Wi-Fi Networking


As enterprise Wi-Fi grows, so does the need to protect business networks from wireless intruders and shore up wireless security. Traditional firewalls enforce trust boundaries between wired subnets, but Wi-Fi has a nasty habit of circumventing those established perimeters. Many network operators wage a daily foot war against rogue access points (APs), while engineers struggle to regain control over Wi-Fi access. A Wi-Fi firewall can help you tackle these challenges more efficiently and effectively.

Why deploy a Wi-Fi firewall appliance?

The label “Wi-Fi firewall” has been applied to various appliances, including wireless-capable SOHO firewalls (e.g., SonicWALL, WatchGuard) and wireless network gateways (e.g., BlueSocket, Vernier, Cranite). In this article, we use “Wi-Fi firewall” to describe servers that monitor and filter Wi-Fi traffic, blocking unauthorized 802.11 usage and attacks while still in the air.

Commonly known as wireless intrusion prevention systems (WIPS), these appliances provide full-time security policy enforcement throughout your entire wireless LAN (WLAN). Instead of requiring someone to periodically check every floor of every building to find rogue APs, a Wi-Fi firewall continuously watches for rogue traffic, automatically disconnecting any new AP. Instead of depending on employees to use Wi-Fi safely, a Wi-Fi firewall can disrupt non-compliant sessions to prevent confidential data disclosure.

Adding a Wi-Fi firewall to your network

Deploying a Wi-Fi firewall involves installing a central server in your NOC and positioning remote sensors throughout the offices (“air space”) to be monitored. Sensor network planning is essential to avoid coverage holes in locations like stairwells where intruders might lurk unobserved. Most appliances use overlay networks of dedicated sensors. Some can also use regular APs that watch for rogues in their spare time. Dedicated sensors have better observation and prevention capabilities, but require more up-front investment to purchase, mount, power, and cable. Sensors that support Power over Ethernet and/or daisy-chaining can reduce that cost. Communication between remote sensors and the central server usually requires modest bandwidth, but a large remote office with limited WAN access may deserve its own server.



Cyberoam Unified Threat Management appliances offer assured security, connectivity and productivity to Small Office-Home Office (SOHO) and Remote Office-Branch Office (ROBO) users by allowing user identity-based policy controls.
CR200i_leftCyberoam’s User Layer 8 Technology treats user-identity as the 8th Layer or the HUMAN layer in the protocol stack. It attaches user identity to security, taking organizations a step ahead of conventional solutions that bind security to IP-addresses. This adds speed to an organization’s security by offering instant visibility into the source of attacks by username rather than IP address – allowing immediate remediation to restore security or allowing proactive security. Layer 8 technology functions along with each of Cyberoam security features to allow creation of identity-based security policies. Cyberoam’s future-ready Extensible Security Architecture (ESA) offers an extensible platform that can grow with the future security needs of an organization without degrading system performance. ESA supports feature enhancements that can be developed rapidly and deployed with minimum efforts.