Going wireless? Protect your network!
The massive growth of wireless devices has a tremendous effect on the way a business designs its wireless network and controls access, says Douglas Ramos, director of Wireless Product Marketing at Fortinet. [Local rep: Networks Unlimited]
Going wireless? Protect your network.
As the device landscape shifts from corporate-owned to employee-owned, and as network usage moves to an ever-greater reliance on wireless, there are a whole new set of challenges that present themselves in the security layer of a business.
Douglas Ramos, director of Wireless Product Marketing at Fortinet, says wireless has today become the primary access layer for a considerable amount of the network at many businesses. He further states that the vulnerabilities of the devices coming onto the wireless network call into question the security on that access layer.
"Not that many years ago, the furthest you could go from your desk was the length of your Ethernet cable," he continues. "With your whole organisation no longer physically plugged into your network, you have to be able to secure your wireless network, which includes an increasing number of employee-owned devices. Issues include unpatched and unsecured devices accessing, transmitting and storing corporate data; the proliferation of untested and often vulnerable applications running on these devices; the merging of personal and work tools and data on a single device; and the creation of ‘shadow IT', where non-corporate devices and applications store and share critical corporate data on cloud-based networks and services that are unseen and unapproved by IT."
He points out that all of these applications come with their own vulnerabilities, so a business needs to have the ability to perform off-premises Web security, as well as securing Web traffic within its firewall.
Think like a cyber criminal, prevent a data breach
The quick and massive growth of wireless devices and enterprise applications thus has a tremendous effect on the way a business designs its wireless network and how it controls access.
"Your firewall needs to be able to see and secure applications and data that move across a network border or segment, but you need to have security for the mobile application layer as well," he explains. "With the major security vulnerabilities found in SSL over the last couple of years, for example, everyone had to change protocols and redesign Web sites. Unfortunately, because many of these sorts of tools are being developed for expediency rather than security, cyber crime has become increasingly common. Hackers are now looking at getting their information by hacking applications rather than users. It's unbelievable the number of times popular sites get hacked, and passwords and profiles are compromised. And most users are completely unaware of these breaches and associated risks. All of this has begun to create a big push to add an additional layer of security on the application side."
Ramos highlights that the amount of traffic being generated just from applications today is five times what it was five years ago. "In thinking about a wireless network, the number one thing that should be top of mind is the density of the traffic that you will have going through the network. You need to consider both user density, as well as application density. When you design a wireless network, one of the first things you calculate is how many physical devices you can connect through an access point. Then you need to factor in the amount of bandwidth each device will consume based on the applications they are going to use. And that is a moving target."
The main objective of every enterprise should be to provide secure but controlled network access, enabling the right person the right access at the right time, without compromising security, making network access control critical.
"It's not just about being able to onboard so many different devices. It's about making sure those devices are associated to the right people, and those people have the right permissions to access the network and application resources appropriate to their role," states Ramos.
FortiAuthenticator by Fortinet, distributed in Africa by value-added distributor, Networks Unlimited, enables such identity and role-based security. It also allows you to provide differentiated access based on device. "For instance, a user may be allowed to use her laptop to authenticate to the network and have full access to everything. But, if she uses her tablet to authenticate herself to the network, she only gets limited resources, say to e-mail, Internet, and basic work tools. And then, if she decides to connect using her smartphone, her device is recognised and she is automatically restricted to only Internet access. You can also control how many devices users can bring in. You can limit a user to only two devices, for instance a laptop and a smartphone. Subsequent devices are refused network access.
"Finally, it's also important to be able to easily grant secure, controlled network and Internet access to guests. With FortiAuthenticator, we can create a temporary account, with timed access, for a single device. And we can track that guest user as well," says Ramos.
He adds that in a wireless network, two-factor authentication is critical. Password-only authentication has not been enough to prevent security breaches, and with two-factor authentication, a password is combined with a second factor, like an associated PIN that is generated dynamically and sent via text or e-mail to a device.
"This allows your authorised users to remotely access company resources safely, from a variety of devices," he concludes.