I see that you will be presenting at Interop 2008 on new challenges in wireless security and management. What are the biggest wireless pain points challenging network managers right now?
Lisa Phifer: Wireless LANs (WLANs) have matured to the point where they are being integrated into corporate networks as mainstream infrastructure. That means that wireless APs [access points] and controllers must be managed and monitored consistent with wired Ethernet switches, and the connectivity they deliver must become just as reliable. In the past, many WLANs were managed as overlays, relying on their own administrative systems and processes. But broad deployment on a much larger scale will demand network management and security policy integration, as well as better tools for planning capacity and visualizing and responding to performance problems.
How can network pros be proactive about integrating with security teams regarding wireless security?
Phifer: Network pros can be proactive by seeking out opportunities to reapply what they have already implemented and know how to do very well. There will always be security measures that are unique to a specific technology: for Wi-Fi, that's WPA encryption and integrity, and RF-based intrusion prevention.
But those are just two vital components of a much bigger security picture. For example, individuals responsible for wireless security have a lot to learn from wired network pros about how to assess and harden Wi-Fi APs and controllers. Once traffic hits the wired LAN, many of the same security measures should be applied -- virtual LAN (VLAN) segregation, for example, and network access control (NAC) endpoint threat containment. Network pros can help wireless security teams avoid overlooking the same old threats or reinventing the wheel to mitigate threats already handled inside the wired network.
What is the worst mistake organizations make when implementing wireless networks?
When implementing wireless networks, an organization's lack of attention to, and planning for, capacity and application performance requirements is the worst mistake. Many existing best-effort WLANs got by without this, and there's a huge temptation to deploy next-generation WLANs based on the same old rules of thumb and intelligent guesswork. Even organizations that conduct site surveys and use predictive planners may not start with a solid understanding of their own user and application needs -- this reminds me of the phrase "garbage in, garbage out." Rough approximation and trial and error are great ways to learn what a technology can do. But that phase is over now. If you're deploying a business-critical WLAN on a large scale, up-front mistakes are going to be very costly to fix afterward.
Wireless security updates have slowed because standards have solidified. Wireless security innovations now revolve around making existing measures easier to see and apply on a much larger scale, and making them work well in tougher environments. For enterprises, we'll see APs with the ability to turn into not only WIPS (wireless intrusion prevention system) sensors but also as-needed RF spectrum analyzers and remote LAN analyzers. For SMBs, we'll see fill-the-gap security offerings that can deliver some capabilities provided by enterprise controllers and WIPS, but without requiring that degree of admin expertise or capital expenditure. For SOHOs and individuals, we'll see WPA2 embedded in new Wi-Fi-capable network peripherals and VoIP handsets, with simple push-button setup.
What will be the biggest trend or news on people's minds at Interop?
In this economy, we're all trying to do more with less. There's also a lot of buzz around becoming green. I think people will be looking for network hardware that provides more capacity or coverage at lower cost, reduces their total electric bill, and is accompanied by (or can be easily integrated with) tools that make installation and operation easier and cheaper. Hot computing technologies like virtualization dovetail with these themes.
This was first published in April 2008