Wireless and wired security: one and the same

In today's competitive economy, we need the power to do business anywhere, anytime. As such, wireless networks are taking over the enterprise. The flexibility and low cost, plus the ability to increase staff productivity, has resulted in a tremendous uptake of WLANs and Wi-Fi. Additionally, the more recent arrival of Wi-Max and 3G has taken 'true mobility' outside the enterprise, allowing staff to access critical back-end applications while on the road.

As more enterprises tap into wireless networks, the challenge of security increases. Wireless infrastructures face the same risks as their wired counterparts, with the added issue of securing data that travels the airwaves.

Some enterprises believe they don't have to concern themselves with wireless security if they don't run sensitive information on their networks. This can be a costly mistake. Since most wireless networks connect back to a wired network at some point, unsecured devices can expose the internal infrastructure and allow hackers to compromise an organisation's corporate backbone.

So, what are the most significant threats to wireless networks, and how should you deal with them?

Wireless is a shared medium that allows anyone in proximity to "sniff" the traffic, which means the 'rogue device' is the most serious threat to enterprise security. A single rogue access point can give attackers full access to the internal network. Regardless of the information transmitted over your wireless infrastructure, it's imperative to have a solution that analyses traffic and automatically disables any rogue device. Accuracy is critical, so that neighboring wireless devices aren't classified as rogue and your organisation isn't exposed to unwanted liability.

Another risk lies in the misguided belief that virtual private networks (VPNs) provide sufficient levels of security. One of the more sophisticated wireless threats is the 'man-in-the-middle' attack, where hackers break VPN connections between authorised user stations (for example, a laptop or PDA) and access points. An experienced hacker is able to bump a user off an access point, causing the victim to search for a new point of connection. The hacker converts the user station into a 'soft' access point, which the user unwittingly reconnects to. Now the hacker, with a different wireless interface, can connect to the wireless LAN. The victim is oblivious to this, and passes all data through the hacker.

This is possible because VPNs establish their connection at Layer 3 in the OSI model, while wireless communications exist below the VPN, at Layer 1 and Layer 2.

Only a highly capable Intrusion Detection System (IDS) and 24-hour monitoring can detect these types of attacks. Since this threat is not based on a single signature, it can only be identified by a wireless IDS that can sufficiently correlate and analyse data.