Summary | The Business Case for Enterprise-Class Wireless LANs

This chapter outlined the many threats to security that happen both intentionally and unintentionally. These are vulnerabilities that you can avoid through proper planning and education. Today's threats include the interception of encrypted data and denial of service attacks. This potential negative business impact has created a great deal of emphasis on security practices, protocols, and the ability to protect against malicious attacks. The risk, however, does not stop thereconsiderations in the policy and methodology of WLAN security protection must also act as a defense against casual or incidental acts that result from the unaware employee or user.

Today, WLAN security is built on identification of the client, authorization of the user, and encryption of the data. Because wireless communication cannot be perfectly confined to an area, this three-tiered security framework is essential for protecting the WLAN. 802.1x is the foundation framework for the authentication process and is aided by EAP. Over time, many different standards have evolved with the intent of protecting the WLAN. Currently, 802.11i has become the newest standard being specifically developed for the WLAN to address security. WLAN security will continue to be one of the foremost considerations when building a WLAN solution for the enterprise. This chapter covered the fundamental information needed to develop a holistic and robust security plan for the WLAN.

The WLAN must be protected through preemptive actions. This begins with building standards based on best practices for the configuration of the client and AP. Further efforts are put into securing the physical space, monitoring for rogue APs, and taking charge of the airspace. Underpinning all these efforts is the ability to provide client education and to ensure that the integrity of the network remains intact by thwarting accidental events.

Finally, you should be able to place as much trust in the security of the WLAN as you would with the traditional wired network. No solution is infallible, but with proper planning, education, and monitoring, you can feel safe with whichever solution you deploy.