Overview
Advantages
Applications
Entire Enterprise Rollout
Guest Access
Migration to 802.11n
Migration from Legacy Autonomous APs
Mission-Critical Networking
Secure Enterprise WiFi
Voice over Wireless LAN
Case Studies

Solutions > Applications > Secure Enterprise WiFi

Secure Enterprise WiFi

Poor security was one of the key objections to the use of early generations of wireless LAN products. The security flaws in the early standards are well documented and any security concerns with these early systems were well founded. Initial secure implementations of these systems required the complete isolation of the wireless LAN network using firewalls and an additional requirement of wireless LAN clients to terminate on a VPN gateway (SSL or IPSec) prior to being allowed to traverse the firewall to the enterprise network. Many of the first controller based systems modeled themselves on this wireless LAN security isolation model as a simple way of overcoming corporate security issues, especially when providing guest access.

Fortunately, the industry has done a great deal of work to remedy these previous flaws in the standards. As a result, we have seen the emergence of the WiFi Alliance WiFi Protected Access-2 (WPA2) specifications standardized in the IEEE 802.11i. WPA2 using EAP-TLS, Protected EAP (PEAP) or EAP-TTLS for authentication and AES for airlink encryption has become almost mandatory in the enterprise for any new wireless LAN deployments. Guest or public access (where allowed) should still be placed on an untrusted VLAN or tunneled to a DMZ outside the firewall.

Aerohive Networks cooperative control architecture and the HiveAPs support a wide array of access and security functions including 802.11i (WPA2), wireless IDS, 802.1X authentication, rogue AP detection, guest access control, and it integrates with 3rd party solutions, such as Microsoft NAP and TNC based systems to enforce endpoint compliance checking.

An integrated firewall in every HiveAP ensures immediate response to potential security issues, with a multi-leveled response mechanism able to log, block, disassociate, or disassociate and ban based on certain attacks. In addition, in-line layer 2 through layer 4 denial-of-service (DoS) protection is able to ensure that wireless clients are not able to consume too much wireless bandwidth or overload buffers, helping to prevent denial of service. This is achieved by leveraging the sophisticated edge-based quality-of-service (QoS) capabilities to rate limit or deny any offending clients.

Return to Solutions Applications >>

Aerohive Solutions Brochure
The Economics of Cooperative Control
Cooperative Control Architecture Whitepaper
Home    Solutions    Products    Resources    Support    Partners    Company    How to Buy    Contact