Recently some of my colleagues attended the National Retail Federation show in New York City. Just before show started, AirDefense did a survey of almost 800 stores in the New York City area to get a sense of what kind of security was in place. The results, while very dismal for retailers, are not very surprising at all. There were still many places where no security is in place or the easily broken WEP key was still being used.

This brings us to a bit of a quandary. How do we make it easier to implement better security and provide a way to audit the network while detecting rogue devices? Well there are a couple of things that we can do to help mitigate the security risk.

First, there needs to be a realization that security is not just a ‘point’ product or a ‘once in awhile’ process. It’s something that needs to be integrated directly into the organization. Using tools that can manage configurations centrally and can audit the network to make sure those configuration policies are consistent is key. This applies to not only the RF settings (i.e. what you’re broadcasting out of your AP), but also the wireline side of your devices. Remember, there are threats coming from inside the network as well!

I’ve been into many customer sites over the years, many of them retailers, and it still amazes me how some customers can be so organized where they know each and every configuration setting on their devices, while others haven’t the slightest clue what’s actually running in their own network. How can we have a secure network that will pass PCI audits when no one actually knows what’s loose on the network?!

The second item that the survey brought up was the number of potential rogue devices that were deployed. PCI today only requires quarterly scans for rogue devices. I’m not sure about you, but that seems a bit long to me! Putting in automated tools to detect these devices as soon as possible is much more in the spirit of true security. In addition to doing wireless scans, which only determines that someone is bleeding into your RF space, performing a wireline scan to determine if the device is truly a security threat is important. By determining whether a device is actually plugged into the wired network it reduces the amount of work involved with determining whether something is ‘truly’ a rogue or if it’s just the AP in the Starbucks across the street.

The whole key to this endeavor is to take the concept of security and making it a part of the day to day operations of the IT staff.

Congratulations. You did it. You just went out and bought a bunch of the most high-tech WiFi access points on the market. Too bad they will be obsolete in a year or two.

It is inevitable.

With the advent of every “latest & greatest” WLAN infrastructure purchase (see: 802.11n, WiMAX, mesh, “thin APs,” etc.), comes the question that has network engineers everywhere scratching their heads:

Now what?

Now what do I do with my legacy gear? Now what do I do to prevent downtime as we migrate? Now what areas need to be migrated first? Now what does my vendor have to help me manage my multi-vendor, (possibly) multi-architecture network?

These can be daunting challenges and I have to assume that nearly everyone purchasing enterprise wireless APs is going through this same line of questioning right now.

Our featured keynote speaker Craig Mathias helped to allay some of the fear created by WLAN migration:

Click to view the “Managing Wireless Migrations and Upgrades” webcast

Jeremy Haltom has become a bit of a “diamond in the rough” for us here at AirWave as he continues to shine brightly as our guest speaker on some of the more pressing industry topics today. We don’t want to inflate his ego too much, but he does a great job of helping you understand what practical tips you can walk away from and put to use in your own WLAN environment.

This time, Jeremy helped explain the eight most common security threats facing a WLAN infrastructure today and how to deal with them, followed by an open Q&A with the audience. If you have any more questions for Jeremy or AirWave, feel free to post away in the forums.

And now, the moment you’ve all been waiting for, Jeremy Haltom’s webcast on WLAN Security Best Practices:

Click here to view the Best Practices in WLAN Security webcast