NIST: Look beyond access point when securing WLANs
The National Institute of Standards and Technology has issued draft recommendations pertaining to the security of wireless local area networks (WLANs), concluding that they present a unique set of cybersecurity risks that government agencies should consider prior to deploying them.
It’s no secret that nearly every office building, including federal buildings, bases and hospitals, uses WLANs, but their proliferation has turned into somewhat of a free-for-all when it comes to access, and chief information officers need to rein it in. Wi-Fi use in the enterprise is surging as personal smartphones and tablets are flooding businesses; as a result, employees are choosing to access their employers’ higher-speed Wi-Fi networks instead of incurring data charges on their devices.
Recent numbers from IDC reveal that WLAN market revenues grew nearly $725 million in the second quarter, up 43.4%from the first quarter.
"Enterprise mobility has emerged as one of the key priorities for CIOs and IT managers across all geographies, and the growth of WLAN market revenues during the second quarter is a clear testament to that market dynamic," Rohit Mehra, director of enterprise communications infrastructure at IDC, said in a statement. "The tremendous momentum behind smart mobile devices and their continued uptake in the enterprise for business and vertical-specific applications are driving enterprises to move forward with upgrades and extensions of their wireless networks."
WLANs typically are less secure than wired solutions because they are easier to access and include weaker security configurations. Often security configurations are set at the access point level, but NIST is recommending that enterprises set standard security configurations across all WLAN components, including client devices. Moreover, organizations should standardize, automate and centralize as much of their WLAN security configuration and maintenance as possible, NIST recommended.
NIST also stressed the need to limit WLAN accessibility based on user profiles. Agencies should provide differing security profiles for different users. For example, a guest user should have a high security profile while full-time staff should have more privileges. In addition, when a client device connects to multiple wireless networks simultaneously (WLAN and cellular), that also presents security challenges.
NIST is seeking comments on the report through Oct. 28. My recommendation: Look at what the commercial mobile industry is developing around Wi-Fi. It’s clear that Wi-Fi is becoming a mobile network extension, and thus standards bodies are working on ways to bolster security and create carrier-class Wi-Fi equipment complete with policy control mechanisms.
It’s clear that IT folks have to move into the wireless network management world. They have to engineer a network that identifies and authenticates devices, identifies and prioritizes applications, and continually adds more capacity when needed.
WLAN vendors are beginning to hone in on scaling and provisioning tools. Meru Networks, for instance, recently acquired Identity Networks, which offers secure guest and device access management solutions. With the acquisition, Meru is expected to enable customers to provide secure, policy-based wired and wireless network access for guests and employees that bring their own devices into the enterprise.
The enterprise WLAN market is about to enter a whole new level of innovation.
What do you think? Tell us in the comment box below.