Enterprise wireless network security has become more critical than ever due to the growing emergence of telework, Internet of Things (IoT) and new generations of Wi-Fi. It’s important that enterprises know how to craft a viable wireless security architecture to safeguard their network and data from cyberattacks.
Author and security researcher Jennifer Minella supplied a roadmap that networking and security teams can follow in her book, Wireless Security Architecture: Designing and Maintaining Secure Wireless for Enterprise, TechTarget reports. In the book, Minella discusses wireless network security techniques, processes and products and then explains how to design an architecture. Minella also explains the parts and processes that teams need to build their wireless network.
The author also dedicates a chapter to showing how an enterprise can design the optimal wireless security architecture, TechTarget reports.
“What I’ve noticed over the years is that most networking professionals within an organization tend to wing it when it comes to planning,” Minella wrote in the chapter’s introduction, “often bypassing any formal scoping and documentation and skipping to configuring products.”
The chapter of note breaks Minella’s architecture design methodology into five phases — Define, Characterize, Design, Optimize and Validate.
Wireless Security Architecture Phase 1: Define
During this initial phase, Minella says enterprises should identify project requirements, elements of scoped environment and scope limits. This is also the time when the architect should be doing things such as identifying team and project roles, discovering various wired and wireless network infrastructure components and identifying apps that are to be supported over the wireless network.
Wireless Security Architecture Phase 2: Characterize
This next step is where the network architect “captures both qualitative and quantitative security characteristics mapped to the individual classes of networked elements such as endpoints, applications, and users,” Minella wrote. These characteristics are used for functional mapping in the design phase.
The characterize phase addresses the discrete elements for requirements mapping. In this phase the architect captures both qualitative and quantitative security characteristics mapped to the individual classes of networked elements such as endpoints, applications and users. Those characteristics are then used for functional mapping in the design phase. The characterize phase is also when the architect can select the elements that require specific security controls to meet business goals or compliance requirements.
Wireless Security Architecture Phase 3: Design
Perhaps the most involved of the five wireless security architecture phases, design takes the previous discover inputs and performs, “functional mapping for requisite security controls and mapping. The architect should also document conditions, variables and any known or anticipated design gaps at this time, according to Minella.
The architect should also evaluate the existing architecture and tools to see if they can meet the project objectives. It’s also at this stage when vendors, products and configuration options are identified in order to meet the security and connectivity objectives.
Wireless Security Architecture Phase 4: Optimize
The optimize phase is when the architecture design is refined to boost its performance and security. It’s impossible to just “set-and-forget” wireless networks anymore due constant security threats and industry standards shifting faster than ever. To keep pace, architects must continuously look for changes in security protocol standards and put architecture enhancements in place. They must also evaluate new vendor product features for extra security benefits and keep internal standards up to date.
Wireless Security Architecture Phase 5: Validate
In this final phase, the architect will verify the design’s capabilities and expect outcomes against the initial scoped requirements from the prior define and characterize phases. The architect should also be in constant communication with other teams and ask for stakeholder feedback to ensure the scope hasn’t changed and that their expectations have been met.
Once deployed, the validate phase will comprise system testing and validation, including security assessments and penetration testing.
“The five phases facilitate the collection and organization of the data for planning in the form of inputs and outputs,” Minella wrote. “Inputs being data consumed and factored in planning, and outputs being the actionable requirements for the infrastructure design.”
Note: TechTarget published the Wireless Security Architecture excerpt with permission from book publisher Wiley.