March 1, 2010 Network Connections, Network Security WiFi is everywhere. The fact that you can connect to the Internet while chomping down a Big Mac is a testament to how commonplace wireless networking has become. However, many businesses still haven’t made the leap to wireless, despite the obvious benefits – Mostly due to security concerns. That’s understandable, considering there’s no shortage of horror stories about professional thieves hacking into wireless networks and stealing valuable customer and proprietary company data. In their white paper “Wired and Wireless Security Best Practices”, Trapeze Networks (ETA’s wireless technology provider), a world leader in secure, business-class wireless solutions, explains how wireless networks that comply with industry security standards within the “AAA” framework for LAN security (Authentication, Authorization and Accounting) provide a stringent, locked-down environment that often improves upon the security in many “wired” networks. Below are a few critical factors to consider in each one of these components: Authentication: Strong authentication is a must. Older, weak authentication technologies like MAC (Media Access Control) and PSK (Pre-Shared Key) can leave your network vulnerable since they mainly use access rights to determine a user’s identity. The higher the level of access associated with a particular identity, the greater the damage potential. Strong authentication policies leverage the IEEE’s 802.1X framework, which was ratified for use with wireless LANs in December 2004. This framework provides per-user authentication with options for securely exchanging things like usernames and passwords over the air using a form of EAP (Extensible Authentication Protocol), the standard for secure, encrypted information transfer. It’s worth noting that Trapeze’s CTO chairs the WFA (Wi-Fi Alliance)’s security council, which helps certify secure protocol standards (Such as EAP) for wireless networking. This heavy involvement in developing industry-wide standards helps Trapeze continually develop a more secure and interoperable product suite. Authorization: Authentication provides a “yes/no” response over EAP encryption that tells the network whether the person is accepted or not. But authorization (otherwise known as access control) proves that person’s identity using a rich set of enforcements and conditional restrictions. Utilizing strong authorization techniques such as user type delineation, end point integrity checking and allowed location are critical because they help “prove” who a user is above and beyond the username/password/key they provide. Strong Authorization helps “prove” who a user is. ETA’s Trapeze-based wireless solutions offer a comprehensive suite of authorization features customizable to your business’ needs and requirements. Accounting: Accounting is often the most under-utilized part of the “AAA” methodology. Accounting collects and sends critical network usage information such as user identities, connection start and stop times, amounts of data received and sent, and more. Strong accounting provides the infrastructure to provide detailed answers to the question “what happened and when.” It goes beyond typical network forensics and focuses on the performance and mobility of individual sessions. Coupled with strong location tracking capabilities, it can be possible to literally trace the exact movements of a user or device over an extended period of time. Strong Accounting enables you to quickly identify what users are doing and where. ETA’s Trapeze-based wireless solutions provide robust, industry leading accounting to help you stay one step ahead of would-be attackers. Like what you’ve read and want to learn more? Download the full White Paper here (Adobe PDF, 2.54 MB) and email us if you have any questions.