Learn the business risks posed by wireless, essential countermeasures that can reduce those risks, and industry best practices for designing, deploying and monitoring secure WLANs with this tip, which was originally part of the Wireless Security Lunchtime Learning
series on SearchSecurity.com.
According to the 2005 WLAN State-of-the-Market survey, two out of three companies have now deployed business-class 802.11 (Wi-Fi) wireless LANs. But, despite recent technology advances, security continues to be cited as the number one challenge.
Without adequate safeguards, wireless can open corporate networks to new attacks, from war driving and password cracking to rogues and Evil Twins. To prevent Wi-Fi from becoming the weak link in a network's armor, it is essential to understand the business risks posed by wireless, countermeasures that can reduce those risks, and industry best practices for designing, deploying and monitoring secure wireless LANs.>
Ignoring wireless threats can no longer be considered a viable option. Surveys indicate that most businesses now discover unknown "rogue" access points operating in or near their facilities. With Wi-Fi embedded in four out of five laptops shipped last year, most offices now also harbor unauthorized wireless clients, carried by customers, suppliers, partners and deliverymen. As a result, every business -- including those that have not yet deployed Wi-Fi and those that ban Wi-Fi -- should be prepared to monitor activity and defend corporate resources from wireless-borne attack.
Companies without formal WLAN deployment face threats posed by rogue APs and clients. For example, many rogue APs are installed by naÏve employees, inside the corporate firewall, without security measures. Although not intentionally malicious, those APs still serve as an unprotected backdoor into the heart of your customer's network, exposing confidential data and sensitive systems to outsiders. Worse, small travel APs and soft APs on laptops and PDAs have made attacker rogues much easier to conceal. Workers who use Wi-Fi at home or hotspots may unwittingly re-connect to similarly-named rogue APs at the office, creating a bridge between the corporate network and the attacker.
If your customer is among the majority with deployed WLANs, then they face additional concerns. Chief among these is protecting wireless resources from mis-use, abuse and attack. For example, Wi-Fi is uniquely vulnerable to a plethora of new denial-of-service attacks that exploit 802.11 and 802.1X, and the relatively young products that implement these protocols. Before moving mission-critical systems from wired Ethernet to wireless LAN, it is critical to understand these DoS risks and what can and can't be done about them. And, while threats facing Wi-Fi clients outside the office are fairly well-understood, new threats introduced by wireless inside the office are still being discovered. In short, Wi-Fi further weakens the already crumbling network perimeter by creating mix-trusted subnets that warrant careful scrutiny and added layers of protection.
Forewarned is forearmed
Of course, no network is without risk. In the 90s, we learned how to leverage the power of the World Wide Web while protecting business networks from Internet-based attack. During this decade, we must learn to tap the financial and productivity potential of Wi-Fi while adopting safeguards that keep these wireless risks in check.
Fortunately, all new Wi-Fi products include data link security features that are capable of resisting old attacks like WEP cracking. Most enterprise-grade products sold today support 802.11i Security Enhancements -- features that can provide robust data encryption, integrity, user authentication and port-level access controls. While these advances are promising -- indeed, essential -- they are not by themselves sufficient to create a secure wireless network.
Deploying a strong defense requires a game plan: a defined security policy that identifies threats, associated business risks and countermeasures used to mitigate them. If you are not aware of wireless threats and attack methods, you cannot possibly assess their potential business impact. If you do not understand those risks, you cannot know which countermeasures would be effective against them. Should you implement WPA-PSK or 802.1X? If 802.1X, which EAP types should you support? What's your strategy for spotting and eliminating rogue devices, and will it be cost-effective? Creating a wireless security policy can help you to answer these kinds of questions and more.
How to get started
Much has been written about Wi-Fi security, and there are many good resources available to learn more about this topic. WLAN administrators with day-to-day responsibility for security should consider a certification like the Planet3 Wireless Certified Wireless Security Professional (CWSP) program. Technologists can find many detailed 802.11 security documents at the CWNP Learning Center.
However, the challenge that many IT professionals and network administrators face is getting a toe-hold on this complex topic, sorting the old from the new, finding the forest through the trees. If that sounds familiar, then check out SearchSecurity.com's Wireless Security Lunchtime Learning series. This series of 20-minute strategy webcasts and paired tactical tips is designed for readers with limited time and a thirst for WLAN security knowledge. To discover what you might learn from this series, take the Entrance Exam. From wireless attacks and best practices to intrusion detection and prevention, this series will arm you with the essential information required to manage Wi-Fi threats.
About the author
Lisa Phifer owns Core Competence, Inc., a consulting firm specializing in network security and management technology. Core Competence produces The Internet Security Conference (TISC), an annual symposium for network security professionals. Phifer has been involved in the design, implementation, and evaluation of data communications, internetworking, security, and network management products for nearly 20 years.
This tip originally appeared on SearchSecurity.com.
This was first published in December 2006