802.11 Hotspots Just the Start - More Wireless Management Scenarios on the Horizon
Enterprises and network administrators are starting to face an increasing number of new remote access and management scenarios beyond the ever-present need to secure corporate laptops at public hotspots.
A growing number of administrators are concerned over how to manage corporate laptops at public hotspots. And soon, many enterprises are likely to face the prospect of managing additional wireless technologies beyond mere Wi-Fi.
Customers ranging from Sears to Schlumberger are already implementing customer service or sales applications with major wireless WAN (wide area network) components. Meanwhile, hardware vendors are eyeing PDAs with 802.11 as well as Windows XP management functionality.
Schlumberger's entire US sales force is now using a PDA-based CRM application that operates over Sprint's wireless network, according to John Tombari, Schlumberger's VP of sales.
Along with Sprint, Verizon is another telco that's actively working with enterprise customers around data applications in the WWAN space, notes Tim Bajarin, president of the analyst firm Creative Strategies, Inc.
Protecting Hotspots – VPNs, Personal Firewalls, and Encryption
Right at the moment, hotspots pose some challenges to enterprise administrators, industry analysts agree. Warren Wilson, an analyst at Summit Strategies, hints at major potential for signal interference. "As wireless hotspots proliferate, we'll see more signal interference among neighboring wireless networks. 802.11b also plays in the same frequency range as devices such as microwave ovens and certain cordless phones. These are some of the things that will drive adoption of 802.11a," Wilson predicts.
Security issues, though, will be relatively simple for enterprises to handle, according to Wilson, although the analyst readily acknowledges that Wireless Encryption Protocol (WEP) can be problematic.
Like other encryption technologies, WEP is supposed to “scramble” data so that it can’t be read by unauthorized eyes. WEP encryption, though, is widely acknowledged as being easy to break. One big problem is that WEP uses the same key for encrypting and decrypting all data on the wireless link. Moreover, many end users – and some administrators – never even bother to enable WEP at all.
"Public hotspots, however, are not being installed by amateurs," points out Wilson. "If your organization has a VPN in place, with personal firewalls on end users' laptops, then your users should be well protected."
Furthermore, hotspot purveyors will be staying up-to-date with the latest available security improvements, according to the Summit analyst. "We'll see pretty broad support [at public hotspots] for newer encryption technologies such as WPA, 802.1x, EAP, and LEAP."
Indeed, some of these technologies are already getting support from vendors, and several Wi-Fi products with improved security for homes and small businesses are available now. Microsoft's new Wireless-G family of 802.11g devices, for example, was unveiled this week in New York City and comes with built-in support for WPA.
Like Summit's Wilson, Brian Moran, marketing manager for AirDefense, also advocates the use of VPNs in conjunction with personal firewalls. Specifically, he says, "when VPNs are used for connecting back from a public hotspot to the enterprise network, split tunneling should be disabled," he advises.
Moran offers these additional tips and tricks for protecting access to enterprise networks:
- Ensure that the wireless card remains in "infrastructure only" mode
- Turn off ad hoc networking on laptops
- Clear the list of preferred networks. "Windows XP uses this list to actively probe and broadcast corporate and home service set identifiers (SSIDs)," according to Moran.
- Disable file and print sharing