QUESTION & ANSWER

Wireless IDS, a crucial part of your security strategy

By Mia Shopis, SearchSecurity.com Assistant Site Editor 10 Oct 2003 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

What are some of your recommendations for securely implementing a wireless network?
Mansfield: Well, there are really four different categories that you have to address.

First, you have to have a policy that encompasses the organization's needs and goals. So, the policy should specify what the wireless LAN is used for, who's allowed access to it and what's allowed to be transmitted over it, at what times and at what locations.

Next, you need to consider technology and decide on an authentication solution. So you would need to either choose some type of 802.1x authentication, or some kind of legacy-based authentication system.

After that, you have to decide on how to encrypt network traffic and protect its privacy. There are a number of ways that admins are solving these problems. One of [the] ways would be to use a VPN for a wireless LAN, and there are a number of vendors out there that have developed VPN technology that is specifically designed to work for WLANs.

Another way of encrypting or keeping traffic private would be through again 802.1x, which serves as a means to do encryption using the EAP types. The EAP types, such as Microsoft's PEAP and Cisco's LEAP, are very popular choices. There is also EAP-TLS, which is another standard that people are using. And then the other option in that category is the newly released WPA [Wi-Fi Protected Access] technology from the Wi-Fi Alliance. Organizations can purchase equipment that is WPA-certified.

Finally, you want to have some sort of monitoring solution/IDS capability for your wireless LAN. It's an important piece that has got to be considered in the enterprise environment.

Brian Mansfield

Considering those factors, do you believe that a WLAN is secure enough for corporate deployment?

What are some of the most common security mistakes you see organizations make with their wireless deployments?
Mansfield: The first is education. I think there's a lot to consider, and before an organization rolls out a large deployment it should really go through the process of doing a pilot and trial to understand how the technology fits into their organization.

The other thing is the decision process for capital investment, which is very critical for a large organization. Since there are so many players evolving in the WLAN area, specifically the security area, a CIO, CSO has to be very circumspect in making the decision to go with one vendor over another, because industry turnover is fairly fast paced. You don't want to get stuck [in] an environment where you're invested in one vendor who's a startup.

And then another thing is there's really not one single solution that you are going to be able to deploy for the entire enterprise. Very few organizations find that they can use just one solution. So a better way to look at it is to understand what's in the organization and what are the different needs for the people who are going to use the WLAN. And it may differ from division to division, such as: the finance people's needs may be vastly different than the sales force's needs. And they're both using a WLAN, but you may need to deploy different levels of security for the finance group and different types for the marketing group.

At Security Decisions, you're going to talk about IDS for WLANs. Can you briefly explain how IDS works on a WLAN? How is it different from IDS on a LAN?
Mansfield: Yes, [wireless IDS] does operate much differently than on a traditional LAN, because the difference between a wired and a wireless network is that, on a wired network, you have a full control over what's transmitting on your wires within your organization. That's not the case with WLANs, because the medium is using the air, which results in the broadcasting of 802.11 frequency that bleeds over everybody's environment. So you now have the need to do internal and external monitoring for wireless.

The other thing that's different is that wireless IDS is needed not only for people that have deployed WLANs, but also for enterprises that have not deployed one. And the reason why is that attacks from a WLAN into a wired network are a very real threat. This a topic that people think is a very narrow area that only relates to people that have deployed wireless LANs. However, the truth is that any organization that has a wired network also needs to do monitoring for WLAN traffic to make sure the air surrounding them is not threatening the devices within their organization, or within the appropriate use for that organization.

Regardless of whether you have [a] WLAN, you need to be concerned with your internal environment and rogue access points. Now, rogue APs can be either devices that have been installed with or without malicious intent. Many times, organizations say they don't use WLAN technology when the fact is that a number of employees, unbeknownst to the IT department, have deployed WLANs.

Wireless IDS is needed not only for people that have deployed WLANs, but also for enterprises that have not deployed one. And the reason why is that attacks from a WLAN into a wired network are a very real threat. - Brian Mansfield

How would you recommend companies that haven't deployed a WLAN keep rogue access points from popping up?
Mansfield: A policy has to be articulated and understood within [the] organization about what kind of use is acceptable, as far as client stations and wireless is concerned. And the second thing is there is no other way to deal with this issue other than to use some kind of WLAN detection system. And there are many systems out there all coming from different angles, from a technology standpoint, but the key is, at the end of the day, the IT person [who] is in charge needs to have confidence that their air is clear of any activity.

What makes up a solid wireless security policy?
Mansfield: The policy would have to take into consideration: What are the risk points within the organization? And what kind of data and applications are [on a WLAN] that, if they were compromised or attacked, would pose financial harm to the business? And once those areas are identified, then it's more about putting into place specific policy about what's approved for accessing what type of technology required to gain access.

The policy could change from department to department. Like in finance, [the person] who is dealing with very sensitive data has a higher security requirement than the people in marketing. Once you consider those three things in conjunction with the stress points in your business, that's how you come up with a policy that would make sense.

Do you think that a lot of enterprises actually have a wireless security policy in place?
Mansfield: Actually, no, I don't think they do. Even security policies are something that have to constantly be refined, because business changes, applications and activities evolve, and policies have to be constantly fine-tuned and upgraded. A normal operating business is going to have a policy in place, but, in addition ... a WLAN policy that fits into that larger policy.

SearchSecurity.com news exclusive: "War drive illustrates wireless problem"

SearchSecurity.com news exclusive: "Company tackles wireless network security risks"

Best Web Links on wireless security issues

FEEDBACK: Has your enterprise upgraded its WLAN to WPA yet?
Send your feedback to the SearchSecurity.com news team.

Digg This!     StumbleUpon     Del.icio.us

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary