Header
Home | Sitemap  
Sections
Archive
Su Mo Tu We Th Fr Sa
1
2345678
9101112131415
16171819202122
23242526272829
30
Syndication


Home : Business Wireless : Security Settings Management

Security Settings Management

by

image

 

Security Settings Management

Enterprise-class wireless networks should always have a robust security framework. This is discussed in detail in Chapter 7. The typical security posture will detail not only the Extensible Authentication Protocol (EAP) mechanism used for authentication and the encryption protocol used for data integrity, but also fundamental characteristics such as the SSID.

Simply defining these protocols on the wireless infrastructure (the access points or WLAN controllers) is not enough. You must also configure each client device with the correct settings. Each SSID/VLAN might require different security postures. You might have separate virtual WLANs for voice, data, and guest networking that each require different security settings. Many users will also have wireless at home or will use public wireless services while traveling. These will also have different security requirements and settings. In short, every WLAN client will almost certainly have multiple security postures.

To configure and manage the wide variety of devices and user groups correctly and appropriately, you can use profiles, which are usually a collection of network and security settings required to ensure connectivity. The wireless software on every device is configured with the correct security settings (for example, SSID, EAP mechanism, and encryption protocol), which are then saved for repeated use. The user can then simply select the appropriate profile for his or her current location.

For example, a typical user's laptop might have one or more profiles for the following:

  • Enterprise WLAN: Finance

  • Enterprise WLAN: Manufacturing

  • Home WLAN

  • Public Wireless Hotspot

Defining, configuring, and managing these profilesthe client's wireless security settingsmust be done in a scalable and supportable manner. If the security profile in your wireless network changes, you must have an easy way to update the client devices appropriately. Manually reconfiguring hundreds or thousands of devices is a costly and error-prone effort. The more client platforms you have, the more difficult this task becomes.

Many manufacturers do not address this challenge and instead rely upon the customer (you!) to handle it. As mentioned previously, most wireless clients come with specific client software, and some operating systems provide limited native wireless support. But this situation presents the enterprise with the unenviable prospect of configuring each make and model laptop and each operating system on a case-by-case manner. There are different ways to approach this task, as described in the following sections.

Third-Party Wireless Software

You can adopt third-party wireless client software and install it on every laptop, regardless of the wireless adaptor or operating system. As mentioned earlier, companies such as Meetinghouse Data Communications provide universal wireless clients that address this problem. Not only do they support most common wireless adaptors and operating systems, but they also provide centralized client and profile management. It is possible to clearly define, distribute, and update profiles for your entire client population.

The disadvantage of this option is that the third-party client software must be purchased for each devicethat is, usually the third party charges a per-seat licensing fee. Conversely, this system can save the enterprise money in the long term by reducing the operational overhead of supporting and managing your various clients.

Centralized Self-Service Model

A centralized self-service model provides your user population with a one-stop shop for their wireless security settings. Usually a web page where any client device, regardless of operating system, can connect, this centralized location provides instructions on how to configure common settings or, in some cases, scripts that can automate the process for the user. This approach avoids the requirement for IT support staff to "touch" every client device, but it transfers the effort onto your users. Note that this approach can sometimes result in increased technical support calls to your helpdesk as users misinterpret instructions or make mistakes configuring their systems. However, it is more cost-effective and less resource-intensive than having your IT staff visit and configure each device manually.

Standardization

Standardizing on a single client hardware platform will often provide the enterprise with a method of client security management. Some wireless adaptor and laptop manufacturers provide wireless client software with their systems. If you can standardize on such a system (be it a laptop or operating system), you might be able to use some basic centralized client management features to create and manage profiles.

Manual Process

Manually configuring clients for WLAN security settings is the least attractive and most expensive option. Indeed, it is really a "do nothing" approach. You leave it entirely up to your end users to configure their clients, whatever the client may be. The IT support staff simply publish or communicate the settings (EAP mechanism, SSID, and encryption protocol) used for the enterprise WLAN, and the users configure their own devices.

In some circumstances, you might need to have a manual process in addition to one of the previously described detailed options simply because a particular client device has no management features. ASDs (such as bar-code readers or wireless-enabled manufacturing equipment), for example, must be manually configured by your IT support staff. As such manual configuration is a costly but sometimes unavoidable option.

270 times read

Related news
» Management
by admin posted on Jan 20,2007
» Comparing Centralized and Distributed Management
by admin posted on Jan 20,2007
» WLAN Management
by admin posted on Jan 20,2007
» Seamless Delivery of Enhanced Network Security Solutions
by admin posted on Dec 10,2006
» Basic 802.11 Security and Its Known Problems
by admin posted on Aug 13,2007


More Top News
Cisco Wireless Networking
arrow What is a WLAN?
arrow How does a Wireless LAN Work?
arrow WLAN Benefits
arrow WLAN Design Considerations
arrow Accounting for the Fresnel Zone and Earth Bulge
arrow Radio Frequency Interference
arrow Interference from Radio Transmitters
arrow Harmonics
arrow Application Considerations
arrow Structural Considerations
arrow Security Considerations
arrow Network Management Considerations
arrow WLAN Modes of Operation
arrow What is a Wireless-aware LAN?
arrow Wireless-aware LAN Benefits
arrow Wireless Domain Services for IEEE 802.1X Local Authentication Service and Fast Secure Roaming Support
arrow Rogue AP Detection and Locatio
arrow Interference Detection to Isolate and Locate Network Interference
arrow Simplified WLAN Deployment Processes with Assisted Site Surveys
arrow Streamlined WLAN Management and Operations Support
arrow Seamless Delivery of Enhanced Network Security Solutions
arrow Radio Frequency (RF) Basics
arrow Transmitting Radio Signals over EM Waves
arrow Rogue AP Detection and Locatio
arrow Anatomy of a Waveform
arrow Propagating a Strong Radio Signal
arrow Understanding Signal Power and S/N Ratio
arrow Attenuation
arrow Bouncing
arrow Who Uses Wireless Technology?
arrow Wireless Security Filtering
arrow Wireless Security WPA
Most Popular
Featured Author

admin

image
wireless Business Project Management Beautiful Pictures
Website Statistics