Security to the max

Ticking the boxes 3Com senior systems engineer, Andrew Hindmarch, said improved wireless security meant newer wireless technologies - including 802.11n gear - will need to be supported with compatible access points and silicon. He said centralised wireless network management, such as harnessing central controllers and Radius authentication and accounting servers, in an increasingly converged environment, was key.

WiMAX networking was designed as a WAN technology, with users moving between base stations and roaming across networks. So back office security at a carrier level is needed.

"We've had different wireless switches out for about six months that do all the things you need to do in a converged environment," Hindmarch said. "And having centralised control allows for centralised security management."

Users can oversee whoever is entering, leaving or using the network and assign them particular rights - such as a degree of QoS or VLAN rights. "That's architecture-based security," Hindmarch said.

Encryption can be deployed pretty much anywhere now, he noted, and in various flavours. 3Com is looking at creating more encryption for SSIDs (service set identifiers). And look out for granular user 'passports' that grant rights, such as permission to enter or leave certain locations on the wireless network, via the central controller.

"Another way is what we call 3Com AirProtect wireless intrusion protection, which is RF security where you can really look at how you control the RF discussions between a client and an access point," Hindmarch said.

AirProtect can defend a network against rogue access points, or even the odd innocent worker who decides to plug in an unauthorised wireless hub. Internally, you can also protect against ad hoc connections, Hindmarch said, shutting down any that are started up as it happens.

With newer wireless technologies, you're using more channels to access the speeds and create that extra throughput. So products that let businesses monitor what's going on anywhere in the network look most promising in terms of reseller revenue, Hindmarch added.

Inside information Intel channel platform manager, Kamil Gurgan, said new Intel products may help boost overall wireless security. Next year the chipmaker will introduce Echo Peak, a world-first integrated Wi-Fi/WiMAX module for notebooks. Add-in cards are available already.

Gurgan said the Echo Peak module can assist businesses to control and manage endpoint technologies on the network. About 300 WiMAX trials are currently happening worldwide, and 100 commercial deployments. Some 522 companies, including Intel, are working together in the WiMAX consortium to produce the best and most interoperable technologies adhering to the 802.16 standard.

Gurgan agreed many of the original mistakes made in Wi-Fi security won't need to happen again in WiMAX. Wi-Fi had got to the point where wardriving was getting harder and harder to do, he claimed. This was partly due to user education, as well as a result of improved, more user-friendly wireless networking hardware. WiMAX also has that electronic 'handshake' between devices that tightens security, Gurgan said.

"I think people are wising up," he said. "I had a similar conversation with Linksys recently, and some of the new products coming out have one-button operation, making set-up easy. From what I hear, that's helping." With Intel vPro processing technology on the Santa Rosa platform, security is in the TCIP stack on the management module. "So you can actually go through firewalls and still have security," Gurgan said.

vPro allows better network endpoint management overall, he claimed. "You can stop people from deleting agents, which is very important, by driving over the top of the technology down into the chip level. It's part of a holistic strategy for security."

Intel also has a platform coming out called McCreary - part of the third generation of vPro - which features Intel's Advanced Management Technology (AMT) 5.0. AMT can, among other things, help administrators deploy security patches up to 94 times faster, according to the vendor.

Most notebooks already have the TPM chip which offers encryption at motherboard level. McCreary also offers encryption on the hardware itself. Opportunities for resellers will come from educating customers about the security and compliance benefits of the upcoming hardware, which also tends to offer greater gains in such important factors as energy efficiency, Gurgan said.

BigAir chief executive officer, Jason Ashton, also insisted newer wireless technologies didn't necessarily pose a particular security problem for users. Wi-Fi, he pointed out, had often shipped in a "totally open" state and the vendors had been forced to play catch-up to make their products more secure. But the lessons learnt have largely carried over to new wireless networking R&D.

"When they started developing WiMAX, what was to be built into the 802.16 family [of standards] was a bunch of technology to take care of security completely," Ashton said.

WiMAX supports the Advanced Encryption Standard (AES) and Data Encryption Standard (DES) - and networked devices support use of digital certificates and unique MAC addresses.

"The fixed WiMAX [network] we're deploying has some other features as well," Ashton said.

Beyond WiMAX In some ways, though, the jury is still out on WiMAX, according to Gartner mobile and wireless analyst, Robin Simpson. WiMAX may not in fact prove the winner among the newer wireless technologies - except perhaps in rural or regional areas in places like Australia or India.

But he agreed WiMAX doesn't mean a big change in attitudes or behaviour surrounding wireless security. "It's not much faster than HSDPA or 3G gear," Simpson noted. "And UWB is different because you're talking about short bursts at very high speed."

WiMAX may eventually be overtaken by Software Defined Radio (SDR) wireless technology, Simpson said. SDR has long been available in specialist military applications and offers seamless roaming.

"Due to military use, it might be expected to be more secure," he said.

Wireless link security was less of a worry than what people do with their wireless networking. "The biggest problem is the endpoint," Simpson said. "Security is always a balancing act between the level of risk and what it costs to manage it. Most organizations have a limited budget."

Newer wireless technologies may mean more of the same when it comes to wireless security threats yet greater speed means centralised management of security threats may be a favoured way to protect the core. But the channel will have work to do, just the same, to develop and support best practice in wireless security.