How can wireless and wired security be brought together, rationalized and managed?

Cisco, 3Com and others have been working on common security capabilities

Like many things in IT, this security convergence is a work in progress. But as wireless LANs become the primary connectivity for more enterprise users, integrating wired and wireless becomes more pressing, especially around security. (See: "For IT, enterprise wireless to get more gnarly in next decade".)

"Security 'perimeters' are illusions," says Tom Henderson, managing director of ExtremeLabs. "If you're not protecting each and every device, then you're asking for trouble. The devices are already together: phones can be used to tether systems [laptops], creating back doors. Every MAC address has to be polled and understood for intrusion detection."

More wireless burning questions:

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Like many things in IT, this security convergence is a work in progress. But as wireless LANs become the primary connectivity for more enterprise users, integrating wired and wireless becomes more pressing, especially around security. (See: "For IT, enterprise wireless to get more gnarly in next decade".)

"Security 'perimeters' are illusions," says Tom Henderson, managing director of ExtremeLabs. "If you're not protecting each and every device, then you're asking for trouble. The devices are already together: phones can be used to tether systems [laptops], creating back doors. Every MAC address has to be polled and understood for intrusion detection."

More wireless burning questions:

Should you bother with Windows Phone 7?|
How to deal with bandwidth crush from mobile devices?|
How can employee-owned mobile devices be secured/managed?|
Is Sprint losing its WiMAX/4G gamble?|
What's the enterprise impact of carriers' new "capped" wireless data plans?|
How are big Wi-Fi networks affecting radio management?

The eventual goal is to manage wired and wireless networks as a single unit, says Farpoint Group's Craig Mathias, but not necessarily as a single network platform from a single vendor.

"A key part of this is the unification of security databases [such as RADIUS], and uniform user privilege management," he says. "This isn't common yet, but expect big announcements [about this] from WLAN and LAN vendors alike, this year and next."

"There's no easy answer for this. The WLAN vendors will have to do a better job here," says Paul DeBeasi, research vice president for network and telecom at Gartner. "They are working on this."

For example, both Cisco and 3Com (now part of HP) have been working to create common security, and other, capabilities that span both wired and wireless users. (See Cisco's "Wireless and Network Security Integration Solution Overview".)

Bradford Networks is offering a network access control (NAC) solution for handling wireless and wired clients. Last year Pepperdine University selected the NAC product as part of a deployment of Xirrus' Wi-Fi Array access points, specifically to work with the university's wired and wireless infrastructures on multiple campuses.

"You can begin to unify parts of the management infrastructure," Mathias says, starting with something as basic as having a common set of security policies and procedures for users, regardless of how they're connected to the network.

Don't expect much help from industry standards: work in this area is lagging, Mathias says. "The users really need to drive it," he says.

John Cox covers wireless networking and mobile computing for "Network World."

Twitter: http://twitter.com/johnwcoxnww

Email: john_cox@nww.com

Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed

Read more about wireless & mobile in Network World's Wireless & Mobile section.