A wireless LAN (WLAN) is, in some sense, nothing but radio?with different frequencies and characteristics?acting as the medium for networks. The concept of WLAN fundamentally changes the networking you are accustomed to: wired connections through some form of jacks attached to structures. The lack of hard wires in WLANs ushers in an era in which mobility, pervasive and ubiquitous connectivity, and all the associated interaction models prevail. As hyped as this technology is, there is still a belief in the industry that WLANs are not hyped enough.
It is true that, eventually, this technology will find itself in almost all the everyday things in our homes and elsewhere, from connecting the different devices in home entertainment to connecting to the Internet in public places, in addition to different ways of interacting in our workplace. In the future, mobile networks will be the norm, and wired networks will be used in special cases only, rather than the current situation in which the opposite is true.
The wireless world will move into other areas aside from just data networks, and it will open opportunity for a variety of unconventional services. There are already wireless phones (which employ voice over IP [VoIP] technologies) that operate over WLAN, devices that pipe music over WLAN, and TV recorders that have features to access the recorded shows over WLAN from other parts of the home. Ubiquitous location services over WLAN, in addition to WLANs in automobiles, are almost here. Just recently, there was news about the Federal Communications Commission's (FCC) proposal to allow the extending of the unused spectrum between the TV channels 2 and 51 for unlicensed wireless devices. The significance of this initiative is multifold: The TV signals operate at lower signals, resulting in higher range and better penetration through walls and other structures. They also offer more strength. The other dimension is the capability for the TV infrastructure to offer innovative interactive services based on WLANs operating in this spectrum.
However, the WLAN domain is also filled with various barriers?security, a limited range, nonuniform signal strength, and lack of efficient handover/roaming mechanisms between the WLAN access points (APs). WLAN also adds overhead in terms of messages for the discovery of APs and additional messages for roaming, management, and handover.
Major WLAN deployments, such an enterprise-level deployment, need to address various aspects including mobility, security, management (both network management and radio frequency [RF] management), and integration into existing infrastructure.
The key aspect of the WLAN network is secure mobility, which is the topic of this book. The challenge in the WLAN world is the security aspects, especially authentication, access control, and confidentiality. WLAN obsoletes the major assumptions in the static wired-network world and challenges the designers, architects, and administrators of networks to achieve similar or more secure LANs.
The design of WLAN is evolving?from distributed/decentralized deployment of access points and clients to centralized deployments and more integration with existing infrastructure. For example, the latest products from Cisco exemplify this trend:
Cisco Structured Wireless Aware Network (SWAN) solution extends the "wireless awareness" into the wired infrastructure. The SWAN framework addresses WLAN deployments of different scale?from small businesses to enterprises to universities to public WLANs?and it offers the capability to integrate and extend wired and wireless networks. The wired and wireless infrastructure can be highly integrated, or the WLAN can be an overlay over the existing wired infrastructure. Chapter 9, "SWAN: End-to-End Security Deployment," covers SWAN in more detail.
Cisco Wireless LAN Services Module (WLSM) for the Catalyst 6500 series adds fast, secure, campus-wide, wireless Layer 3 roaming and simplifies wireless deployments and ongoing network operations. The WLSM also enables you to extend the Catalyst 6500 features through the following:
- It extends Layers 2 and 3 of the Catalyst 6500 series supervisor Nonstop Forwarding/Stateful Switchover (NSF/SSO) to wireless traffic.
- It applies a full range of ACLs for traffic inspection, filtering, and rate limiting based on Layers 2 through 4 header information to wireless traffic.
- Quality of service (QoS) preservation and policy enforcement of all wireless traffic on a per-mobility-group basis.
- Hardware-based denial-of-service (DoS) protection mechanisms such as control plane rate limiters and Unicast Reverse Path Forwarding (uRPF).
- Interoperability with intrusion detection, network analysis, IPSec VPN, and firewall services modules.
The Cisco Compatible Extensions (CCX) for WLANs initiative provides the capability to achieve interoperability while evolving through various standards and specifications to achieve security, performance, and rich functionality. The industry should not diverge and fragment while rapid advancements occur.
In summary, the security in WLAN network deployment is of utmost importance, and the mechanics and mechanisms of the security in WLAN are the focus of this book.