Wireless LAN Security: Issues and Options

by jnaze
Be the first to comment | I like it!
More »
on this topic
August 12, 2004, 10:50 PM —  Farpoint Group — 


This is an edited transcript of a webcast program. For a richer experience, watch the webcast.

Analyst: Craig Mathias, Farpoint Group

Watch it: Available 24x7

Takeaway: Secure your network's endpoints. Encrypt the
data on mobile devices and server.


As you probably know, wireless LAN security is a bit of a mess. Originally in 802.11, the wireless LAN standard, the security technology, which is called wireless equivalent privacy, or WEP, was not very secure. It was really not very secure by design.

It was only 40 bits of resolution and, in fact, the standard is still 40 bits of resolution today. This has led to a wide variety of hacker threats, things like Air Snort and WEP Crack, tools that you can download off the Internet, can, in fact, be used to break WEP encryption.

Now it is not that easy to do but nonetheless network managers are right to be concerned about that particular problem. What has happened over the years is that most vendors of wireless LAN equipment have developed proprietary enhancements, such as going to 128-bit WEP encryption, that has resulted in much better security. But still, it has not really been enough to make very many network, potential wireless LAN network users happy.

There has been lots of other solutions as a result of that. Primarily add-on hardware and software products from a wide variety of vendors. Many of these involve additional hardware boxes that need to be added to your wireless LAN infrastructure and the solutions can get rather complex.

Security thus remains even today the #1 concern about wireless LANs and it is also the #1 reason that people have not adopted wireless LANs to date. What has happened though is a couple of very funny things.

The most important of which is that because people have heard that WEP is not secure, they simply don't enable it, they don't turn it on and therefore run insecure wireless LANs in their enterprises. That is clearly not something that you want to do. And, of course, as I mentioned before, in many cases they simply do not install wireless LANs at all.

But that is not the real problem with wireless security. Wireless LAN security, like any wireless security, just considers one small portion of your overall value chain, and that is what we call the air link, the connection between the client and the access point which interfaces to the rest of your network infrastructure.

Just securing the air link by itself really doesn't buy you very much. It still leaves enormous gaps in security in your wireless network, and indeed in your network altogether. A dedicated hacker is probably not going to try to intercept a transmission off the air.

They are going to look at the vulnerable parts of your network, the endpoints of your network. So, when we talk about wireless security, we are really only considering one small part of the problem.

So, here you can see the entire value chain between the clients, over on the left, and the server, over on the right. Notice all of the vulnerable points that exist between the two.

There is the access point, which is the bridge between the mobile users and the wired infrastructure, and then you have got a whole variety of additional points in your network where security gaps can take place. But by far, the most vulnerable points of your network are those endpoints.

So the thing you want to do is to first of all, you want to make sure that the endpoints of your network are, in fact, secured and that you encrypt the data on your mobile devices and on your server as well.

Secondly, use a virtual private network or some similar technology to make sure that the data never appears in the clear except where it is allowed to, and that is to an authorized user on an authorized device.

Wireless security is going to remain a very hot topic and a very big issue for some time. But the tools and techniques that you need to secure your wireless network exist today and you can apply them in your enterprise.

Craig J. Mathias is a Principal with Farpoint Group, an advisory and systems-integration firm based in Ashland, MA. Farpoint Group specializes in wireless and mobile communications technologies, products, and services. The company works with both manufacturers and end-users in technology assessment, strategy development, product specification and design, product marketing, program management, education and training, and the integration of new technologies into new and existing business operations, across a broad range of markets and applications. Craig has published numerous technical and overview articles on a variety of topics, and is a well-known industry analyst and frequent speaker at industry conferences and trade shows. He is an internationally-recognized expert on wireless communications and mobile computing technologies.

Farpoint Group

I like it!
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
Free stuff

Win an Amazon Kindle!
This month's giveaway gadget - Amazon's Kindle - will keep you entertained on the long trip home to visit family and friends over the holidays. Enter the drawing now!

Applied Security Visualization
By Raffael Marty
Published by Addison-Wesley Professional
Learn more!

 

IT Manager's Handbook
By Bill Holtsnider and Brian D. Jaffe
Published by Morgan Kaufmann
Learn more!

 

Windows Vista Resource Kit
By Mitch Tulloch, Tony Northrup, and Jerry Honeycutt
Published by Microsoft Press
Learn more!

Featured Sponsor
Case Study: AISO grows its "green" business

AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.

Download this white paper »
Myth of the Million Dollar Database

In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability and performance at a fraction of traditional cost.

Download this white paper »
Success Story: Weather.com handles whatever nature serves up

On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.

Download this white paper »
More Resources