2. Wireless access control appliances. Because Web-based authentication is easy to deploy, it is becoming more pervasive. One solution to use Web-based authentication with wireless LANs is called an access control appliance, a firewall-like device that sits between the wireless access point and the rest of the network. These appliances force wireless users to authenticate at the application level (typically from their Web browsers over HTTPS) before receiving access to the rest of the network. In this setup, anybody can connect to the wireless access point without authentication, but users must authenticate in order to get beyond the local subnet to organizations' trusted networks. Interoperability with strong authentication systems is often accomplished using the RADIUS protocol.
3. Virtual private networks. VPNs are traditionally used to link internal networks across an insecure network, or for remote access. More and more organizations are using VPNs to wireless LAN connections by connecting the wireless client to an internal network via the VPN gateway through an encrypted tunnel. This ensures the authenticity and secrecy of the information as it is passes across insecure networks. To securely authenticate VPN users (whether wireless or not), strong authentication can be added (often using the common RADIUS protocol) to provide a high level of security recommended by experts.
The device experience: embedded in the BIOS
Some organizations prefer an extra layer of security: allowing authorized users only to access protected information from certain computers or workstations. While some authentication systems can recognize and authenticate IP addresses, there is now another way to identify devices. Many BIOS chips can utilize security software that embed security information directly on the BIOS. This information, similar to digital certificates, is recognized by some authentication systems, and ensures that users must access protected networks only from their assigned laptops or other BIOS-based devices.
The bottom line
Creating a secure tunnel for wireless access is a vital element of corporate security, but can be easily undermined by weak user passwords. Without strong authentication, attackers can often access back-end information just as easily as your authorized users.