As the need for mobility has grown in the enterprise, so have the security risks. While solutions have been developed to address specific security problems, there needs to be a holistic approach to WLAN security that leverages the security infrastructure of the wireline enterprise network.
The Growth of Enterprise WLANs
Enterprise WLANs have evolved significantly from the days where one only required a cheap access point, which provided coverage for a home or a small office. There have been two drivers behind the growth of WLAN deployments. The first started as a productivity enhancer by providing access to guests or people with wireless enabled laptops.
The second wave is the replacement of wired infrastructure with wireless, which is being driven by technology advances such as the 802.1n standard. With speed increases to 170 Mbps and the ability to build enterprise-wide wireless networks, wireless technology performance can be considered a "good enough" alternative to wireline. Moreover, tools have been developed to determine the best network coverage, avoid overlap between cells, and make better utilization of the spectrum in order to minimize collisions and maximize performance. Although the focus is on performance, the real goal is to enable the productivity that comes with mobility.
The Growing Risks of Mobility
However, with mobility comes a host of security risks and concerns. Since the end point is not fixed, enterprises have to worry about these more than they did about internal security with wireline networks where the physical gates and walls of the buildings, card access and user authentication infrastructure like Active Directory were deemed sufficient. Since wireless networks can be reached just as easily by someone outside the building as by someone inside the building, they are more vulnerable to snooping, impersonation, hacking and a variety of anonymous attacks.
Various technologies have been developed to try and address these concerns including migration from WEP to LEAP to WPA, 802.1x and supplicants, incorporation of IPSec VPNs on the clients and access infrastructure and many other patchwork approaches. Each of these approaches has brought with them some limitations as well. WEP has been cracked. Supplicants need to be deployed and managed because they don't always install well.