 |
 |
 |
 |
 |
 |
Leading Edge Trend - Wireless LAN’s
by Eric Smith
They're on everybody's mind and omnipresent in trade journals around the world. You can find public access Wireless LANs (WLANs) in corporate anterooms, airports, conference centers, hotels, and even while sipping a double espresso at Starbuck's. Combining the mobility benefits of a cell phone and having near-Ethernet speeds, WLANs would seem to be a nirvana for institutions seeking to avoid cabling costs or those with a highly mobile workforce. Costs for wireless access points have plummeted in the past year, as have the costs for the wireless cards themselves. It's now possible to deploy a rather large-scale WLAN at costs lower than a traditional wired LAN. WLANs are hot, but they're not without drawbacks.
Security Concerns
Ask any IT professional what their primary concerns are over WLANs and security will undoubtedly be among the top three listed, if not the most important single concern. What are the issues? Quite simply, WLANs dispense with the single most effective security measure your wired LAN has: walls. WLANs broadcast signals through walls and windows almost as easily as they do air, and in some cases even more effectively. An IT administrator can take significant steps to lock down workstation and servers to prevent unauthorized activities, but WLANs have the potential to allow anonymous intruders to sit in the parking lot of your headquarters and browse your LAN at will. By running a passive traffic sniffer, such an intruder could capture any and all data flowing over the WLAN, then take it home for more thorough dissection. Passwords, client lists, financial reports, confidential e-mails – virtually all of this is transmitted daily across your LAN, unencrypted and wide open to analysis. Wireless sniffer programs such as NetStumbler and Kismet are simple to use and freely available for download from the Internet. The programs automatically seek out and identify any WLAN within range and assist in breaking through security.
Another common security concern is “drive by spamming.” This type of attacker can seek out your open wireless access points and hijack your company's bandwidth to send millions of spam e-mails across the globe, a tremendous technical and legal liability. Others use compromised networks to launch Distributed Denial of Service (DDoS) attacks against other companies, making it look like your company is the one doing the attacking.
Most WLANs come standard with a built-in encryption called Wireless Encryption Protocol (WEP). Almost a decade ago when WEP was under development it was considered secure, but with today’s advancing technology and hackers, it’s no longer enough. Researchers have repeatedly demonstrated that WEP can be broken using statistical analysis on just a few thousand wireless packets. Someone passively monitoring a busy WLAN can glean such traffic in less than a minute. The calculations on these packets can take less than an hour to derive your WEP key, and after that your network might as well be unencrypted. Experts have been working on standards for over a year that would allow a successor to WEP to be harder to break, but no release date has been set.
WLANs can also be a security problem even if your company hasn't officially deployed one. With the dramatic price drops on wireless equipment, employees are purchasing access points and wireless cards on their own and attaching them to the corporate wired LAN, all without the knowledge or approval of the IT staff. Even with vigilant monitoring of the wired LAN, it is impossible to prevent these "rogue access points" from being attached. Employees could unknowingly be providing a completely unsecured free-for-all access point for any attacker who wanders by with a wireless sniffer.
Of course, on the positive side, knowing and understanding a threat is the first step towards defeating it, and in the case of WLANs, the security community has a wealth of knowledge on how attackers can take advantage of them. In addition, a significant fraction of the Fortune 500 community uses WLANs on a daily basis and remains secure while doing so.
Preparing for a successful WLAN
The primary disadvantage of WLANs is uncontrolled leakage of a signal from an otherwise-secure building. However, of all the wireless caveats, this one is the easiest to control and plan for. The signal transmission, reflection, refraction and scattering properties of your building can be modeled with a good degree of accuracy, and can be made even more accurate by onsite surveys. By carefully placing antennas and access points, as well as controlling signal strength, it's possible to create areas of good coverage internally while restricting access in areas outside your control. Design firms specializing in deployment of WLANs can create simulations depicting varying areas of signal coverage, keeping your coverage where you need it and restricting it where you don't. An attacker that can't find your access point can't mount an effective attack.
Restricting signal propagation can be the first layer in securing a WLAN, but like any good security system a multilayered approach is best. WLAN's can be further secured by implementation of a Virtual Private Network (VPN) gateway between the WLAN and the wired LAN. Attackers and legitimate users alike could attach to the WLAN, but only authenticated users would be able to pass traffic through the gateway. Further, authenticated users would enjoy the benefits of an encrypted tunnel through the WLAN. Encrypted tunnels, like SSL and IPSEC, make use of far stronger encryption than WEP and are considered to be practically unbreakable in most circumstances. In many respects, deployment of a VPN on your WLAN mirrors the security measures taken to protect a traditional wired LAN VPN gateway from the Internet. A knowledgeable security design firm would be able to assist in the design and deployment of such a system.
It's even possible to beat intruders at their own game by monitoring them. A small but growing number of solutions are available today that passively monitor your WLAN, looking for unauthorized activities and rogue stations to pop up. Since these systems are completely passive in nature, attackers have no way of knowing they're being tracked. Products are even in the works that would allow you to triangulate the position of an attacker, perhaps even identifying them with Global Positioning System (GPS) coordinates. Combined with a robust Intrusion Detection System (IDS), wireless attackers can be stopped or at least prevented from doing any damage. To paraphrase Thomas Jefferson, vigilance is the price of security.
