Modernizing Authentication — What It Takes to Transform Secure Access
Every now and then a piece of technology like wireless networking comes along that skips the workplace and jumps straight into the home (as well as the burger bar, the coffee shop and the filling station.)
It's easy to see its appeal to consumers – you can surf the net from your laptop on the couch, check emails over a cappuccino and generally live the whole Centrino lifestyle that Intel advertises so seductively in its commercials – who wouldn't want to file reports from a hammock overlooking the ocean?
But as far as the network admin is concerned, there is a delicate balancing act to be carried out. The principal objection to implementing a WLAN is one of security – we've all heard about wireless networks leaking out of buildings and being accessed by passers by on the sidewalk, and who wants visitors or uninvited guests wandering in and getting access to the network? According to a recent survey carried out by JupiterResearch (JupiterResearch and Enterprise Networking Planet are both owned by Jupitermedia), concern about weak encryption leading to eavesdropping on corporate communications is the primary barrier to the deployment of WLANs. Lack of budget and poor authentication leading to fears of unauthorized access to the network were also major barriers cited.
In fact, security worries are probably overstated, according to Julie Ask, research director at JupiterResearch. Her study found that 84 percent of survey respondents have not suffered a security breach due to their wireless network. Their wired networks could well be less secure – if only because CIOs are more paranoid about their wireless networks. "Wireless is inherently less secure in that some data goes over the air and can be intercepted," she says. "But worries have been severely hyped up by vendors of security solutions. The reality is that if you want a secure wireless network you can have one."
So the dilemma for the network admin is this: if you don't provide wireless networking then such is the demand from staff that there is a real risk of rogue networks appearing – all it takes is a user with a little bit of knowledge to nip out and buy a wireless access point and plug it in in his or her cubicle, and the potential for a security breach is pretty high. On the other hand, if you do provide a WLAN, you still have to be take steps to ensure that it really is secure, and put the right procedures in place to ensure it stays that way.
Many organizations, like satellite communications company Inmarsat, are concluding that installing a wireless network under company control is a better bet than risking finding a rogue network that it doesn't. "We decided to put in a WLAN about four years ago to pre-empt employees buying wireless appliances and introducing risk," says Pete Smith, Inmarsat's IT director.
The company's WLAN is secured using MAC address (define) access limitation and encryption, and a VPN kicks in when employees access the network wirelessly from home or from Wi-Fi access points.
"The main lessons we learned are to learn from others' installations, and never to install any product straight out of the box," says Smith. The biggest security risk comes not from the wireless access itself, but from the fact that laptops are other portable devices are more easily physically lost or stolen than desktops on a wired network, he believes.
JupiterResearch's survey found that the most important perceived business benefits of installing a WLAN are increased productivity for office employees and traveling employees, lower costs than a traditional LAN, and quicker network implementation compared to a traditional LAN.
These findings are borne out by Charles Wells, a specialist brewery business that operates a WLAN throughout its site. The company had been using Token Ring, but realized that when it added a new building to its campus that it would be faster, cheaper and more convenient to move to a wireless environment. "We experienced some pressure from our sales staff (to implement a WLAN), and when we added the new building including a training center, restaurant, board room, and conference room to our site, we talked to senior management and decided to go wireless throughout," says Dave Geliher, Charles Well's IT manager.
There's another benefit to running a WLAN that Inmarsat's Smith is also now capitalizing on: "We get a lot of visitors to our building, and in many cases we would like to give them access to at least part of our network to offer them a range of services. We now enable them to log on with authentication to our network, but with restricted access. When they fire up their machine and connect they are channeled to a site where we can control their access to our resources," he says.
But are the benefits of a wireless LAN always clear cut? JupiterResearch's Julie Ask wonders. She says that soft benefits such as keeping employees happy are valuable, but she doubts whether all the new practices that wireless networks may facilitate actually improve productivity. "If an employee is answering emails during a meeting using a wireless connection to his laptop, is that employee being more productive? It's certainly questionable."