Wireless

Building a Secure, Scalable, and Robust Wireless Network

Wireless networks currently in place today often lack proper design. Wireless network designs often date back to when wireless was considered a convenience or a secondary form of access compared to wired access. With the access layer often shifting to wireless, correct design, deployment, and maintenance of wireless is needed to ensure it is secure, scalable, and robust.

For robust and secure wireless networking, many of the same design principles in wired networking apply, but additional principles apply as well. Some common points to consider in designing both wired and wireless networks are redundancy and user access SLAs, layer 2 and layer 3 networking design, bandwidth requirements and growth, network filtering and segmentation, and control plane and management security of the network devices. The primary additional concerns for wireless networking are radio frequency (RF) coverage planning and user access security and encryption.

Choosing the Right 802.1X Solution

Securing Wireless Networks with 802.1X and WPA3 Protocols

The primary method of securing wireless networks is with the IEEE 802.1X and WPA3 protocols. 802.1X is used to authenticate users and WPA is used to encrypt wireless data and ensure it can’t be sniffed. The 802.1X protocol was developed as a means to authenticate, authorize, and log access to both wired and wireless networks.

Though 802.1X is becoming more common on wired networks today, it is essential to the security of modern wireless networks. 802.1X solutions allow users to authenticate by different means, though the most common is by PKI/Certificate. It allows AAA (Authentication, Authorization, Accounting) servers to authorize and enforce user access level to the network. This allows for accessing this information for analysis and future investigations. When first implementing wireless 802.1X, a choice of 802.1X solution must be made. There are many solutions but some of the most common are: Cisco Identity Services Engine (ISE), Aruba ClearPass Manager (CPM), Portnox Cloud NAC, and Microsoft NPS. All of these 802.1X solutions have their pros and cons. Crossconnect can help with this decision based on business and IT needs, security posture needs, the vendor of choice for wireless access points, the user base size and needs, and IT staff experience with the vendor and the solution in particular.

See OUR IDENTITY SERVICES

Choosing The Right Vendor For You

Another decision to make is what vendor and type of wireless access points to employ. Some of the most prominent ones are Cisco, Meraki, and Aruba but there are many others. All wireless vendors have strengths and weaknesses and the most important thing is to make sure the vendor chosen matches the business and technical needs.

Cisco’s enterprise wireless controllers and access points tend to work very well in medium and large enterprises. Environments with a large user base with many varying needs may benefit from this solution. Aruba controllers and access points also fit this business case and have very similar features. Meraki, a cloud-controller solution, has also gained a lot of popularity as an easy-to-install and maintain solution, giving similar feature sets without the maintenance and know-how required by a controller-based system.