Wireless network security — the past, present, and future
The past — Enterprises didn’t see Wi-Fi coming, but users did
We used to live in a wired world where users carried laptops that plugged into the back of an IP Phone. In those days, legacy authentication, authorization, and accounting (AAA) servers left over from the modem days ensured that users were checked against an active directory.
Things started to change in the early 2000s when Intel started embedding wireless chips into laptops. All of a sudden, users could take their fancy new Wi-Fi enabled laptops with them everywhere. You could IM people sitting on the other side of the conference room table!
But users often ran into roadblocks as Wi-Fi network coverage was poor and the perception regarding security was even worse. User behavior (and to be honest, pressure from executives) eventually drove IT departments to pay attention. It was either that or deal with users bringing their own access points (BYOAPs) into the office, which created a rogue hotspot that definitely was not secure.
IT eventually worked on the coverage and security issues, which was smart because the smartphone wasn’t too far off. But what we didn’t see were changes to those legacy AAA servers. In fact, a large number of enterprises still have some Cisco ACS or Microsoft NPS AAA servers in the network. This brings us where we are today.
The present — BYOD and #GenMobile
So why are all these Legacy AAA servers everywhere? For the most part, they do what they were intended to do when they were installed; authenticate users with laptops. And, often times, simply because of the “if it isn’t broke, don’t fix it” mentality. However the onslaught of mobility, BYOD, and issues with compromised or lost enterprise data is forcing IT to look elsewhere.
Legacy AAA servers are not equipped to directly handle BYOD onboarding (smartphones and tablets), the new operating systems (iOS, Android, and Chrome), and they’re struggling to keep up with high volume authentication and re-authentication demands brought on by #GenMobile’s work habits and their tendency to carry multiple devices. More importantly, legacy AAA servers lack the ability to profile devices, associate those devices to users, and share this context with other security solutions in the enterprise. Traditional security at the perimeter and legacy AAA solutions don’t take into consideration user, device, or location context. Mobile users and each device now require a new perimeter model that protects our resources regardless of device, location or time.
The future — And now the Internet of Things (IoT)
As wireless becomes increasingly ubiquitous, companies have come up with new ways to simplify our lives by allowing other devices such as printers, cameras, thermostats, refrigerators, and whatever else can be dreamed up to connect to our Wi-Fi and wired networks. These headless devices will challenge IT just like the BYOD phenomenon did. These devices will need to be accounted for, profiled, and have associated policies, to give IT the visibility and control needed to secure the network.
Replacing legacy AAA with Aruba ClearPass to future proof your network
ClearPass is much more than a turbocharged AAA server that scales to meet todays burgeoning BYOD demands — it also includes guest access services, reporting, certificate management, and more. Built-in APIs and Syslog messaging provides for the ability to share context with existing network security point solutions such as MDM, perimeter security, and SIEM solutions so that enforcement and threat prevention is extended beyond the traditional perimeter.
With advanced policy creation, and web-based management capabilities, ClearPass makes access security far simpler to deploy and manage than legacy AAA solutions. And unlike the old AAA solutions, ClearPass was designed to support multivendor network infrastructures, regardless of the Wi-Fi or wired vendor. The proof is in our install base. Let us know if we can help your organization secure your mobile enterprise.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.