Abba Center for Excellence

Abba Workforce Augmentation

Careers with Abba

Wireless and Secure

Effective WLAN security requires a layered approach.

There’s no question that wireless LANs (WLANs) offer compelling benefits in terms of mobility and productivity. In a recent Web poll conducted by the Computing Technology Industry Association (CompTIA), 13.1 percent of technology professionals surveyed said that wireless data applications would have the greatest impact on their organizations this year — the second most popular choice.

Security solutions ranked No. 1 in the survey, chosen by 24.3 percent of IT professionals. WLAN security is particularly problematic, creating a major stumbling block that prevents organizations from fully reaping the rewards of wireless.

However, it is possible to balance mobility with robust infrastructure security. While some organizations have chosen to focus on the risks associated with WLANs — to the point of banning the technology — many others have successfully deployed wireless networks that are as secure as the wired infrastructure.

The Layered Approach

The key, according to experts, is to take a layered approach to WLAN security by identifying and protecting against wireless-specific vulnerabilities. All too often, organizations focus on one area of WLAN weakness — such as inadequate encryption — while failing to see the big picture.

Effective WLAN security depends upon a comprehensive framework covering all aspects of the wireless infrastructure, from the radio frequency (RF) layer all the way to the application layer. Organizations must put tools in place that check for rogue devices entering the airspace, attacks on wireless links, and unauthorized users attempting to access the network.

This requires a mix of security solutions based upon industry standards along with continuous real-time monitoring and policy enforcement. Network administrators must learn what to look for and effective ways of addressing WLAN vulnerabilities.

Know Your WLAN

The lure of wireless combined with the ease with which it can be deployed represents one of the biggest threats to WLAN security. For a small investment, an end-user can introduce a consumer-grade wireless access point into the network, exposing the entire infrastructure to easy attack. Wireless-equipped laptops can pose an even greater threat if not properly secured.

The first step in securing the WLAN is to find rogue access points and either eliminate them or ensure that they meet security standards. Many network administrators will use a handheld “sniffer” and walk through the WLAN coverage area looking for wireless data transmissions. However, experts say this is one of the least-effective ways of eliminating rogue equipment — new rogue access points can be added after the scan.

A better solution is 24x7 monitoring of the WLAN for security risks. This enables the network administrator to know immediately when and where a rogue access point is deployed, and also identify new vulnerabilities.

Strong authentication and encryption are needed when user credentials and data are being broadcast through the airwaves. The Wi-Fi Protected Access 2 (WPA2) encryption standard offers substantially greater protection than the notoriously vulnerable Wired Equivalent Privacy (WEP) standard.

Intruder Alert!

The next step is to ensure that the WLAN is protected against attack. Experts recommend that organizations install WLAN-specific intrusion detection systems (IDSs) to keep hackers from accessing the wired network via the WLAN.

WLAN IDSs continuously monitor 802.11 protocols for security policy violations, known attack signatures and statistical anomalies. They are able to detect and thwart man-in-the-middle attacks, MAC spoofing and unusual activity.

Security software should be installed on all wireless-equipped devices to alert the network administrator of any vulnerabilities. Only enterprise-class access points with robust security should be used, and they should be configured to limit which stations can connect to them.

The Service Set Identifier (SSID) — the name of the access point — should be changed from well-known factory presets. In addition, the default SSID broadcast mode should be turned off so that only user stations that know the SSID can connect to the access point.

What’s Your Policy?

It’s critical that organizations develop — and enforce — a WLAN security policy. Robust WLAN security depends upon the installation and use of security software on individual clients, and the proper configuration of access points and stations. A WLAN security policy should establish these requirements and prohibit users from circumventing these measures.

A WLAN security policy must be flexible in terms of the technologies it can support. WLANs enable access by laptops, PDAs, smart phones and more, each with different features, capabilities and security requirements. This diverse set of clients cannot be secured with a “one size fits all” policy.

In addition, most WLANs are designed with end-user mobility and productivity in mind. The challenge for IT staff is to develop security options that support end-user requirements.

Finally, WLAN security policies must integrate with the organization’s wired network security scheme to ensure seamless protection across the organization. While WLANs present unique security challenges, it still boils down to controlling who has access to specific information. Understanding WLAN-specific vulnerabilities and deploying a suite of tools to minimize them enables organizations to enjoy the mobility and productivity benefits of WLANs without putting business-critical applications at risk.

Back to Menu
Back to Archive
888-ABBATECH
Abba Home Abba Contracts Contact Abba