Without adequate safeguards, wireless can open corporate networks to new attacks, from war driving and password cracking to rogues and Evil Twins. To prevent Wi-Fi from becoming the weak link in your network's armor, it is essential to understand the business risks posed by wireless, countermeasures that can reduce those risks, and industry best practices for designing, deploying and monitoring secure wireless LANs.
Ignoring wireless threats can no longer be considered a viable option. Surveys indicate that most businesses now discover unknown "rogue" access points operating in or near their facilities. With Wi-Fi embedded in nearly every laptop and 44 percent of smartphones shipped last year, most offices now also harbor unauthorized wireless clients, carried by customers, suppliers, partners and deliverymen. As a result, every business -- including those that have not yet deployed Wi-Fi and those that ban Wi-Fi -- should be prepared to monitor activity and defend corporate resources from wireless-borne attack.
Companies without formal WLAN deployment face threats posed by rogue APs and clients. For example, many rogue APs are installed by naÏve employees, inside the corporate firewall, without security measures. Although not intentionally malicious, those APs still serve as an unprotected backdoor into the heart of your network, exposing confidential data and sensitive systems to outsiders. Worse, small travel APs and soft APs on laptops and PDAs have made attacker rogues much easier to conceal. Workers who use Wi-Fi at home or hotspots may unwittingly re-connect to similarly-named rogue APs at the office, creating a bridge between your corporate network and the attacker.
If your company is among the majority with deployed WLANs, then you face additional concerns. Chief among these is protecting wireless resources from mis-use, abuse and attack. For example, Wi-Fi is uniquely vulnerable to a plethora of new denial-of-service attacks that exploit 802.11 and 802.1X and the relatively young products that implement these protocols. Before moving mission-critical systems from wired Ethernet to wireless LAN, it is critical to understand these DoS risks and what you can and can't do about them. And, while threats facing Wi-Fi clients outside the office are fairly well-understood, new threats introduced by wireless inside the office are still being uncovered. In short, Wi-Fi further weakens the already crumbling network perimeter by creating mix-trusted subnets that warrant careful scrutiny and added layers of protection.
Forewarned is forearmed
Of course, no network is without risk. In the 90s, we learned how to leverage the power of the World Wide Web while protecting our business networks from Internet-based attack. Today, we must learn to tap the financial and productivity potential of Wi-Fi while adopting safeguards that keep these wireless risks in check.
Fortunately, all new Wi-Fi products include data link security features that are capable of resisting old attacks like WEP cracking. All Wi-Fi certified products sold today support 802.11i Security Enhancements -- features that can provide robust data encryption, integrity, user authentication and port-level access controls. While these advances are promising -- indeed, essential -- they are not by themselves sufficient to create a secure wireless network.
Deploying a strong defense requires a game plan: a defined security policy that identifies threats, associated business risks and countermeasures used to mitigate them. If you are not aware of wireless threats and attack methods, you cannot possibly assess their potential business impact. If you do not understand those risks, you cannot know which countermeasures would be effective against them. Should you implement WPA-PSK or 802.1X? If 802.1X, which EAP types should you support? What's your strategy for spotting and eliminating rogue devices, and will it be cost-effective? Creating a wireless security policy can help you to answer these kinds of questions and more.
How to get started
Much has been written about Wi-Fi security, and there are many good resources available to learn more about this topic. WLAN administrators with day-to-day responsibility for security should consider a certification like the Planet3 Wireless Certified Wireless Security Professional (CWSP) program. Technologists can find many detailed 802.11 security documents at the CWNP Learning Center.
However, the challenge that many IT professionals and network administrators face is getting a toe-hold on this complex topic, sorting the old from the new, finding the forest through the trees. If that sounds familiar, then check out our new Wireless Security Lunchtime Learning series. This series of 25-minute strategy videos and paired tactical tips is designed for readers with limited time and a thirst for WLAN security knowledge. To discover what you might learn from this series, take our Entrance Exam. From wireless attacks and best practices to intrusion detection and prevention, this series will arm you with the essential information required to manage Wi-Fi threats.
This was first published in June 2009