The acceptance of centralized wireless LAN architecture has significantly reduced costs and simplified the task of managing, securing and upgrading wireless systems, all of which have resulted in rapidly growing deployments.
What's more, with the advent of 802.11n and mesh technologies, wireless is beginning to provide a real alternative to wired Ethernet. But for that movement to gain ground Wi-Fi must offer high-level security and reliability. What safeguards are in place to prevent unauthorized access? How does a network administrator see what is "unseen"?
While standards such as Wi-Fi Protected Access 2 (WPA2) and 802.11i provide new levels of wireless security, and are backed up by new monitoring and intrusion-protection tools, enterprises are increasingly interested in the benefits of combining IT security with physical security.
But it's been difficult for enterprises to add physical security to wireless. How do enterprises balance providing mobility to their workers and visitors while placing needed checks on this untethered freedom?
A company, for example, may not feel comfortable letting employees access sensitive information like HR, finance or new product documents anywhere the WLAN reaches. It might make sense to have mobility in the finance department but restrict wireless access to finance information beyond that department to prevent others from potentially seeing sensitive material.
That's where the concept of location-based security comes into play: restricting who has access to the WLAN based on where they are. Besides adding another layer of security, location controls -- combined with access rights -- can also prevent overburdening segments of the network (and preventing denial-of-service attacks) and restrict where visitors can access the WLAN.
Today's leading WLAN switches are capable of reporting the location of laptops or mobile devices using data collected by wireless access points. These so called "locationing" services have been used largely for tracking assets throughout an enterprise. In hospitals, for example, they are used to locate doctors and blood transfusion and surgical equipment. But the same technology can play a larger role in security in the form of geo-fencing.
Geo-fencing is a term used primarily to refer to the practice of limiting network access by mobile employees and/or visitors based on their geographic location and authorization status.
The user identity is established based on one or more IDs (such as RFID-enabled visitor badge and mobile Wi-Fi device) in conjunction with a location algorithm that will determine the position of that specific ID, allowing an appropriate level of network access to that person. The basic premise is that a virtual access fence is created around each mobile device and user.
This is how it works. The wireless switch "follows" a user throughout the building, granting or denying access to resources on the network based on his authorization status and whether he's in an approved designated area.
It also ensures access to the WLAN and network resources only when the ID card (physical security) is present with the assigned user and his mobile device. This significantly reduces the possibility of someone using another user's laptop or mobile device to access unauthorized information on the network.
