Wireless staging area protects nets

Setting up “guest” wireless data access so office visitors can search the Web from their laptops isn’t just a question of courtesy, it’s a matter of security – a way to protect the enterprise even from people who don’t exactly count as outsiders – according to IT industry experts.

By building a separate virtual local area network (VLAN) on the company’s wireless network, IT managers can not only provide outsiders a way to access the Web without opening the host firm’s whole corporate network to visitor scrutiny, but also offer employees a sort of staging area for security checks before they access the business’s prime communication nexus.

It’s a scenario that IT security specialists offer as a potential safe set-up for wireless networks. Paul Congdon, chief technology officer at Hewlett-Packard Co.’s network tech arm ProCurve Networking Business, and Ajay Sharma, a computer security specialist at IT consultancy Capgemini Canada Inc., expanded on this idea while speaking at a recent CIO Canada “Frankly Speaking” breakfast event on wireless security.

Employees would see something like a “guest” page on their computer screens before being allowed access to the internal network, if such access is to be allowed at all. At this page, software would check the user’s computer for patches, security programs and other elements deemed necessary for internal network access, according to the enterprise’s IT security policy.

Congdon said the VLAN strategy addresses a prime concern about efficiency. “What you don’t want to do is increase your help desk calls,” he told the audience of IT executives. He explained that the update stage, where improperly armed users download prescribed software for network access, keeps employees from calling the help desk for harried how-to tips on PC maintenance.

Sharma added, “It’s a way of stopping [people] right at the door.” Intruders can’t get in, guests get limited access and employees get an automated opportunity to boost their boxes’ health, and a path to the company’s network.