Indeed, wireless LANs may prove to be less expensive to support than traditional networks for employees connecting with corporate resources in multiple office locations.
For the time being, though, wireless technology is likely to complement rather than replace wired connectivity (in enterprise environments and the like). Even today's new breed of buildings will continue to host wired LANs. Why? Economics. Wired networking remains the cheaper option for end users. Such networks also offer greater bandwidths – allowing for future applications beyond the capabilities of modern wireless systems.
Wireless security in the enterprise
Another reason for the relatively slow take-up of wireless LANs is the fear factor. Not of the technology itself, but the possible security breaches that may result. Rogue access points and unauthorised, poorly-secured networks increase the likelihood of a breach in security.
For a corporate Intranet or internal network to be properly configured to handle wireless traffic, access both to and from wireless access points and the Internet must be controlled by firewalls – with intrusion detection and response sensors put in place to monitor the traffic on each wireless segment.
Wireless access points also have dedicated IP (Internet Protocol) addresses for remote management via SNMP (Simple Network Management Protocol). The wireless clients themselves – usually laptops or desktops and hand-held devices – may also use SNMP agents to allow remote management. As a result, each of these devices should contain an intrusion protection sensor to ensure that it's properly configured. And, importantly, that these configurations have not been improperly altered in any way.
Known security risks: the problems
Although in time malicious attacks against wireless technologies will increase in number and sophistication, most of the current 802.11b (the standard governing such networks) risks fall into seven basic categories – namely insertion attacks, the interception and unauthorised monitoring of wireless traffic, jamming, client-to-client attacks, brute force attacks against access point passwords, encryption attacks and misconfigurations.
Insertion attacks are based on deploying unauthorised devices or creating new wireless networks without going through security process and review procedures. For example, access points on a network can be configured such that the end user needs a password to enter. If there is no password, an intruder may connect to the internal network simply by enabling a wireless client to communicate with the access point.
As is the case with wired networks, it's possible to intercept and monitor network traffic across a wireless LAN. The attacker needs to be within range of an access point (approximately 90 metres for 802.11b) such that the attack will work. A wired attack would need the placement of a monitoring agent on a compromised system. All a wireless attacker needs is access to the network data stream.
For a corporate Intranet or internal network to be properly configured to handle wireless traffic, access both to and from wireless access points and the Internet must be controlled by firewalls. Intrusion detection should also be put in place to monitor
Denial of service-style attacks are also easily applied to wireless networks, whereby legitimate traffic cannot reach clients or the access point because illegitimate data traffic overwhelms the frequencies. An attacker with the proper equipment could easily flood the 2.4 GHz frequency, corrupting the signal until the wireless network ceases to function.
With client-to-client attacks, two wireless clients may talk directly to eachother, thus bypassing the access point. Security managers need to defend clients not just against an external threat, but also against eachother.
Many network access points 'ship in' an unsecured configuration to emphasise ease of use and rapid deployment. Unless the security/IT manager fully understands the wireless security risks and properly configures each unit prior to deployment, these access points will remain at risk from attack or misuse.
The wireless management solutions
Process and technology are often confused, never more so than with wireless information security management. In truth, the self-same business processes that establish strong risk management practices for physical assets and wired networks will remain valid for protecting your company's wireless resources.
Your first course of action should be to draw up a wireless security policy complete with full architecture design. Determine what is – and what should not be – allowed with your wireless technology. Access points should also be identified and evaluated on a regular basis to determine whether or not they should be 'quarantined' as mistrusted devices prior to wireless clients gaining access to any internal networks. Firewalls, virtual private networks (VPNs), intrusion detection systems and authentication between access point and Intranets or the Internet must come into play.
IT security managers should regularly search outwards from a wired network to identify unknown access points. Detection via banner strings on access points with web interfaces is always possible.
Wireless network searches might also identify unauthorised access points by setting up a 2.4 GHz monitoring agent that searches for 802.11b packets in the air. These packets may contain IP addresses identifying which network they're on, and indicating that rogue access points are operating in the area.
Regular security audits and penetration assessments quickly identify poorly-configured access points, default or easily-guessed passwords and community words, as well as the presence or absence of encryption.
Source
SMT
Postscript
Kenneth de Spiegeleire is security assessment services manager at Internet Security Systems (UK)