Technical target: 5 keys to designing secure enterprise wireless networks
The security of enterprise wireless networks has become more critical than ever due to the growing emergence of telecommuting, the Internet of Things (IoT) and new generations of Wi-Fi. It is important for companies to know how to design a viable wireless security architecture to protect their network and data from cyberattacks.
Author and security researcher Jennifer Minella provided a roadmap that networking and security teams can follow in her book, Wireless Security Architecture: Designing and Maintaining a Secure Wireless Network for the Enterprise, reports TechTarget. In the book, Minella discusses wireless network security techniques, processes, and products, and then explains how to design an architecture. Minella also explains the parts and processes teams need to build their wireless network.
The author also devotes a chapter to showing how a company can design the optimal wireless security architecture, reports TechTarget.
“What I’ve noticed over the years is that most networking professionals within an organization tend to get soar when it comes to planning,” Minella wrote in the chapter’s introduction, “often bypassing any formal scope and documentation and jumping to product configuration”.
The note chapter divides Minella’s architecture design methodology into five phases – Define, Characterize, Design, Optimize, and Validate.
Wireless Security Architecture Phase 1: Define
During this initial phase, Minella says companies should identify project requirements, defined environment elements, and scope boundaries. This is also the time when the architect should do things such as identifying team and project roles, discovering various wired and wireless network infrastructure components, and identifying applications that must be supported on the wireless network.
Wireless Security Architecture Phase 2: Characterize
This next step is where the network architect “captures both qualitative and quantitative security characteristics mapped to individual classes of networked elements such as endpoints, applications, and users,” Minella wrote. These features are used for functional mapping in the design phase.
The characterization phase addresses the discrete elements for requirements mapping. During this phase, the architect captures qualitative and quantitative security characteristics mapped to individual classes of networked elements such as endpoints, applications, and users. These features are then used for functional mapping in the design phase. The characterization phase is also where the architect can select items that require specific security controls to meet business objectives or compliance requirements.
Wireless Security Architecture Phase 3: Design
Perhaps the most involved of the five wireless security architecture phases, the design takes previous discovery input and performs “functional mapping for required security controls and mapping.” The architect should also document conditions, variables and any known or anticipated design deficiencies at that time, according to Minella.
The architect should also evaluate the existing architecture and tools to see if they can meet the project objectives. It is also at this stage that vendors, products, and configuration options are identified to meet security and connectivity objectives.
Wireless Security Architecture Phase 4: Optimize
The optimization phase is when the architecture design is refined to improve its performance and security. It’s impossible to just “set it and forget” wireless networks due to constant security threats and industry standards that are changing faster than ever. To keep pace, architects must continually research changes in security protocol standards and implement architectural enhancements. They must also evaluate new features in vendor products for additional security benefits and keep internal standards up to date.
Wireless Security Architecture Phase 5: Validate
In this final phase, the architect will verify the capabilities of the design and expect results against the initial scope requirements of the previous definition and characterization phases. The architect should also be in constant communication with other teams and seek feedback from stakeholders to ensure that the scope has not changed and that their expectations have been met.
Once deployed, the validation phase will include system testing and validation, including security assessments and penetration testing.
“The five phases make it easy to collect and organize data for planning into inputs and outputs,” Minella wrote. “Inputs are the data consumed and factored into planning, and outputs are the actionable requirements for infrastructure design.”
Note: TechTarget has published the Wireless Security Architecture snippet with permission from Wiley Book Publisher.