For many corporate networks, wireless connectivity is a double-edged sword. On the one hand, wireless brings with it unprecedented convenience, enabling workers to work from just about anywhere in the corporate office that they can get a signal. On the other hand, the technology introduces new and potentially disastrous security threats—a host of issues that do not exist with the wired networks of old. Many CIOs already have responded to these threats by shutting down wireless access and adopting "no WiFi" policies in an attempt to preserve network security. But with a different kind of thinking, well-informed research, and endpoint protection, wireless network access can be implemented in a safe and secure manner that stands the test of time.
Change your attitude
A slogan on the television show X-Files was "Trust
no one," and this line could be applicable to wireless
security, too. However, the very best CIOs do not fear
wireless technology as being unsafe. But they do embrace
it as inherently unsecure and plan accordingly. This
kind of thinking means securing the wireless network
in the very same fashion that one would secure traffic
from an untrusted external network such as the Internet.
Good ideas here revolve around segmenting wireless traffic
and deploying firewalls between the wireless network
and the network core to prevent threats from ever getting
close. With this approach, CIOs can cordon off a wireless
network like they would quarantine a DMZ, a subnetwork
that is more exposed to the public. Then, they can inspect
traffic accordingly.
With endpoint security, a CIO has a backup plan even if network-based defenses fail.
For humans, history has proven that segregation is a bad idea. For networks, though, nothing could be more secure. The benefits with a segregated architecture are twofold. First, this approach gives CIOs a chance to rely upon their existing firewalls for unified authentication. Wireless users will authenticate through the very same process that other unprotected remote users utilize. Second, because wireless access points aren't designed to make security decisions, by segregating wireless traffic and using the firewall to scan it, CIOs can establish different rules for identifying threats from wireless networks and can provide an overall higher level of security against traffic coming into the network.
Stay current
Even the most aggressive security strategy means nothing
without the latest and greatest equipment. With this
in mind, CIOs interested in wireless security must upgrade
the technology behind their wireless LANs to the latest
standards. This doesn't mean Wired Equivalent Privacy—that's
old news. In today's marketplace, the standard to invest
in is WiFi Protected Access 2 (WPA2), which uses a sophisticated
key hierarchy that generates new encryption keys each
time a device establishes itself with an access point.
In addition to being compatible with the
Temporal Key Integrity Protocol, WPA2 is compliant with the 802.11i protocol and supports other leading encryption strategies, as well. The bottom line: These standards currently are as safe as wireless gets.
Still, nothing is forever. Because security is always evolving, it's not enough to invest in a technology and forget about it. Instead, it is critical for CIOs to make sure that they stay abreast of all the latest in wireless security technology. Why? For starters, wireless standards are changing every few months, meaning that only the most informed CIOs can stay ahead. What's more, many organizations become overwhelmed by the deluge of information, meaning that the only way they can stay up on developments is to talk to their vendors. For CIOs who have the resources, assigning someone to keep tabs on wireless developments is a good idea. Subscribing to security services such as SmartDefense from Check Point Software Technologies also helps keep security protections up-to-date.
Implement carefully
Of course, the last piece of the wireless security puzzle
is securing the endpoints. For businesses where employees
connect wirelessly, CIOs must treat these employees
as remote workers and install top-of-the-line protections
on their laptop computers. At the very least, these
virtual road warriors need personal firewalls to protect
their data. In the best-case scenario, each of them
should have a VPN client to communicate across the wireless
LAN, too. These forms of endpoint security act as a
frontline defense against viruses, worms, spyware, and
other forms of malware. Without these protections, because
there is no physical security in a wireless access point,
wireless employees who log on from an airport or the
local Starbucks are making themselves vulnerable to
threats.
Critics may view these types of precautions as paranoia—a waste of money after re-architecting the network and keeping up with the latest technology. As the saying goes, however, an organization is better safe than sorry. With endpoint security, a CIO has a backup plan even if network-based defenses fail. Without it, an entire portion of the workforce is at risk. Many CIOs consider endpoint security an insurance policy—an investment in the sanctity of the network as a whole. For the most finely targeted approach, these technologists suggest prefacing any expenditure with a full-scale risk analysis to find out where the best investments can be made. For example, an enterprise with few remote workers may not need to be as cautious.
The Check Point solution
Check Point Software Technologies can help CIOs master
all the critical components of security in a wireless
environment. Combining the centralized management of
SmartCenter and the flexible deployment options for
VPN-1 Pro gateways enables technologists to segregate
wireless LANs. With VPN-1 Edge W for remote sites, CIOs
can deploy an integrated firewall and set up wireless
access points that are inherently secure—all
in a single appliance. Finally, thanks to endpoint software
dubbed Integrity, technology leaders can guarantee that
employees who connect wirelessly achieve particular
security postures before they ever connect to the network.
Secure the core, secure the edge, and protect the endpoint.
This three-pronged approach from Check Point enables
businesses to improve wireless security across the board.