Click here for full white paper
 
Click here for full white paper
 
Click here for full white paper
 
Managing Wireless LANs for Security,
Performance & Policy Compliance

This article is an excerpt of the
"Wireless LAN Technologies for Security & Management" white paper.
Click here to request a copy of the entire white paper

Just as wireless LAN security mirrors security of the wired network, the same holds true for wireless LAN management. Network managers should already be familiar with the general requirements of managing wireless LANs but must implement wireless-focused solutions for fault diagnostics, configuration management, accounting for network usage, performance monitoring, security, and policy enforcement.

Managing a small wireless LAN deployment of 5 or 10 access points can be easily accomplished with the built-in functionality of enterprise-class APs. However, managing a larger wireless LAN deployment of dozens of access points in a corporate campus or in multiple locations across the country requires add-on solutions that scale to support the distributed nature of the network.

These wireless LAN management requirements can be satisfied with a combination of 24x7, real-time monitoring of the airwaves and proprietary solutions offered by enterprise-class network infrastructure providers, such as Cisco Systems and Symbol Technologies. However, these WLAN management systems are often limited by their ability to only manage access points manufactured by the vendor of the management system.

Configuration
Managing a wireless LAN's configuration across all access points and stations often provides the biggest challenge to network managers. At the most difficult level, each device must be touched to ensure proper settings for security, performance, and policy compliance. WLAN management offerings, such as Cisco's Wireless LAN Solution Engine or Symbol's Mobius Wireless System, can remotely manage access point configuration and apply multiple "configuration templates" to various segments of a wireless LAN.

Managing the station configurations provides a bigger challenge because network managers may not have direct access to all stations, and touching each station can be time-consuming project.

Real-time monitoring of the airwaves is then required to ensure that access points and stations remain in their defined configurations. Power surges or outages can reset access points to default settings. Employees can alter device settings to allow for more open network access. Analysis of the WLAN traffic while in the air identifies these network misconfigurations.

Fault Diagnostics & Performance Monitoring
Employees and users can benefit from the wireless LAN only when it is up and running. Responding to support calls can be an overwhelming task for an IT department responsible for supporting wireless LANs in remote locations. In most cases, the IT support staff cannot see network problems that arise from wired-side connectivity to the access point or RF issues that interfere with the wireless LAN.

WLAN management offerings, such as provided by Cisco and Symbol, can poll network devices from the wire to observe device characteristics and attributes and alert operational staff to issues. Likewise, real-time monitoring of the airwaves surveys network devices from the wireless side to analyze traffic patterns and alert network managers of AP failures and performance issues that can only be seen from the air, such as signal degradation from channel overlap, frequency interference from non-802.11 devices, and excessive overloading of the access point.

Accounting - Network Usage
Much like fault diagnostics and performance monitoring, accounting for network usage is accomplished with a combined approach that includes a WLAN management platform and 24x7 monitoring of the airwaves. Network management platforms from the likes of Cisco and Symbol track WLAN usage in connecting to various applications on the wired side of the network for in-house accounting purposes.

Monitoring of wireless LAN traffic across the airwaves allows network managers to track the network usage based on the peak capacity of each access point and the highest bandwidth consuming stations and access points. This allows network managers to plan for additional capacity as needed and deal with individual users who abuse the WLAN by downloading large, non-business related files, such as MP3s.

Security
For ease of management, security applications, such as those previously mentioned, should integrate with the network management platform. Security features for encryption, authentication, and access control should be pushed out through the network management platform. Alerts for attacks, network abuse, and intruders should integrate into the management platform to ensure proper reporting and network auditing.

Policy Enforcement
Policy compliance across the wireless LAN touches almost every aspect of network management and security. Network policies govern wireless LAN configuration, usage, security settings, and performance thresholds. However, security and management policies are useless unless the network is monitored for policy compliance and the organization takes active steps to enforce the policy.

Real-time, 24x7 monitoring of WLAN traffic identifies policy violations for:
  • Rogue wireless LANs - including Soft APs
  • Unencrypted or unauthenticated traffic
  • Unauthorized stations
  • Ad hoc networks
  • Default or improper SSIDs
  • Access points and stations operating on unauthorized channels
  • Insecure stations with default Windows XP settings
  • Off-hours traffic
  • Unauthorized vendor hardware
  • Unauthorized data rates
  • Performance thresholds that indicate the overall health of the wireless LAN.

 

This article is an excerpt of the "Wireless LAN Technologies for Security & Management" white paper.


Click here to request the full
Wireless LAN Technologies for Security & Management
White Paper


Home | Company | Products | Solutions | Knowledge Center | Careers | Contact Us
Copyright 2001-2003 AirDefense, Inc. All Rights Reserved.

 Site Map | Privacy Policy | Legal Notice