22-05-2012, 03:39 PM
Corporate Wireless LAN:Know the Risks and Best
Practices to Mitigate them
Corporate Wireless LAN.pdf (Size: 225.17 KB / Downloads: 27)
Abstract
In recent years, the hottest high tech trend which has received a lot of publicity
and hype is the term Wireless LAN (WLAN). There are more and more
organizations of all sizes implementing and using wireless networks or Wi-Fi
(Wireless Fidelity) networks. This is due in part to its flexibility and mobility, ease
of installations and lower implementation costs compared to installing wired
cables throughout the organization’s infrastructure. Not only Wi-Fi technology
can be seen implemented on private wireless networks, it is also being deployed
rapidly on the public wireless network via hotspots. These wireless locations can
be found in hotels, airports, cafes and restaurants around the world. In fact,
WLAN technology has been the fastest growing technology since the Internet.
According to Gartner Group research, “The corporate move to wireless is
expected to be the biggest technology shift of 2003, 'taking off with a vengeance'
in 2004” [1]. However, the benefits of using wireless LAN are not without security
risks. Corporations are beginning to realize wireless LANs have been poorly
implemented or configured with disregard to information security. Problems
include limited to non existent encryption of the network traffic from wireless
access points and users setting up illegal rogue access points within their
corporate network. There was a recent study conducted by AirDefense in three
cities around the United States. They found that 57% of the access points were
not using any type of encryption. In addition, there were 9% unauthorized rogue
access points found [2].
Introduction to WLAN Technology
The purpose of WLAN network is the same as the wired network which is to
provide users connectivity to the network without having a physical network cable
attached to the users’ workstations or laptops. In other words, the data is
transmitted over the air via radio frequencies. In this section, we will take a quick
Different types of WLAN Components
The two WLAN components are the wireless workstation and the wireless access
point. The workstation could be a desktop system, laptop or other mobile device
with a wireless network interface card (NIC). The wireless NIC will communicate
with the WLAN via radio frequencies [3]. They can connect in a ad-hoc mode
which is client-to-client or in a infrastructure mode which involves access points.
We’ll discuss more on this later. An access point is essentially a hub that
enables wireless clients to connect to the wired LAN. It has an antenna on one
end and is connected to the network via a wire on the other end. Therefore, it is
a bridge between wired Ethernet and wireless Ethernet (802.11).
Conclusion
As more corporations start to implement wireless networks due to user demand,
the IT staff for the organization must recognize the security threats wireless
poses. Businesses need to plan and take proper security measures before and
after implementing wireless networks in their environment to protect valuable
data against any potential attack. The wireless security in 802.11 standard such
as WEP has so many vulnerabilities, which an attacker could exploit. The
recently released WPA has better security functions but is still new in the market.
Many corporations that already have implemented wireless would rather wait for
802.11i to be released somewhere in 2004 next year before upgrading their
networks.
A corporate wireless network is best protected by following the security best
practices using a defense in depth method. This would include security
measures at different layers such as network layer, application and host layer. In
addition, having a proper wireless network security policy in place and audit your
corporate wireless network regularly will also help strengthen the wireless
security. If a corporation cannot afford to implement all five security layer
approach due to cost or resource reasons, at least prioritize which layered
approach is best suited to your corporate environment and implement them
accordingly. On the other hand, corporations should add more security
measures to their wireless environment whenever they see fit to mitigate the risk
of being attacked and not just on the five layers as described in this paper. With
that, I shall end this paper with a quote from the instructor Eric Cole during the
SANS Seminar on September 2003 in Boston “Keep adding on the security layer
and not taking them away. Complement on and not replacing with”.