隨著無線區域網路逐漸普及,近年來已有不少企業認真考慮將無線區域網路架構在企業內部網路使用。但無線區域網路先天的安全性弱點,卻也成為企業評估時的疑慮。由於新一代的無線區域網路的安全標準(如:802.11i)仍在制定中,迫使網路設備供應商得運用各種安全技術推出不同的解決方案,這也常使企業在規劃時無所適從,成為建置導入時的障礙。此外目前的安全機制多以單一據點的企業網路做考量,但實際上有許多的企業是採用遠距多點的企業網路架構,市面上卻很少針對遠距多點網路拓樸提出適當的解決方案。為解決此問題,本研究針對在於遠距多點之企業網路環境下,以現有的網路安全機制與技術,依網路拓樸和網路通訊層次,提出設計企業內遠距多點無線區域網路之安全架構,並考量各項構面,分析優缺點。此外,我們也提出一套選擇無線區域網路安全架構的決策工具,並以三個案例來說明如何使用此工具,使企業能在考量各項不同需求構面強度及現有網路環境規模後,提供無線區域網路安全架構建議,以協助規劃者能正確選擇企業適用的安全架構決策。 With the popularity of wireless networking, more and more enterprises intend to integrate wireless LAN with the Intranet. However, as the wireless LAN is weak in security, it becomes the misgivings when the enterprises try to assess it. Since the new standard of the wireless LAN, such as 802.11i is still under development, the suppliers of networking equipment provide different solutions with different security technologies. This situation makes enterprises have no standard to follow and thus becomes an obstacle of build-in into wireless LAN. On the other hand, Although most current securities focus on the single enterprise networking, some enterprises use the architecture of the multi-site in reality. With respect the WLAN security, there are not too many solutions for the topology of the multi-site. To solve this problem, in thesis we focuses on WLAN security problem of multi-site enterprise networking. We propose various security architectures of the wireless LAN for the enterprise Intranet by using the current securities and technologies with networking topology and networking communication arrangements. We also analysis the advantages and disadvantages of multi-site from different sides. Furthermore, we provide a tool to select the security architecture of wireless LAN and explain by three realistic cases. The tool also can provide the suggestion of the security architecture of wireless LAN and help networking planers making the applicable security decisions.
