5 security questions to ask your enterprise WLAN gear vendor

Product Test and Buyer's Guide Product Test and Buyer's Guide, 09/20/07 By Christine Burns There is certainly no shortage of news coverage on how enterprise WLAN products are now supporting the latest and greatest 802.11n standard with all the speed and manageability that it is supposed to bring with it. That said, it might be a prime time for enterprises to consider upgrading their wireless networks. Any upgrade to the WLAN infrastructure should also have baked into it an upgrade to the WLAN security parameters as well. As part of NWW’s revamped Enterprise WLAN Gear and WLAN Security Buyer’s Guides – which are both set to go live on Oct. 1 (more on that later) – we’ve compiled a package of information that will help guide IT buyers through the processes of researching, short listing and deploying these products. While our traditional Buyer’s Guide product listings will remain an integral part of this overall package (see the current listings for WLAN gear and WLAN Security), the market trend pieces, technology primers, best practices description, buying tips, and tests and reviews will be available in one central location for easy access. As part of the new WLAN Security Buyer’s we’ve contracted with Lisa Phifer, owner of Core Competence, a network and security technology consulting firm based in Chester Springs, Penn. Lisa has been involved in wireless solution design, testing, and vulnerability assessment since 1997. At our request, Lisa has compiled a list of the top five WLAN security-related questions any enterprise IT group should put forth to WLAN gear vendors looking to win new or upgrade contracts with them. Network World VoIP and Convergence Buyer's Guide Find the right products for your enterprise - fast. Our extensive database of detailed product information will quickly help you pinpoint the hardware or software you need to build out a converged voice and data network. With the side-by-side comparison tool you can evaluate product features and make the best decision for your enterprise. Click here to go to the Buyer's Guide now. Here is Lisa’s list: 1: Are you ready for 802.11n? From site survey and planning to WLAN analysis and Wireless IPS, most security products will require software updates and/or hardware upgrades in order to support 802.11n. Today, ask about features for modeling, detecting, and decoding both pre-N and 802.11n draft 2.0 protocols. Next year, those features will require updates to align with the final 802.11n standard. When it comes to security, blind spots are unacceptable. A security product that cannot see what an 802.11n AP or station is doing puts your network at risk. 2: How do you secure VoFi and multimedia traffic? WLAN equipment is being scaled and refined to support the stringent demands of voice and multimedia. Security and performance are often pitted against one another, and minor annoyances for data will quickly become show stoppers for latency-sensitive or high-throughput applications. Enterprises should ask WLAN vendors how they secure such applications, and the impact of various security settings on capacity and quality. WLAN planning systems must be able to consider these application needs, while WLAN analysis and IPS will need to offer meaningful interpretation, like the ability to differentiate between basic interference and targeted VoFi attacks. 3: Do you have a knack for NAC? Network access control (NAC) is poised to take enterprise networks by storm, with broad impact on both wired and wireless LANs. Fortunately, most wireless APs can use 802.1X to fit nicely into any flavor of NAC. But don’t make assumptions. Enterprises should ask WLAN vendors how the APs and controllers they buy can be plugged into existing Cisco/Microsoft/TCG architectures. Look for capabilities like policy-based virtual APs, wireless isolation of unknown/infected clients, and 802.1X/VLAN mapping. Also ask about VLAN support in WLAN analyzers and wireless IPS, and integration between Host WIPS agents and NAC agents. 4: Security vs. scalability As WLANs grow, tasks that were once practical and feasible will quickly become onerous, even impossible. Scalability certainly applies to WLAN security tools. Ask about WLAN planning and automation features that help minimize time-consuming site surveys. Inquire about WIPS capacity and reliability in large, distributed networks with hundreds of sites and thousands of APs. For example, deauthenticate-based blocking will have a tough time scaling without saturating the affected channels and sensors. In a large WLAN, diagnosing interference through ad hoc, onsite sampling simply won’t cut it – ask about WIPS-integrated spectrum analysis. 5: Cost of ownership When it comes to total cost of WLAN ownership, task automation and process integration are key. Pinching pennies on less-capable security platforms could end up costing a bundle by requiring onsite staff and tools for investigation and remediation. Look for role and regional delegation of WLAN security administration, monitoring, and reporting tools. Ask about centrally-initiated investigative aids, like the ability to use a remote sensor for traffic capture. Finally, look for opportunities to leverage existing security management infrastructure, like integration between WLAN authentication and Identity Management systems, or between WLAN alerts and Security Event Management Systems (SEMS).

TODAY'S MOST-READ STORIES: 1. IBM targets Office with free productivity apps 2. Sprint launches home cells to boost signals 3. One less reason to adopt IPv6? 4. The Hell of Gateway's tech support 5. Cisco to buy wireless-management firm Cognio 6. Researchers flash personal aircraft, future jetpack 7. DST issues resurface for IT 8. A Nortel-3Com-Polycom combo vs. Cisco 9. Does 802.11n spell the end of Ethernet? 10. 10 IT management software companies to watch MOST-READ REVIEW: VM management tools tested

Contact the author: Christine Burns is the Executive Editor of Testing. She can be reached at cburns@nww.com BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007