Is a strong inner layer of defense needed for robust wireless security?
When talking about wired security, enterprise IT administrators talk about multiple layers of defense such as internet firewalls, VPNs, admission control, email filtering, content filtering, web application scanning and many others. It is like a hacker has to peel multiple layers of an onion before getting to the core. Each layer of security is independent and is preferably sourced from different vendors. Each layer compounds the amount of work that a hacker has to perform to get in.
When considering the security of a wireless network, the same enterprise IT administrators are content with the basic security mechanisms integrated into the wireless LAN infrastructure by vendors such as Cisco Systems and Aruba Networks. IT departments have a hard time understanding why an inner layer of defense for wireless network security is needed in the form of an advanced wireless intrusion prevention system (WIPS). The wireless network security posture of an organization is the weakest when the security integrated into wireless LAN infrastructure is the only layer protecting the core network. Without an inner WIPS layer, the core network is open to rogue APs, unauthorized client connections, ad-hoc networks, MAC spoofing and many other attacks that the wireless LAN infrastructure security cannot protect against.
