Shore Up Your Customers' WLANs

In spite of all the bad press it has received, WEP (wired equivalent privacy) is still the security standard of choice for many companies. If you sell wireless solutions — to SMB or enterprise clients — you should know that protecting your clients' WLANs (wireless LANs) with WEP is akin to trying to reason with an angry rottweiler. Sooner or later, your customers are going to feel the bite of viruses and other malware on their networks. Or worse, someone is going to steal their data via their WLANs.

VARs need to protect their customers with the latest wireless security solutions, which includes data encryption such as WPA2 and UTM (unified threat management solutions). Secure WLANs will not only lead to higher customer satisfaction ratings, but they can also lead to recurring revenue opportunities for VARs.

Education, Demonstrations Are First Steps Toward WLAN Security Sales
The primary objections VARs face when trying to sell wireless security solutions result from customers' lack of awareness. "Conducting a brief Q&A with customers is a good way to find out what they know," says Mary Hwang, product manager, secure wireless product line, at networking vendor SonicWALL. "End users who claim to have a ‘no wireless policy' or say they're using ‘WEP with 128-bit encryption' are prime candidates for education."

Sometimes, education can be as simple as providing clients with research. For example, Bill Arbaugh, assistant professor of the Computer Science Department at the University of Maryland, documented how he was able to intercept a 40-bit WEP key within 15 minutes. According to Arbaugh, intercepting a 128-bit key wouldn't take much longer. This is just one example of myriad documented WEP exploits. Customers with "no wireless" policies aren't better protected, considering it takes less than 15 minutes for an employee to plug in a wireless AP (access point) and router. Your customers need to be educated about the security holes in WEP. And, if they aren't using wireless technology, they need more than a written policy to keep employees from creating their own WLANs.

Some customers need more than information to upgrade their wireless networks. "The best way to educate these customers is to show them how easy it is for someone to snoop on their internal communications if they don't have their wireless LAN properly secured," says Shawn Rogers, wireless product manager at networking vendor ZyXEL Communications. By equipping a wirelessly enabled laptop with snooper software such as AirSnort, VARs can demonstrate how unauthorized users detect APs and attempt to access a wireless network.

WPA2 Security Brings Upsell Opportunities
In the fall of 2004, the Wi-Fi Alliance, an organization formed to test and certify wireless hardware and software products, announced the first products to pass the IEEE's (Institute of Electrical and Electronic Engineers) 802.11i security standard. The 802.11i standard defines WPA2, WEP's replacement. WPA2 addresses all WEP vulnerability problems such as static encryption keys and mutual device and client authentication. Also, it supports more advanced authentication technologies such as 802.1x, EAP (extensible authentication protocol), and RADIUS (remote authentication dial-in user service).

"WPA2 security upgrades require much more than installing APs and flipping a switch," says Kevin Allan, director of product marketing and management at network security vendor NETGEAR. "This gives VARs the opportunity for new sales and upsell opportunities." For example, not all legacy wireless devices and APs are WPA2-compliant and will have to be replaced. Also, WPA2 security requires installing an authentication server such as a RADIUS server.

Wireless security upgrades create upsell opportunities for VARs, also. For example, following a WLAN security assessment, a VAR could present customers with additional wireless security aids such as dynamic RF (radio frequency) management solutions. These solutions can run on a central server or be programmed on individual APs to automatically adjust an AP's signal strength to transmit only a certain distance. "These solutions help reduce the chances of someone picking up a company's network signal outside the building," says Allan.

Take A Multifaceted Approach To WLAN Security
VARs should keep in mind that networks are attacked in various ways, and securing a network entails more than using the latest wireless encryption and authentication hardware and software. In fact, when it comes to wireless network security, the most immediate threat companies face comes from authorized users' mobile devices. "Mobile computers are often used with multiple wireless networks, including guest networks and public Wi-Fi spots," says Hwang. "Such devices can return with all kinds of adware, spyware, and virus problems." In its August 2005 State of Spyware Report, analyst group Webroot stated the number of sites distributing spyware quadrupled since the beginning of 2005 to more than 300,000 unique Web addresses. It's important for VARs to take a total solutions approach to security — covering both wired and wireless security.

UTM solutions are one way VARs can provide customers with more complete network security. "UTM appliances combine antivirus, intrusion prevention systems [IPSs], spam blocking, and content filtering with firewall and VPN [virtual private network]," says Rogers. UTM devices provide perimeter security and reduce the customers' cost of ownership by providing subscription services to multiple security services from a single vendor. "UTM sales typically yield 20% profit margins, plus they are a great way for VARs to keep in touch with customers and offer additional services," says Allan. "For example, a VAR can call its customers to remind them to renew their security subscriptions and to discuss a new wireless hardware or software solution."

Currently, the cost for a UTM solution with a one-year subscription is between $3,000 and $5,000. But, according to Allan, the cost is expected to drop to the $1,000 to $1,500 range within the next 18 months. To avoid becoming a commodity sell, VARs should distinguish themselves by complementing wireless security solutions with security services such as site surveys and network vulnerability testing.