Many small businesses opt for wireless networks; they provide the connection you need and are easier and less expensive to set up than a wired network. But that convenience can cost your company in compromised security and lost data if the network isn’t appropriately encrypted.small_business, wireless, wireless network, WLAN, security
Not too long ago I was assigned to a troubleshooting and remediation project for a hospital here in the SF bay area. The problem, after much troubleshooting and lab recreations, was determined to be due to an unique issue with client roaming and authentication. During the course of troubleshooting my coworker and myself often found ourselves explaining 802.1X and 802.11i to others working on the troubleshooting effort, or requesting technical updates. So based on that experience, I started thinking this might a be a good topic to cover here.
Let’s review the some of typical components of the enterprise wireless security model.
What is 802.1X?
802.1X is not a protocol, but rather a framework for a “port-based” access control method. 802.1X was initially created for use in switches, hence the port-based terminology, which really doesn’t fit too well in wireless since users don’t connect to a port. In the end it’s meant to be a logical concept in the 802.11 world. 802.1X was adopted for wireless networks with the creation of 802.11i to provide authenticated access to wireless networks. At a high level. the framework allows for a client that has connected to the WLAN to remain in a blocked port status until it has been authenticated by a AAA server. Essentially the only traffic allow through this virtual blocked port is EAP traffic, things like HTTP would be dropped.
What is EAP?
EAP (Extensible Authentication Protocol) is the authentication method used by 802.1X. It can take on various forms, such as PEAP, EAP-TLS, EAP-FAST, to name a few. There is one thing to remember when determining what EAP type to use in your network, is that it is dependent upon what your client and AAA server supports. This is it, your AP or AP/Controller hardware or code version will play no part in version is supported. Unless your AP/controller is acting as the AAA server, but I’ll stay away from that in this post. I think this can be a point of confusion for people who haven’t read much or anything about EAP methods. So, if some one asks what version of EAP the AP will support, all you need to do is ask them, what does their Client and AAA server support.
What is 802.11i?
Simply put, 802.11i is an amendment to the original 802.11 standard to address the well documented security short comings of WEP. It incorporates WPA as a part of the 802.11i amendment and adds the fully approved WPA2 with AES encryption method. 802.11i introduces the concept of a Robust Security Network (RSN) with the Four-way handshake and the Group key Handshake.
Today, at Höganäs North America, the high-performance Cisco network delivers the day-to-day voice and data communications needed for around-the-clock communications and network connectivity that are vital to Höganäs’ staff for not only daily operations but to ensure the safety of their 80 plant employees: activities such as enabling crane operators servicing furnaces to alert nearby teams to help ensure their safety for example.
Don’t you just hate it when you drop your phone and it just stops working? My last phone fell out of my top pocket when I leaned over our pool and even though I got it out in less than 10 seconds and tried to dry it out, it was toast. Well, soggy toast I suppose.
There are times when you need something more. If you’re a manufacturer and you need some ruggedization then you might find it advantageous to look at the Cisco offerings. There are rugged versions of several products: switches, wireless access points and IP phone handsets to name just three. In the video I talk about one of them, the 7925G-EX handset that has been available for a short while now, and is being increasingly adopted by customers. Read More »
Consider this. According to the second chapter of the 2011 Cisco Connected World Technology Report, one in three college students and young employees under the age of 30 would prioritize device flexibility and social media freedom over salary in accepting a job offer. In fact, 40 percent of college students and 45 percent of young employees said they would accept a lower-paying job that had more device flexibility and social media access, than a higher-paying job with less flexibility. Wow!
People are so in love and attached to their mobile devices that half of college students and young employees said they would rather lose their wallet or purse than their mobile device, according to the study. And their mobile devices are multiplying – 77 percent of employees have multiple devices and one in three employees globally uses at least three devices for work.
Their attachment to their mobile devices goes a step further. More than half of college students and young employees want to use their own devices to access corporate networks, and two in five consider it a critical function of their job to be able to connect to the network from any location at any time.
So, what does this mean for businesses? People will want to continue their love affair with their mobile devices at work, so it’s better to be prepared to support employee-owned devices as the “bring your own device” trend is only becoming more prevalent.