Wireless Security - The Security Plan for Your Wireless LAN

1 2 Page 2
Page 2 of 2

While intrusion-detection systems, or IDSs, aren’t all that new, it’s the new prevention part of the IDS equation that is helping to cut off threats before they can manifest. At Torrance Memorial Medical Center, Tomcsanyi has a detection system in place and is rolling out a new prevention element by the third quarter of this year. "This takes more of a proactive approach," he says. Using new technology from vendors such as Aruba, the access points act as both radio frequency connectors and wireless sensors for intrusion prevention, which can save on costs from having to install both the APs and a separate IDS. (Tomcsanyi, however, says he plans to continue using multiple security systems—such as a new intrusion-prevention system from Cisco to be installed later this year—in concert with each other.)

"Anyone who doesn’t monitor their WLAN is looking for future problems," says Fessler, who uses a detection and prevention product from AirSpace (which was recently acquired by Cisco) inside his Cisco infrastructure. "At a centralized level, we can see the rogues and shut them off."

Segregate Traffic

Though it may seem like an insane idea to some security-minded CIOs, many IT execs are opening their wireless networks to the public: guests and business partners who want to surf the Web and check e-mail while in the buildings. Tomcsanyi says that his ability to give patients and other visitors wireless access is a valuable asset in the health-care field.

Torrance Memorial Medical Center has 211 APs throughout its five-building campus that provide 100 percent wireless coverage, Tomcsanyi says. He is able to offer public Wi-Fi because he has the ability to segregate traffic within the network architecture. There’s an open network just for patients and guests, and a secure corporate network that provides the encrypted connections for employees. The two networks stay separate, he says.

According to Cisco, a wireless guest network is an easy way to allow access while eliminating the need for IT personnel to authorize each user. Guest networks use an open security method segregated on a specific SSID (a unique name for each WLAN) that routes traffic to a network that accesses the public Internet only. Tomcsanyi cites increased patient satisfaction levels because of the WLAN access.

While wireless networking has come far in a short time, CIOs now need to realize that the security mechanisms have finally caught up with much of wireless’s blistering hype. "It used to be that you’re going to have to sacrifice some security policies and procedures because you want to have that wireless connectivity," Fessler says. "Now I’m not having to sacrifice that."


Copyright © 2006 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Survey says! Share your insights in our 19th annual State of the CIO study