[an error occurred while processing this directive]
Wireless Insecurities Aren't Going Away - But That's Okay
The latest craze in IT is to deploy IEEE 802.11-based wireless local area networks (WLANs). Vendors are touting how WLANs can increase productivity in the workplace and users shouting how they want more freedom to roam around the office. As with most newfound technologies, everyone from corporate executives to small business owners are reading about these wireless perks and, as we've come to discover, people everywhere are setting up wireless network connectivity wherever they can find an available network drop.
It's no secret that the growing WLAN industry has had its stumbling blocks. It seems that a major security vulnerability has been found every few weeks since 802.11b WLANs started becoming popular back in the year 2000. Although the various 802.11 security concerns have made many people think twice about integrating WLANs into their environment, it hasn't stopped most people who are interested in the technology and believe it does indeed offer business value. That's a good thing because the problems aren't as serious as they're made out to be; that is, if security is taken seriously.
Why Wireless Security Is a Problem
While we're on the subject of wireless vulnerabilities, let's take a look at how a WLAN with common default settings can be easily compromised. Here's a scenario:
That's all there is to someone connecting to a vulnerable WLAN. The sad thing is that this is going on all over the world - all day, every day. Computers are getting broken into, information integrity is being compromised, confidential information is being stolen, bandwidth is being consumed, and spam and other illegal servers are being set up and run across these compromised networks. Just imagine the possibilities. Imagine the liabilities!
If MAC address filtering was enabled on this AP, which only allows certain computers to attach to the WLAN, it can be defeated fairly easily by an attacker programming his wireless card to use a valid MAC address he finds by sniffing the airwaves. This still adds a layer of security. If WEP encryption was enabled, the attacker can capture wireless packets and eventually crack the encryption key, but this is yet another layer of protection. If Wi-Fi Protected Access (WPA) or WPA version 2 (also known as 802.11i) are enabled, then pretty much all bets are off, especially if these mechanisms are layered on top of the previously mentioned security options.
So, having said all this, if all 802.11-supported security features were enabled on WLAN devices out of the box, we wouldn't have the common security problems we see with the majority of wireless installations. The problem is that the WLAN vendors don't (and probably never will) enable all the security features that are available. They're focusing on basic feature sets, time to market, and ease of use. The onus to secure wireless systems is placed on the end user, which, as we're now seeing, is rarely a good idea. It's easy to comment on this issue, but, all things considered, there's not a great solution - especially now that the cat's out of the bag so to speak. Let's look at some basic remedies to this problem.
The Technical Fixes Are Pretty Simple
It seems complex at first, but it's actually really easy to address these areas and set up a secure WLAN. Here are ten simple steps for doing this that you can perform yourself if you'd like. All it takes are your wireless user's guides for specific instructions and some basic computer knowledge.
If you want the utmost in security, you can enable WPA or WPA2 if your hardware supports it.
That's it - regardless of what the WLAN vendors claim, reasonable WLAN security can be attained even if you just go with the basics. Doing so will put you way ahead of the crowd so when an attacker does come your way, he'll likely go down the path of least resistance - that is, someone else's WLAN that doesn't have these settings enabled and is much easier to break into. Don't get me wrong - I'm not saying that your WLAN will be completely impenetrable to someone that's determined enough - but time is on your side. The more layers of security (or hoops to jump through) you set up, the more difficult it will be and the more time it will take a hacker to break in. If you tire them out enough, they'll likely move on to someone else.
Inherent Weaknesses Are Here to
Inherent WLAN weaknesses are here to stay, but that's quite alright. If you take reasonable and practical precautions, you'll be ahead of the curve and less of a target moving forward. A great quote from Chuck Yeager applies to WLAN security: "You don't concentrate on risks. You concentrate on results. No risk is too great to prevent the necessary job from getting done." If you need wireless network connectivity inside your organization, go for it! If you proceed with caution, take reasonable steps towards implementing the security basics, remember the human factors that pose the greatest risks, and remain vigilant, you'll be quite alright.
About the Author