Look around you and you see everything has become wireless and more mobile than 10 years ago. Wireless technologies have seen increased growth as being tied to desktops, landline phones have become passé. We see laptops with Wi-Fi connectivity that gives one the ultimate freedom to do business or do casual browsing on the go. In addition to this we also have numerous wireless devices such as the wireless mouse, wireless speakers, wireless headphones and wireless cameras. Another interesting development on the wireless front is the wireless POS terminal that again gives more convenience to the end user and the merchant. Given all these wireless developments, it is but necessary to secure them, using good policies and adopting latest standards.
We start our discussion on wireless security by first seeing the working of the WLAN, security issues with wireless networks followed by the countermeasures that seek to block these security issues.
Working of Wireless LAN:
In a WLAN, the ‘Access Point’ or AP is the central figure. The wireless network connects to the AP which in turn connects to a LAN Ethernet by a wired cable. The AP is the connection between the wired and wireless worlds. The importance of wireless network lies in the fact that wireless communications uses radio signals to communicate. Traditional wires are not used. Laptops today, are pre-configured with wireless cards which makes them easy to use in a WLAN environment.
Security issues with Wireless networks:
Before we discuss the security issues related to wireless networks, please turn on your laptop and you can see the numerous wireless networks in your vicinity. It is easy for an experienced hacker or even a person with a bit of networking and security knowledge to break into these systems within minutes. This same activity done outside corporate offices can be used to infiltrate the corporate zone. This is typically called as the “parking lot” attack.
Unlike traditional systems that are housed in brick and mortar structures – which make hacking a physical activity, hacking wireless systems is simpler. The other security risks associated with wireless networks are:
Countermeasures to deal with security issues of wireless networks:
Given the different security issues related to wireless networks and the way it is fundamentally different from traditional systems, it is important to conceive solutions to beat the threats. The following list shows some of the features that can be added to bolster the security posture of a business environment:
The first and foremost point to ward off threats will be to formulate a good and effective wireless security policy and make sure it is in compliance by all employees. For those wondering how to formulate a policy, SANS institute has several templates related to various policies. (https://www.sans.org/security-resources/policies/network-security/pdf/wireless-communication-policy)
Another crucial step will be to separate the wired resources and wireless resources using a firewall or a router. It is always important to make sure that the AP or ‘Access Point’ is not directly connected to the production environment. The APs can be placed in a wireless DMZ which in turn can be connected to a firewall and then to the production environment. (Stephen Northcutt)
Since the APs are the first to be targeted in wireless attacks, the ‘Access Points’ have to be hardened to fend off attacks.
No discussion on wireless security is complete without mentioning the different protocols of wireless networks. Access points are secured with WEP (Wired Equivalent privacy), WPA (Wi-Fi Protected Access (WPA)) or WPA2 encryption standards. WEP and WPA are slowly being phased out since it can be easily cracked and is being replaced by the stronger WPA2. Trivia question: What encryption standard does your Wi-Fi use? Is it the strong WPA2 standard or the weak WEP standard?
These are, but a few set of countermeasures used to fend off security issues related to wireless security.
Given the free Wi-Fi zone in several public hot spots, the field of wireless security needs to grow more as mobility is the new threat to security.
Stephen Northcutt, L. Z. Inside Network Permieter Security.
Wireless Security. (n.d.). Retrieved June 2, 2014, from Wikipedia.org: http://en.wikipedia.org/wiki/Wireless_security