Data centers must always consider wireless networks a threat. Wi-Fi signals extend way beyond the walls of our buildings, so a hacker with just a good antenna can easily connect to Wi-Fi from the outside. Security must be of utmost importance for wireless networks to avoid hackers ultimately gaining access to a company’s sensitive information.
As more Internet of Things (IoT) devices are introduced into data center networks, the challenge is to secure those devices and the network where the company’s most precious information resides. Network protection is best achieved using enterprise WPA2 and 802.1X protocols rather than the traditional WEP or WPA 10, which showed vulnerabilities 15 years ago. Security concerns were detected in WPA2-PSK last year, which meant all major wireless vendors needed to offer emergency patches. Security protocols employ a shared key, which can easily be given to users outside an organization; WPA2-Enterprise is therefore the only viable security option for the data center. With BYOD, and new innovations such as the IoT, wireless systems have become much more complex to design, deploy, support and secure.
To secure an organization’s digital assets, consider the following before deploying or upgrading security for a data center network.
1. Make Proper Network Assessments
Understand your environment, see end users in real time and know what type of devices they’re using, what types of applications they’re using and the status of the different networking components that may affect the use of those devices. You should also run active tests to help avoid problems before they happen.
Role-based access control (RBAC) is an approach to restricting system access to authorized users. Most enterprises with more than 500 employees use this approach, allowing them to assign roles on the basis of who, what, where, when and how a user device is trying to access the data center network. More than ever, network security must become application aware to ameliorate threats. Application filtering is crucial to protect users from content that might contain malicious threats as well as to avoid performance issues. Most importantly, your firewall(s) should be the backbone of your security system, but note that a traditional firewall is no longer enough.
2. Ensure Network Performance and Scalability
Wireless networks were originally planned for coverage only, but with all the smartphones, tablets, laptops and other smart devices out there, these networks must handle high capacity as well. Because the use of new wireless devices will only continue to increase, the data center network should be set up to expand in coverage and capacity as needed—without having to overhaul or build an entirely new network.
In 2016, the Wi-Fi Alliance approved a new standard called AC Wave 2 to support, among other things, more connected devices. According to Gartner Vice President Tim Zimmerman, this standard provides “the ability for the access point to communicate simultaneously with multiple mobile devices in a single coverage area.” The access point will be able to talk to as many as four single-stream devices at once going downstream. A major update that comes with 802.11ac Wave 2 is support for additional 5 GHz channels. If these channels are designated for Wi-Fi use, they could help support more users and devices overall. Most devices (65% according to the Wi-Fi Alliance) are now dual band, meaning they can operate at both the 2.4 GHz and 5 GHz frequencies. These new standards will help organizations as they move to a more connected arena in their day-to-day business dealings with both internal and external clients.
Performance issues can arise from bottlenecks or choke points resulting from underperforming wired networks or from outdated network equipment. When updating your wireless system or deploying wireless for the first time, you can’t afford to ignore or your wired switching backbone.
3. Secure the Network
Network security is an ever evolving mission as intruders find new ways to breach systems and as smart devices become smarter, more graphics intensive and more mobile. The network needs capacity as well as good coverage, but meeting these needs can be a challenge. By working with a strong, strategic security partner with deep expertise in all facets of protection, you can successfully manage the complex life cycle of expanding technology systems.
4. Track User Behavior to Detect Anomalies and Threats
User-behavior/entity analytics (UBEA) goes beyond security-event analysis to track employee/user behavior. Essentially, UBEA treats your network as a “living thing”—both people and devices. Generally, people tend to do the same things every day, week or month. They check email, browse the Internet and talk to this or that server. UBEA builds a profile of the person/device so that if one day the device begins doing things it’s never done before (e.g., deleting or transferring numerous files), an alert triggers an event. In modern UEBA systems, machine learning can also correlate data center and individual networks with system events. Depending on the severity of the anomaly, they send a warning and may quarantine the user, the device or both.
5. Manage Mobile Devices
Employee use of mobile devices outside the data center can determine how you’ll manage access to applications and programs. Plan for a secure method of registering and securing devices that employees bring to the network (BYOD). You can even remotely wipe the device if it’s lost or stolen.
6. Implement Redundancy
Don’t put all your eggs in one basket. The redundancy that your Wi-Fi system requires depends on your environment and needs. Many businesses today demand that their wireless networks be a reliable as their wired networks, so plan/design for the proper redundancy to support such requirements.
In summary, deploying a complex wireless data center network—or updating an existing one—requires thoughtful and comprehensive planning. Success will depend on understanding the requirements and expectations, on proper product selection, on accurate implementation and on the recognition that the network must be flexible and scalable to accommodate an evolving technology environment.
About the Author
Kevin Meany is CTO and cofounder of Versatile. He leads the company’s consulting and professional-services teams and the deployment of technology and services for clients. He has over 25 years of experience developing complex infrastructure strategies, implementing IT-support solutions and evaluating new and transforming technologies. He started with Digital Equipment Corporation as an intern and rose to senior technical analyst, a role in which he evaluated new and emerging technologies and provided direction for support services and implementations. Before cofounding Versatile, he was with Visibility, where he helped hundreds of manufacturing companies update their IT infrastructures as well as improve business operations and profitability.