Catch-22 of WLANs

Rapoza: eWEEK Labs products are making it easy to offer high levels of security for a WLAN without surrendering easy access for clients.

Data cant be stolen from a network that no one can access. Thats the absurd principle that many IT managers are following when they install wireless networks. On the one hand, they want to bring wireless ease of access to employees, partners and clients. On the other hand, they face such strict security requirements for implementing a wireless LAN that its actually easier to plug into the wired network instead.

You know how it goes when youre visiting another company or even dropping in to your own corporate headquarters or branch offices.

"Do you have a wireless network here?"

"Sure do."

"Great. Can I use it?"

"Of course. But first youll need to install this special client software on your

laptop. And then well need the MAC address for your wireless card. Once we have that, Ill try to get hold of so-and-so in IT and see if they can give you access."

"I see. Can I just plug into the network at that empty desk there?"

"That would probably be easier."

The sad thing is that it doesnt have to be that way. Its not hard to have both a secure and an easily accessible wireless network. There are two approaches: Either segment the WLAN apart from other network resources or use new products and technologies that can tell the difference between easy guest access and secure internal access.

But these methods have been obscured by the hype over the insecurity of WLANs. Many times Ive spoken to companies about using wireless networks and received standard answers such as "never, they are too insecure" or "we put one in, locked it down really tight, but no one uses it that much."

Where to begin? One of the easiest steps is to simply remove your WLAN from the corporate network. This can be done by putting it on its own network segment or by using the NAT, or Network Address Translation, that is built into many access points.

Using these techniques, the wireless network has no more access to internal resources than the Internet at large, and employees can use a VPN to get into internal resources. And while WEP, an option in all wireless devices, isnt secure enough for internal networks, it works well enough to discourage outsiders looking for open networks to use.

Some wireless and security vendors have started to notice the conundrum presented by secure but inaccessible wireless networks and are stepping forward to help. Their products are making it easy to offer high levels of security for a WLAN without surrendering easy access for guests and clients.

One of the best solutions Ive seen is Cranite Systems WirelessWall Software Suite, the eWeek Excellence Awards winner for authentication and user management (see special report, Page 60). WirelessWall uses high-level encryption and a dedicated client application to protect all the vital resources on a wireless network.

While employees and trusted users can access the network content they need, guest access can be defined differently. Thus, clients, guests and partners can get vanilla Internet access using any wireless card without jumping through complicated setup hoops.

Several military installations, including West Point, have adopted WirelessWall. If its good enough for the U.S. military, its probably secure enough for your business.

I also recently saw a new wireless access point appliance from security vendor SonicWall that takes a different approach to the same purpose. It secures network resources behind standard VPN technology but makes it possible for guests to go to a Web page and quickly get Internet access using a generic log-in.

There. Easy to use, secure and, yes, wireless. It is possible.

Now for the hard part: convincing everyone at your company that it can be done. Some re-education may be in order. Have clients and partners tell their tales of how they tried but couldnt use your network. Then set up a demonstration of the technology you choose.

With a more open but secure WLAN, you just might end up with more than just the cutting-edge tech types using it. After all, in these tightfisted times, your job is to make sure that IT resources, having been deployed, are actually used. Its called getting a return on investment.