What if the AP in your high school gym went missing? Or someone tampered with the AP in the back of your clothing store? Or a hacker paid a visit to his grandmother in her long term care facility and was able to access the building's Wi-Fi network?
Wi-Fi security is always a major concern to any organization deploying a wireless network. This concern is increasing given the fact that access points (APs) are being placed in increasingly diverse locations - retail stores, taxi cabs, patient rooms, and anywhere else mobile devices can be found. So while many wireless LAN vendors talk about the importance of assuring security while connected to a wireless LAN, when choosing a wireless solution it's important to remember physical security concerns.
Ask yourself: Is your data safe even if a hacker gets physical access to an enterprise access point?
In the past, many enterprise wireless LAN solution providers relied on their “thin AP” architectures as a way to assure secure storage of secret information like RADIUS keys, pre-shared keys, certificates, and other network credentials. The assumption was that because thin APs did not store anything locally and relied on Image may be NSFW.
Clik here to view.
the central controller to encrypt secure data, the APs could not be hacked to retrieve any sensitive information.
As the wireless LAN industry has evolved, and vendors have added features like local data forwarding, meshing, mutual authentication with controllers, and branch operation, these vendors have been forced to store keys and configuration information on the access points.
Architecture no longer dictates whether a vendor designed an access point to secure sensitive data. The belief that thin APs are architecturally more secure because keys are not stored locally is a dated one, and worse can give a false sense of security.
The ability to secure configuration, key, and credential information on an AP for any architecture is critical, and it is important to choose a wireless LAN vendor that makes device security and storage security a priority. This usually means that the access point must have some form of secure key storage in hardware, such as a TPM (Trust Platform Module).
A TPM chip is a microcontroller that stores keys, passwords, and digital certificates. The TPM chip resides on the motherboard of a device and provides random seed keys to encrypt stored data that can only be decrypted with the presentation of administrator credentials.
On Aerohive devices, the TPM chip securely encrypts network credentials and keys to protect the security of your network even if the access point is stolen or compromised. If a malicious user gains physical access to the Aerohive device and can interrupt the bootloader in an attempt to acquire the stored data, the entire configuration, network keys, user authentication information, and certificate data is securely encrypted and unusable without administrator credentials.
Aerohive's ability to offer secure wireless infrastructure is based on an end-to-end approach that has been built from the beginning rather than as an afterthought. Not only has Aerohive implemented a comprehensive set of features, both hardware and software, but Aerohive’s architecture also has been designed to take advantage of other security systems in place within an enterprise to ensure consistent security policy for users whether they are wired or connected wirelessly.
Through an end-to-end approach, Aerohive has delivered a comprehensive and market leading security solution to deliver a wireless network that is not only capable of securing wireless access but, is itself secure.
Image may be NSFW.
Clik here to view.
* picture credit Trusted Computing Group