eventually be integrated into most wireless LAN system products, simplifying security configuration to a great degree. Expertise within the channel will always be required, of course, to configure, re-configure, verify, and monitor network installations throughout their lifecycle.
About the author
Craig Mathias is a principal with Farpoint Group, an advisory firm based in Ashland, Mass., specializing in wireless networking and mobile computing. The firm works with manufacturers, enterprises, carriers, government, and the financial community on all aspects of wireless and mobile. He can be reached at firstname.lastname@example.org.