Securing wireless connectivity through virtual networking
As wireless networking begins to deliver on the promise of untethered, ubiquitous connectivity, a variety of security concerns associated with wireless technology present critical challenges to the enterprise. Traditional security solutions have failed to deal with these challenges in a comprehensive, economical and scalable fashion.
From the enterprise perspective, security challenges are centered on how to authenticate and authorize users to access enterprise resources with an economical and scalable solution, while blocking unauthorized users. An enterprise often has many geographically dispersed access points throughout its campuses. Information communicated over the RF channels has to be protected too.
Firewall and VPN vendors often recommend connecting wireless access points outside the firewall. Such solutions are expensive and require either building a dedicated network for the wireless access points or placing a firewall behind every access point. In addition, point solutions for securing physical links do not scale either. VPN vendor solutions for securing wireless connectivity come with a heavy price, since they don't scale. Furthermore, traditional VPN solutions force all wireless traffic to go through the bottleneck of a VPN gateway.
For end-users, there are additional security and accessibility challenges. Users want to enjoy ubiquitous access using any wireless access point whether it belongs to their enterprise, another enterprise, or a wireless service provider. The problem here is that point solutions to secure physical links often are not available to the user; hence, user communications are left fully exposed.
Virtual networks are software networks, where computers with virtual drivers coordinate their communications through a hosting directory server. There are no gateways involved for every site. Virtual networks ride, in a virtual layer, on top of existing physical networks and interoperate with common firewalls, edge routers and existing VPNs seamlessly. Computers in a virtual network experience fully meshed secure virtual connections using host-to-host IPsec.
The figure below depicts a deployment example of a virtual networking platform in an enterprise and illustrates the creation of secure virtual network overlays:
Virtual networks are based on virtual domains, simplifying management and eliminating the need to deal with cumbersome IP addresses. Security policies, fully compliant with standard IPsec, are associated with each virtual network and are provisioned using intuitive symbolic domain names that identify member computers. Policies establish the rules of communication among computers in a virtual network. They include access control rules as well as IPsec authentication and encryption rules. Policies can be defined at a level of granularity of a single computer and a single application. Policies are automatically pushed to end computers for enforcement as computers join a virtual network. Zero administration is required to enable these peer-to-peer IPsec connections.
Virtual networks can be set-up and torn down in minutes, while tens of thousands of secure virtual network overlays can be hosted on the same server. Computers and users can join and leave a secure virtual network at will. A computer may also reside in a virtual network all the times. Computers in a virtual network appear to each other as if they were in the same physical IP subnet, hence restoring the full peer-to-peer IP-level semantics among them. As a result, all IP-based applications, including VoIP, work in a virtual network, regardless of network and organizational boundaries, overcoming the limitations associated with traditional SSL and IPsec CPE VPN.
Computers in a virtual network can connect from anywhere to anywhere securely. No physical network reconfiguration is required. No change to firewall security policies is required. And, no cumbersome administration of parameters in every computer is required. The result is unconstrained secure connectivity, with unmatched ease of deployment, ease of management and ease of use.
Secure virtual networking is independent of the access method. When combined with Wi-Fi access points equipped with 802.1x controls, the virtual network server acts as the authenticating server, providing enterprises with a scalable, economical alternative to securing wireless networking infrastructure without requiring any change neither to existing physical networks nor to existing firewall and legacy VPN installations. 8 02.1x enabled access points can be attached directly to the private enterprise network without subjecting the network to any breach of security.
Secure virtual networking steps in where traditional security solutions have failed to deal with the security concerns associated with wireless technology in a comprehensive, economical and scalable fashion. Applicable to any enterprise or organization looking to enable secure, collaborative communications, secure virtual networking enables businesses to extend their existing, secure network infrastructure to include both local and remote team members and extranet business partners in order to share critical information and securely collaborate.
Hasan S. Alkhatib is the CEO of IP Dynamics and can be reached at firstname.lastname@example.org.
Visit IP Dynamics online.
Want to use this article? Click here for options!
© 2013 Penton Media Inc.
In this Webinar you will learn how to create a real-time relationship with your customers, how to proactively improve the customer experience, and how to successfully target and cross-sell services to boost incremental revenue.
- Megabytes to Megabucks, Bandwidth to Business Models: How 4G Is Changing Everything
- How to Unplug Your Redundant Telco Apps To Save Money and Improve Efficiency
- When IaaS Isn't Enough: Service Provider Business Models to Drive Growth and Build Margin
- How to Transform Your Aging Telco Voice Network to Drive New Profits and Revenue
- Creative Licensing Approaches for Telcos & Their Network Equipment Vendors
- Smart Home Opportunity: Balancing Customer Data & Privacy
This paper discusses the rise of Diameter and benefits of Diameter Protocol.
- Conducting The Orchestration – Order Management at the Speed of Business
- Toward a Converged Network Edge
- Beyond Spam – Email Security in the Age of Blended Threats
- 6 Important Steps to Evaluating a Web Filtering Solution
- The Expertise to Protect You from Botnet and DDoS Attacks
- Seeing is Believing – Bridging the Order Visibility Gap
Service providers are under tremendous pressure to turn up new services faster then before and, at the same time,
to do it at less expense - and intra-office fiber is one of the biggest challenges in terms of both cost and service
From the Blog
Join the Discussion
Get more out of Connected Planet by visiting our related resources below:
Connected Planet highlights the next generation of service providers, as well as how their customers use services in new ways.Subscribe Now