Keeping a customer's information secure should be a top priority for any VAR worth his salt. As thin provisioning becomes more popular -- and access points become more common and wirelessly accessable -- attacks may rise. Offering good initial advice and outstanding support can be the difference between a customer who's information is stolen and one who's isn't. This tip aims to educatue about the difference between thin and fat access points and the affect they have on security.
"Thin APs" is a bit of a misnomer, because this label suggests that those APs are less functional or more compact than "fat APs" -- neither is true. In fact, "thin APs" are paired with a wireless LAN switch or controller to offer additional functionality -- including security features not found in stand-alone "fat APs."
For example, Cisco Aironet 1100 Series APs are "fat" because they operate autonomously as members of a decentralized WLAN. Cisco (Airespace) Aironet 1000 Series Lightweight Access Points are "thin" because they require provisioning and supervision by a Cisco WLAN Controller -- together, these elements for a centralized WLAN. Some APs (e.g., Aironet 1200 Series) can be used in either WLAN architecture.
How can centralized WLAN architecture improve wireless network security?
As products mature, you can expect more security features that take advantage of this architecture, like more selective offloading of security processing to facilitate secure roaming, use of monitor-only APs as Wireless Intrusion Sensors, and more sophisticated security event analysis and automated response as management systems learn to do more with the information and interfaces they have at their disposal.