Wireless LANs provide an extension of, or alternative to, a typical wired LAN, allowing for the transmission of data over the air without wires, thus creating a more mobile workforce.
The problem, however, is that many companies fail to look before they leap. As wireless technology is still in its infancy, holes are frequently discovered, making wireless extremely vulnerable to security breaches. Tending to focus more on wireless technology's affordability and convenience, many organizations frequently overlook the security risks inherent in wireless.
By deploying wireless technology without understanding the associated risks, companies are inviting unauthorized access to internal networks and computer systems, and the compromise of confidential information. The risks associated with wireless technology are serious, but should not deter companies from using wireless LANs. Rather, companies should implement wireless technology after doing proper due diligence and taking the appropriate steps to mitigate potential security risks.
Tips for implementing a secure wireless infrastructure:
1. Understand the technology and how you intend to use it.
Wireless technology can enable more efficient use of mobile workforces and provides an inexpensive alternative to wiring complete offices. But, knowing the intended usage of the wireless technology will better prepare you to address the associated security risks. WLANS can serve a variety of purposes, depending on the desired network configuration and usage.
- WLANs can be set up as an extension of your wired LAN to provide mobile access to corporate data from anywhere inside the office. Employees can take laptops to conference rooms for presentations and share information during training sessions or meetings - all without the need of wired workstations.
- WLANs can also be set up as an independent network, where a select group of computers are connected in order to exchange information. This configuration is typically used on a temporary or project basis, and usually does not provide connectivity to the main network infrastructure. Teams of users can share information among themselves for projects that do not require connectivity to the main network, such as team meetings and seasonal work, like taxes or holiday projects.
2. Acknowledge the inherent risks involved with wireless networks.
The ease of use and accessibility of confidential information is not limited to just you and your users. Hackers are able to position themselves up to hundreds of yards away and tap into an unsecured wireless network with little effort. Utilizing automated hacking, known in hacker communities as "war driving" or "walk-about" hacking, hackers can steal information while in other offices and even areas outside the building. On an unsecured wireless network, your information is as secure as if you were sending it through the mail written on a postcard.
Additionally, these risks are not limited to your wireless network. If your wireless network is connected to your wired LAN, your internal data can be compromised as well. Once a hacker has gained access to a wireless access point, they have access to everything connected to that device. Understanding the risks associated with your specific wireless configuration is essential to securing your entire network environment.
3. Don't rely on just one security measure.
Hackers can gain access utilizing a variety of techniques. Therefore, you must employ appropriate precautions to protect your network against a myriad of threats. Examples of risk mitigation include, but are not limited to, MAC layer filtering at the access point, lowering or blocking signal strength to limit the distance that the signal travels, decreasing the likelihood of someone outside the office gaining access to your network; and setting up multi-layered authorization codes and using encryption software to help deter would-be hackers looking for an easy score. Finally, because you can't stop every threat, employing a wireless intrusion detection system (WIDS) will help you monitor traffic, allowing you to assess specific threats and handle them accordingly.
4. Set up specific security procedures and protocols.
If you have specific corporate security policies and procedures for your internal network, those should be expanded to include the use and deployment of wireless devices. If corporate security procedures do not exist, it is paramount that protocols are put in place. Having a dedicated procedure and a set schedule for security upgrades ensures that your network security will meet the challenges of the ever-growing list of potential threats. Additionally, considering hiring a security expert, whether internal or external, to monitor your network. This dedicated attention to your network will allow you greater control and provides you with a central point of contact for future security upgrades and intrusion detection. Having dedicated security measures and personnel in place is a good first step in securing your wireless infrastructure.
5. Do your homework.
Though wireless networks serve a variety of purposes, one thing remains constant - security risks. As wireless technology grows, so do the threats being made against it. Because threats can be made only while the wireless network is up and running, those networks that are used for extended periods of time are far more vulnerable to large and extended attacks, than those that are turned on mainly for transporting information over the short-run. By treating your wireless network solely as a means of transporting information and taking additional security precautions to protect the information that traverses the wireless link, you will ensure a more secure and positive working environment for you, your customers, and your users.
The good news is that companies do not have to go this alone. While hackers communicate with one another to trade information and hacking secrets, you can have someone working on your side simultaneously. There are several organizations offering a variety of security programs, hardware and software, as well as consulting services to make your wireless network a secure place to do business. The more knowledge you have before embarking on a wireless strategy, the more confident you can be in the security of your wireless network, and your ability to assess potential security risks and deal with them accordingly.
Chris O'Ferrell is the chief technology officer for NETSEC (www.netsec.com), a leading provider of managed security services for Fortune 1000 commercial organizations and federal government agencies.