With Kevin Walsh, director of product management, Funk Software.The move toward WLAN implementation has resulted in the need for adjustments —some subtle, some overt — to ongoing plans and installations. IT managers and planners must keep up to date with how new protocols impact existing technologies and, by extension, the ways in which they should be deployed.
This interview originally appeared in the IT Business Edge weekly report on empowering a Mobile Workforce. To see a complete listing of IT Business Edge weekly reports or sign up for this free technology intelligence agent, visit www.itbusinessedge.com.
By Carl Weinschenk
Question: What are some of the issues when you are determining whether to roll out 802.11a, b, or g?
Walsh: There is some RF stuff in there you really need to understand. There are a lot of things that need to be looked at for your organization. If you are a “green pasture” with no “b” to deal with, it’s slightly easier for you. If you have “b,” you have to understand what happens when you use “g.” It degrades everyone. Since “a” is not really compatible, the question is, “Do I really want to roll that out?” It absolutely requires an expert.
Question: Once that’s decided, how do I consider what level of security to go with?
Walsh: You’ve got to figure that out as an end user. It’s hard. Funk uses “dynamic” WEP (Wired Equivalency Protocol) for our wireless network. WPA (Wi-Fi Protected Access) is available right here, right now. 802.11i is not yet ratified. The big question to ask: Does the solution I’m purchasing allow me to move forward as the standards get better? If the vendor doesn’t give me a good story on (the move from) WPA to 802.11i, we’ll find a vendor who will.
Question: Funk provides the authentication itself. Can you describe some of the issues there?
Walsh: I’ve got the infrastructure in place; I’ve got the baseline security decision made. What’s left is the final piece: How to authenticate users onto the network. When we describe 802.1x, we describe it as plumbing. The things that it’s designed to move are the EAP (Extensible Access Protocol) messages…EAP itself is designed to move things inside of it. EAP is not one thing; it’s a structure to allow vendors to come up with good security models. Vendors with good innovations to do authentication over a wireless connection are ourselves, Cisco, Microsoft, and some smaller players. The simple task is how to get users authenticated. You are really asking: Do you want to use PKI (Public Key Infrastructure)? Do you want to use user names and passwords? Do you want to continue to use tokens? Or do you want to use other form factors to authenticate users to the network?