Wireless LAN performance management and security standards beefed up

Wi-fi may be taking off in the enterprise at lighting pace, but wireless LAN security, access control and performance management still strike fear in the hearts of engineers and administrators.

This Content Component encountered an error
This Content Component encountered an error
So the Wi-Fi Alliance has set its recent agenda around securing networks as Wi-Fi devices proliferate on the enterprise campus and beefing up wireless LAN performance management certifications.

The alliance is about 60 days through the three-month testing period for two new extensible authentication protocol (EAP) methods (bringing the total to seven), which extend the types of authentication that can be used for Wi-Fi devices at the network entrance point.

And in the coming two years, the alliance will launch a number of certification programs, including WMM Admission Control for managed access to network resources, Wireless Network Management for performance and the Voice-Enterprise Program for testing voice in multiple access point environments. That's in addition to updates to WPA2 (Wi-Fi Protected Access) security testing.

Next week at Burton Group's Catalyst conference, Wi-Fi Alliance executive director Edgar Figueroa will address the issue of managing mobile environments in the enterprise and offer an update on upcoming certification programs and standards. Figueroa breaks down some of what he'll address at Catalyst next week.

Please start by explaining what the EAP types are and what they do?


We are expanding our authentication suite of protocols. For some years our program has supported five EAP types. With this announcement we announced two programs: EAP-FAST: That stands for flexible authentication secure tunneling. This is a protocol that was originally architected by Cisco and sometime thereafter they issued an RFC (request for comments) and it became an international standard. It's a popular authentication method that makes it seamless for folks to set up an EAP framework in their enterprise with minimal work up front. It uses mechanisms like passwords at the client level to authenticate folks coming into the network.

The second one is EAP-AKA (authentication and key agreement), which enables handoff between cellular and Wi-Fi networks using a single user identifier. It's really an indication of the continuing support from our program of that convergence that we all know is very important as Wi-Fi shipments continue to grow.

What else are network administrators looking for from you in terms of authentication?


The network is a living organism and we have to continue to evolve and monitor and adapt and innovate in terms of security. One of the tenets of our program is that we monitor what's happening in the industry and what's happening in terms of the best protocols made available. In the area of authentication, these two types were a result of monitoring [and realizing need]. In the future we will find additional authentication management we may want to pull into the program and support as part of our standards certification.

What challenges do we see in wireless LAN performance management and security?


In terms of security updates, within the next 24 months we will have an enhancement in security based on 802.11w. This will protect against network disruption caused by requests from invalid equipment. And it will be a nice augment to our program.

Separately there is the area of wireless network management, which is becoming critical since Wi-FI is becoming a really fundamental service in the enterprise. We have a program that will carry the name Wireless Network Management that we're planning to launch within the next 24 months. It will deliver techniques to make sure there is intelligent power management across the network and then separately there will be tools to enable analysis of network performance to be improved and for debugging and reporting based on 802.11 and other standards. Collectively it will give network administrators a robust toolkit to monitor, manage and get reports pushed to them from the network. And last but not least, it's going to enable networks to function more dynamically and to self-tune.

What are the challenges engineers and administrators face in network management as they integrate wireless LAN and wired networks and how can the alliance address that?


You can think of EAP authentication as a protocol that straddles between wireless and wired networks. Once you've launched an authentication method that same protocol is employed by both the wired and wireless network. We are trying to do the same with network management. Currently what many [network administrators] do is employ proprietary techniques or special custom tools that are available in the industry and have the intelligence to go out and do this dynamically. A new standard like Wireless Network Management will provide the ability for the intelligence to reside with each device and so network administrators can go out and look for equipment that is certified for that capability and then judge it based on price points or other features they are looking for.

What are the goals of the Voice-Enterprise Program?


Voice-Enterprise evolved from what we did with Voice Personal. It was always the case that [we] established a baseline with Voice Personal testing four concurrent calls for specific metrics, for jitter and latency and packet loss, and that was going to be the foundation for the Voice-Enterprise Program. The program will test voice deployments of Wi-Fi networks with dozens of concurring calls in multiple access point environments. It will pull in elements of 802.llk, which is intelligent resource management and elements of 802.11r, which is fast roaming. It will be a strong advancement of what we have today with the Voice Personal program and targeted at the enterprise.

You will be speaking at Catalyst about device-to-device connectivity. What does that mean?


It is really going to revolutionize the Wi-Fi experience. What we're doing here is giving each device that is Wi-Fi certified the intelligence to establish a direct link with any other device that is certified. That means walking home and taking a picture of your son or daughter and then wanting to see it on your plasma television and beaming that over the Wi-Fi connection to the TV. Or imagine you're a sales person coming into your customer's meeting room and being able to project your presentation onto the projector without having to join the private network that his hosting it. or being able to print that file to the local printer. This will eliminate cables between devices without having to establish a network or having access to the Internet.

How does that work?


There will be elements of WPA2 certified and they will employ those mechanisms when they communicate. Each device will have to negotiate a capability set that will establish who is controlling the communications; who is the master and who is the slave in old day terminology. So each device will either act as a controller or as an end station device. Dynamically, these communications can grow. They don't necessarily have to be one to one. As more devices are communicating with each other, those capabilities will be negotiated again. Some of the Wi-Fi protected setup mechanisms will come into play with this. We expect to deliver this program next year.

Dig deeper on WLAN Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close