Cisco Systems Inc. on Wednesday brought a raft of security mechanisms for wired LANs out to the wireless part of enterprise networks.
The dominant LAN vendor has upgraded its software and launched a set of guidelines for integrating wired and wireless security, called the Cisco Secure Wireless Solution. The new capabilities are available to any customer with current Cisco software, said Chris Kozup, manager of mobility solutions at Cisco. Customers can use the guidelines themselves to build a security architecture or enlist the help of Cisco's services organization or third parties.
Enterprises are already able to bring wireless devices into Cisco's security system, which is built around ensuring any client is authorized and free of threats before it can hook up to the network. But bringing the same set of tools into the wireless domain can make that process easier, Kozup said. For example, if an enterprise wanted to secure wireless clients using Cisco's Network Access Control (NAC) appliance, the end user connecting via wireless would have to manually log into the NAC. Now that process can be transparent to the user, just as it is on the wired network, he said.
In addition to the NAC, the architecture includes Cisco's ASA firewall, Cisco Security Agent (CSA), Cisco IPS (Intrusion Prevention System) software, Cisco Secure ACS (Access Control Server) and Cisco Secure Services Client. These long-time features of Cisco's wired security are being extended to wireless LANs as the company's latest step toward unifying wired and wireless into one network, Kozup said.
The system makes the wired and wireless networks work together to bolster security. For example, if a notebook PC is connected to the LAN via a wired port, its wireless radio will be turned off automatically to prevent an attacker from using the wireless connection as a path on to the wired LAN. In addition, a Cisco wireless LAN controller, the mechanism in an appliance, router or switch that controls wireless infrastructure, can disconnect a wireless LAN client that poses a threat.
The security built into all Wi-Fi products has improved in recent years and many vendors sell tools to secure wireless LANs, such as Aruba Wireless Networks Inc.'s technology that uses encrypted tunnels. Cisco's new approach may not be significantly more secure than those options, but it can simplify life for IT administrators, said Farpoint Group analyst Craig Mathias. For one thing, it's easier if security for both parts of the network uses a single directory of users, he said.
Other approaches that are less expensive and more scalable can work just as well, according to Burton Group analyst Dave Passmore.
"This is Cisco assuming the network perimeter needs to be protected right at the every edge, rather than a more centralized approach," Passmore said. There are no significant threats to an enterprise LAN that can't be handled from within the wired part of the network, he said.