Cisco Systems has brought a raft of security mechanisms for wired LANs out to the wireless part of enterprise networks.
The dominant LAN vendor has upgraded its software and launched a set of guidelines for integrating wired and wireless security, called the Cisco Secure Wireless Solution.
The new capabilities were available to any customer with current Cisco software, manager of mobility solutions at Cisco, Chris Kozup, said. Customers could use the guidelines themselves to build a security architecture or enlist the help of Cisco's services organisation or third parties.
Enterprises are already able to bring wireless devices into Cisco's security system, which is built around ensuring any client is authorised and free of threats before it can hook up to the network. But bringing the same set of tools into the wireless domain can make that process easier, Kozup said. For example, if an enterprise wanted to secure wireless clients using Cisco's Network Access Control (NAC) appliance, the end user connecting via wireless would have to manually log into the NAC.
Now that process could be transparent to the user, just as it is on the wired network, he said.
In addition to the NAC, the architecture includes Cisco's ASA firewall, Cisco Security Agent (CSA), Cisco IPS (Intrusion Prevention System) software, Cisco Secure ACS (Access Control Server) and Cisco Secure Services Client. These long-time features of Cisco's wired security were being extended to wireless LANs as the company's latest step toward unifying wired and wireless into one network, Kozup said.
The system makes the wired and wireless networks work together to bolster security. For example, if a notebook PC is connected to the LAN via a wired port, its wireless radio will be turned off automatically to prevent an attacker from using the wireless connection as a path on to the wired LAN. In addition, a Cisco wireless LAN controller, the mechanism in an appliance, router or switch that controls wireless infrastructure, can disconnect a wireless LAN client that poses a threat.
The security built into all Wi-Fi products has improved in recent years and many vendors sell tools to secure wireless LANs, such as Aruba Wireless Networks Inc.'s technology that uses encrypted tunnels.
Cisco's new approach might not be significantly more secure than those options, but it could simplify life for IT administrators,Farpoint Group analyst, Craig Mathias, said.
For one thing, it was easier if security for both parts of the network usef a single directory of users, he said.
Other approaches that are less expensive and more scalable can work just as well, according to Burton Group analyst, Dave Passmore.
"This is Cisco assuming the network perimeter needs to be protected right at the every edge, rather than a more centralised approach," Passmore said. There are no significant threats to an enterprise LAN that can't be handled from within the wired part of the network, he said.