As users come to expect wireless access to be pretty much ubiquitous, and to be able to use the device of their choosing, companies face significant challenges in how to go about delivering on those expectations. Essentially, the job entails an ability to be aware of who is trying to connect, what rights and privileges they have, what type of device they’re connecting with, where they’re connecting from and what they should ultimately be allowed to do on the network based on all of these contextual considerations.
It’s a concept known as context-aware networking which, as the name implies, involves the ability to put each wireless network session into context so that you can apply security rules and policies accordingly. To learn more about how companies are grappling with the issue, we talked with Chris Williams, a systems engineer with Carousel Industries who works with customers on their wireless networks.
Outlining the Issues Around Context-Aware Networking
There’s a lot at stake prompting companies to want to get context-aware networking right, Williams notes. Wireless networks have no boundaries, so they bring with them significant risk if proper security is not in place.
The bring your own device (BYOD) movement only compounds the problem, forcing IT to be able to support myriad device types (depending on company policy, of course) and to enforce policy on all of them.
What’s more, IT needs to be able to see what types of applications users are employing, to decide whether they should be allowed. For example, corporate policy may forbid employees from using file-sharing sites, so they can’t download illegal movies and the like. “It brings risk if people do things like that on the corporate network,” Williams says. “Companies can get sued.”
Taking a Consultative Approach to Wireless Security
With so many issues to grapple with, he says it takes a fair amount of consultative planning up front to sort through what kind of approach will work for any given organization. For most companies, wireless started in just conference rooms and a few other hot spot areas. Now that it’s branching out, the conversations have to change.
“Do you want to control which devices are coming on and where you want them to go?” Williams asks. “What are your internal policies, what resources are people allowed to access based on their role? How do you identify folks and assign them a role? Are you using Active Directory for role management and is it up to date? Or maybe you just treat everyone as a guest and push them out to the Internet through your DMZ.”
The Technology Behind Context-Aware Wireless Networking
With a plan in place for what you want to accomplish, the next step is implementing the technology to make it happen. In most cases, that will involve several components, such as:
Fingerprinting technology, to help you identify the device a user is employing, so you can apply the correct policy. Wireless controllers typically handle the job, using one of two approaches: DHCP or HTTP fingerprinting. DHCP will tell you what operating system the device is employing but not much more; HTTP enables you to identify the specific device type, Williams says.
Stateful firewalls, which essentially put wireless conversations into context, giving them the ability to ferret out responses that are outside the norm for a given type of conversation.
Network access control (NAC), which enables organizations to identify and authenticate users as they access the network, then apply a granular level of control over what each is allowed to do.
Directory technology, to help group users into roles that make it easier to define what each user is allowed to do.
If you need help sorting out your wireless network plan and how context-aware networking fits in, contact Carousel – we’ll be happy to walk you through the process.