These days it is not uncommon to have users requesting network access for their smart phones or tables, whether it is an iPad or an Android phone the major questions are the same: how you do ensure secure network access for these devices and how do you secure the data on the device. Securing the data on the device is for another article; here we are going to talk about secure network access.
Within your organization you may already have 802.11 wireless deployed and most tablets and smart phones already have either 802.11g or possibly 802.11n wireless already built in. When the 802.11 standard was launched the only available security was Wired Equivalency Protocol which is better known as WEP. WEP has some serious security issues so it is not recommended for use and has been superseded with the newer authentication and encryption standard WiFi Protected Access (WPA) and WPA2 standards. Both WPA and WPA2 have the option for either using pre-shared keys which provides the same functionality as WEP.
The downside of pre-shared keys to authenticate your wireless users is the key is the same for clients. What happens if a device is misplaced or a key is leaked? All your keys will need to be updated to new keys which can cause significant headaches if you have large numbers of wireless devices. The better option is to use WPA or WPA2 Enterprise which leverages the 802.1x standard to provide per-user authentication to your wireless network. For WPA/WPA2 Enterprise options exist for either username and password authentication or digital certificates; both methods provide excellent security for your network with digital certificates having the edge in security while simplicity of deployment goes to username/password authentication.
Public WiFi and “sniffing”
Outside your organization is where other challenges exist. A lot of restaurants, hotels and coffee shops are offering free WiFi to patrons but the downside is that this access is unencrypted, meaning that anyone with a little bit of technical knowledge can capture traffic from devices connected via wireless and and then use that information against your users. Most applications offer encryption so that wireless sniffing is mitigated but this always isn’t the case.
The easiest way to secure access for your users outside of the organization is to encrypt all traffic from the endpoint back to the organization so it can then be forwarded unencrypted back to the internet so it appears the traffic is originating from the corporate network. Anyone sniffing traffic on the free WiFi will simply see encrypted traffic. Another benefit is secure access can be provided to resources located on the corporate network to users outside of the office allowing users to access information anywhere they have Internet access.
This access just doesn’t apply to tablets; laptops are also vulnerable to traffic sniffing on free wireless networks as well so it’s important to ensure that your users have secure access both on and off your network.
Reid Nilson is Senior Systems Engineer for Acrodex Integrated Network and Security Solutions.
|This article originally appeared in the Acrodex News Digest for June 2011. The digest also featured:
Check it out here.
For over 25 years, Acrodex has been a leading provider of strategic IT services for Canadian business. Today, the company is one of Canada’s largest IT solution providers, and provides a full suite of IT services including: IT Architecture and Design, hardware provisioning, software licensing, network & server infrastructure, managed infrastructure support, application development and project management.
Acrodex customers include leading enterprise and medium sized organizations across the country, in such industry segments as the public sector, energy, healthcare, education, and oil and gas. The Acrodex team is comprised of over 600 dedicated IT professionals located in Edmonton, Calgary, Fort McMurray, Toronto, Winnipeg, Regina and Vancouver.
Learn more about Acrodex here.