Modernizing Authentication — What It Takes to Transform Secure Access
It wasn't too long ago that security for wireless LANs was in shambles. The first rendition of WLAN security, WiFi protected Access (WPA), was easily cracked and, therefore, useless to corporate users -- as many found out to their chagrin.
''It really didn't pass muster and it stalled the deployment of wireless for a while because people could not trust it,'' said Kevin Walsh, director of product management for Funk Software, which makes authentication severs for WiFi networks. ''(Crackers) could compromise information in minutes you really wanted protected for years.''
Today, however, the advent of the more robust WPA-2 security standard and other ways of securing WiFi networks, has cleared the way for corporate deployments that won't be cracked in minutes, hours or days, said Walsh.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i This means all the benefits WiFi promised in the early days can start to be realized: employees no longer shackled to workstations, conference rooms free of expensive network nodes and cables, the freedom to lay out offices and factory floors without having to worry about cable runs, reduced real estate costs, etc.
At Sun Microsystems, for example, CIO Bill Vass has set up 17,000 remote employees in the company's iWork program. They work flexibly by using WLANs that utilize tried and true SSL-VPN technology. A big benefit of this approach is it allows him to leapfrog the need to even think about the WPA-2 standards.
By sharing resources, Sun's iWork program saves the company $70 million in real estate costs and $3 million in annual electricity costs, he said, and it couldn't have been done without WiFi.
''We've mirrored our remote-connectivity wired network with our wireless network,'' he said. ''It works extremely well because you are managing only one security infrastructure.''
To accomplish this, Vass simply deployed an open wireless Internet connection throughout his facilities; in essence becoming a de facto ISP for his employees.
By using smart-card technology called JavaBadge employees simply log onto the open connection, which is no more secure than a Port 80 connection, and swipe their J-Badges through a reader. All the authentication necessary to log on the corporate network is contained in the card and the person's sign-on password.
Once logged in, employees can access Sun's corporate network from anywhere by initiating a SSL-VPN session. And since all of Sun's applications are hosted internally, its employee's desktops are accessible no matter where they log on.
''I would definitely agree with the Sun approach,'' said John Meyer, vice president of Engineering for VelociTel, a WiFi network design firm, ''particularly for corporate users. If you really want protection, you need to set up a VPN. If you're worried about security, using a VPN -- particularly for remote locations -- is the way to go.''
For CIOs concerned just with protecting an office environment and not hosting their employees' applications, WPA-2 is fine, said Meyer, since it protects the edge of the network and keeps unauthorized personnel from accessing your WLAN.
''If you're really only worried about mobility within your location, it would do the trick,'' he said.