Wireless and wired security: one and the same

In today's competitive economy, we need the power to do business anywhere, anytime. As such, wireless networks are taking over the enterprise. The flexibility and low cost, plus the ability to increase staff productivity, has resulted in a tremendous uptake of WLANs and Wi-Fi. Additionally, the more recent arrival of Wi-Max and 3G has taken 'true mobility' outside the enterprise, allowing staff to access critical back-end applications while on the road.

As more enterprises tap into wireless networks, the challenge of security increases. Wireless infrastructures face the same risks as their wired counterparts, with the added issue of securing data that travels the airwaves.

Some enterprises believe they don't have to concern themselves with wireless security if they don't run sensitive information on their networks. This can be a costly mistake. Since most wireless networks connect back to a wired network at some point, unsecured devices can expose the internal infrastructure and allow hackers to compromise an organisation's corporate backbone.

So, what are the most significant threats to wireless networks, and how should you deal with them?

Wireless is a shared medium that allows anyone in proximity to "sniff" the traffic, which means the 'rogue device' is the most serious threat to enterprise security. A single rogue access point can give attackers full access to the internal network. Regardless of the information transmitted over your wireless infrastructure, it's imperative to have a solution that analyses traffic and automatically disables any rogue device. Accuracy is critical, so that neighboring wireless devices aren't classified as rogue and your organisation isn't exposed to unwanted liability.

Another risk lies in the misguided belief that virtual private networks (VPNs) provide sufficient levels of security. One of the more sophisticated wireless threats is the 'man-in-the-middle' attack, where hackers break VPN connections between authorised user stations (for example, a laptop or PDA) and access points. An experienced hacker is able to bump a user off an access point, causing the victim to search for a new point of connection. The hacker converts the user station into a 'soft' access point, which the user unwittingly reconnects to. Now the hacker, with a different wireless interface, can connect to the wireless LAN. The victim is oblivious to this, and passes all data through the hacker.

This is possible because VPNs establish their connection at Layer 3 in the OSI model, while wireless communications exist below the VPN, at Layer 1 and Layer 2.

Only a highly capable Intrusion Detection System (IDS) and 24-hour monitoring can detect these types of attacks. Since this threat is not based on a single signature, it can only be identified by a wireless IDS that can sufficiently correlate and analyse data.

Additionally, misconfigured access points can act as a bridge to the wired network, sending multicast, wired data and credentials into the air, where intruders and hackers on the wireless side of the network can intercept them.

This is merely an overview of the threats inherent to wireless networks, but it indicates how complex wireless management can be. The only way for organisations to truly fortify their wireless networks is to take a "layered" approach to security, which mirrors that of wired networks:

1. Locking down the WLAN's perimeter (both access points and wireless-enabled stations)
2. Securing communication across all wireless networks (authentication, encryption and VPNs)
3. 24/7 real-time monitoring of network traffic

Ideally, organisations should implement a solution that monitors both wired and wireless networks for a real-time view of traffic across the entire infrastructure so that network administrators can quickly troubleshoot problems. Like a video camera that monitors all activity in a secure building, 24 hours a day, a critical layer of continuous wireless monitoring is essential to identify rogue devices, detect intruders, terminate and locate unauthorised connections, and enforce security policies.

It is estimated that there are tens of millions of new Wi-Fi devices shipped each year, which means the number of points for a potential breach is constantly increasing. The implications of such transient networks aren't only restricted to the network edge, but can directly affect the wired backbone of the enterprise. No business should ignore the risk of a security breach that can impact reputation, intellectual property and regulated information.

Ronald van Kleunen is principal solutions consultant of wireless security, Asia Pacific, Motorola AirDefense Security Solutions, Enterprise Mobility Business.