News

Explosive wireless growth drives security need

Devices capable of handling IEEE 802.11 based wireless communication are expected to exceed 1 billion units by year 2013 according to In-Stat research. This exponential growth is attributed to mobile devices that will use WiFi as the primary method of high speed network access such as smartphones, netbooks and laptops. This wireless growth is not only seen in the consumer electronics space, but also the ratification of 802.11n has fueled accelerated the adoption of wireless in the large to small enterprise as well. In this article we will touch on this new technology and the security challenges that need to be addressed.

IEEE 802.11n technology uses sophisticated signal encoding algorithms to provide over 5X bandwidth and 2X greater range using the same frequency spectrum as 802.11a and 802.11 b/g. It achieves this greater efficiency usage of spectrum by taking advantage of three major enhancements in physical layer radio, media access, and multiple antennas and multiple transmit streams known as MIMO technology (see table 1.0 for more information). MIMO technology transmits the data over two or more separate radios. These multiple transmitted signals can take different paths and are received at different times by the receiver. On the receiver side, multiple radios pickup the transmitted signal and recombine them for maximum signal quality. This use of multipath and multiple antennas increase overall signal quality and therefore lead to increased bandwidth and range.

Table 1.0: 802.11n Enhancements
MIMO
PHY enhancements
MAC enhancements
Transmit beamforming (TxBF)
40 MHz Channels (channel bonding)
Frame Aggregation
Maximal Radio Combining (MRC)
More Subcarriers
Block Acknowledgements
Spatial Multiplexing (SM)
Non-HT Duplicate Format
Reduced Interframe space – RIFS
Space time Block Coding (STBC)
Optional Short Guard internals
Spatial Multiplexing Power Save – SMPS
Cyclical Shift diversity (CSD)
Significantly Increased Modulation Rates
Power Save Multi-Poll– PSMP

Achieving critical mass with the advent of IEEE 802.11n
With the advent of IEEE802.11n technology many new services and capabilities that were marginally functional using 802.11g can now go mainstream. One such feature is the new voice over WiFi handset technology that can take advantage of the multimedia extensions of 802.11n as well as the newly enabled power save modes. Using these features voice handsets preserve battery power or longer standby and talk times as well as better audio quality. Another key trend is the replacement of access edge Ethernet switches with wireless access. At the enterprise level, companies can now provide similar connection experience with a lower total cost of ownership and deployment for a wireless solution (compared to a wired solution). Another new extension is peer-to-peer communication between devices. This new technology will change the home entertainment center by providing high speed wireless communication between the Television and other audio/video equipment. This literally means that the television is now your computer as well.
Like any technology that connects us to the outside world, the issue of security is paramount. Wireless LANs open as much, if not greater risks, compared to wired networks. New authentication and encryption mechanisms, such as WiFi Protected Access version 2, have been added to wireless standards in the past few years. However, even with the presence of strong authentication and link encryption, the following wireless threats still persists:
  • Man-in-the-middle attacks
  • Evil twin AP / Honeypot
  • Denial of service attacks – Too many associations per second, Packet Flood
  • Rogue Access Points
  • De-Authentication broadcast
  • Channel interference
  • Mac-Spoofing
In fact, some of the recent high-profile hacking cases have involved “drive-by” trolling of exposed wireless networks of retail establishments, resulting in the theft of thousands of consumer credit card accounts. In addition to mid-enterprise organizations and service providers, retail industry customers will need to address wireless security guidelines required by the Payment Card Industry, which require the detection of rogue wireless access points and intrusion prevention.

Until now, there have been few options for organizations that want to protect both their wired and wireless LANs with the same network and application security solution. The new FortiAP thin access points, together with the FortiGate product line, enable an integrated threat management schema for wireless networks in the same way that Fortinet has been able to provide for wired networks. The FortiAP is a 802.11n accesspoint build with 802.11n MIMO technology and multiple radios. This sleek AP can be mounted on ceilings to extend wireless coverage throughout a building. The FortiAP architecture will tunnel all the wireless traffic back to the FortiGate UTM engine to undergo intrusion prevention and cleansing, identity-aware policy, and Layer 7 application prioritization to achieve a high-performing, “fortified” wireless LAN infrastructure. The impact of integration of intelligent security processing and wireless access becomes paramount in real life scenarios. Since the wireless network is a shared resource for all users, it is very probable that a large, non-mission critical data transfer can impede business impacting traffic. However FortiGate’s layer-7 application prioritization engine can be configured to detect and limit the amount of wireless YouTube movie traffic, so that a business critical WebEx online presentation is not impacted.

FortiAP wireless access points are available with FortiGate hardware at varying performance levels to secure enterprises of all sizes, including large/medium enterprises, schools, hospitals, retail giants, dentists, law firms, and home offices. This new addition to the Fortinet portfolio further bolsters our end-to-end security portfolio provides an even stronger value proposition for customers to choose Fortinet in securing both wired and wireless environments.
Previous ArticleNext Article

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

GET TAHAWULTECH.COM IN YOUR INBOX

The free newsletter covering the top industry headlines