Enterprise Lockdown

Reply
Highlighted
N/A

Authentication is the wave of the future?

So I just read Devin's comment on Dom's article in the Articles section of the site. Far be it from me to answer for Dom but, luckily, I don't have to! I can just post here instead.
So what about authentication? Gotta have it. Totally agree. If it's not there it kinda takes the "secure" out of "secure mobility" doesn't it?
My question to you is, "is this enough?" By enough I mean, do you truly believe that we need new authentication methods? Are the biggest problems in mobility and wireless today authentication?
It seems to me that the biggest gaps in mobility technology today is not the Wi-Fi hardware (as Dom said, it gets commoditized almost immediately), or RF (although that could change, more on that later) or authentication.
To me, the biggest problems that have yet to be solved and solved well are client issues. You can have the best wireless LAN in the world (I know, I got one in my house!) and a lousy driver will completely rain on your parade. Ever try to use a Wi-Fi voice handset? Some of the ones floating around out there are NOT pretty. Believe me.
We can also go play on this theme in other related spaces too. Like 802.11n. Great idea! But drivers are as buggy as my tomato garden! OK. So I'm a lousy farmer, but that's another story.
The list can go on, but , as Andrew Wiles said, "I think I'll stop here".
Clients are interesting to me - in particular once you get off of laptops or well supported and established technologies. At this point, clients become very specialized. The Wi-Fi client on a Hitachi handset is a completely different beast from that on a Microsoft smartphone or PDA. Those are rather different than your average RF scan gun.
So many clients. So many devices! So much legacy support! Oh the agony. Where will it all end?
Often I am asked to help people solve authentication problems - not because there is anything inherently wrong with 802.11x + PEAP or what have you. But rather more because we don't trust the devices (don't support WPA2) or some similar problem.
It isn't ALL about clients. There sure are some places where authentication could play a little nicer and be more helpful, but I think we're on to something when we step back and look at the devices that actually gotta get on the network and get some work done.
N/A

Oh and I almost forgot about

Oh and I almost forgot about application optimization and performance. But that would be in a different forum topic.
Cheers,
Netgirl
Aruba Employee

Re: Authentication is the wave of the future?

Netgirl,

Interesting points. I'd have to say, though, that the issues you raise or sometimes seen as interrelated but they are really orthogonal. Authentication is very important in building a secure wireless network. Is it sufficient, as you asked? No, you also need identity management, authorization, encryption, and user life-cycle management. However, except in some smaller, wireless-only deployments the rest of these are outside the capacity of your Secure Mobility solution to address. Specifically, you should be thinking about ALL asset access not just wireless and not just network. But that's an essay by itself.

You also raise good points about client driver issues. Authentication can make sure that invalid users cannot get onto the network but it can't help valid users get on the network if they are using sketchy devices or drivers. Sadly, it is not yet possible to reach over the air and fix someone's driver. The best we can do is to make sure that our infrastructure is not only resilient to misbehaved clients but also make sure that it makes the best attempts to work well with most clients. Technologies like band-steering and airtime fairness can help some to make sure that even older clients get some airtime and don't unfairly deprive others. Stable and well tested infrastructure code also helps make the best of a tough situation.

Finally, what you will see from us is a commitment to give you the tools and support you need to find and resolve these issues. We've worked with many customers and many client device manufacturers and driver authors to make sure that you get what you expect out of your deployment. We can't fix everything but we sure do try!

-J
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: