Extending the Protected Network Wirelessly
Adding secure Wi-Fi access to a corporate network need not be complex or costly. Vince Barnes examines an all-in-one device that streamlines wireless security and won't break the budget.
Having provided anti-virus, anti-spam, content filtering, and firewall protection at the perimeter, on the server farm, and on the local workstations, security administrators may feel they've covered all their bases in terms of protecting the valuable information flow on the enterprise's IT infrastructure.
This feeling can start to erode, however, when the need arises to provide access for satellite offices and home users — and especially so when wireless connections need to be included in that mix.
The tools available to help extend the protected space outward include Virtual Private Networks (VPNs) and a variety of encryption and authentication tools. When it comes to adding wireless nodes to the network, the security question has often meant working with tools offered by a variety of vendors to provide a full security package. And the ongoing problem of extending anti-virus protection as the network grows compounds the complexity of the situation.
Fortunately, new weapons that are aimed at simplifying the administrator's tasks are being added to the arsenal. One example that captured attention at the most recent Comdex is the SOHO TZW from SonicWall.
Available for less than $900, the SOHO TZW is an economical appliance with a price tag that belies its capabilities. The TZW packages a firewall, VPN technology, and secure wireless access in a single unit. The TZW runs SonicWall's SonicOS operating system, which has a similar look and feel across SonicWall's line of products. The appliance also features a simple to use web interface and a variety of wizards for performing deployment tasks that can greatly reduce setup time.
The TZW provides heavy-duty wireless network security by enforcing the use of IPSec 3DES encryption to create a VPN on the wireless LAN. All users must authenticate to be granted access.
When initially connected, a device is provided a private IP address with no access beyond the TZW. Once authenticated, a VPN is built and granted a level of access that depends on the authentication used.
The built-in Stateful Packet Inspection (SPI) firewall allows unusual flexibility in creating access rules. An administrator can create multiple trusted zones of access for wired, wireless, and guest access. This flexible protection allows for separation between the LAN and WLAN users, as well as the ability to create guest accounts that allow a guest access to the Internet without providing any access to the local network.