Maintaining WLAN Security

The attention of the security issues brought on by wireless LANs has inspired some enterprises to ban it altogether. Many security-conscious enterprises are, however, confidently deploying secure WLANs, taking advantage of the mobility and productivity benefits of 802.11 wireless LANs. They achieve this by implementing the following practical steps to protect their information assets, identify vulnerabilities, and protect the network from wireless-specific attacks.

Discovery and Mitigation of Rogue WLANs - Employees themselves might deploy rogue access points on a company’s network. These rogue access points usually lack standard security and thus circumvent the enterprise's investment in network security. Wireless user stations such as laptops that are not adequately secured pose an even higher risk to the security of the organization's network than rogue access points, and intruders can use any insecure wireless station as a launchpad to breach the network. Free tools, such as NetStumbler and Kismet, and other commercial scanners can survey the airwaves for rogue access points and some network vulnerabilities. Continuous monitoring enables network administrators to identify when and where the rogue first appeared, whom it's connected to, the direction of traffic in real-time, and how much data was exchanged.

Lock Down All Access Points and Devices - This step involves implementing perimeter controls for WLAN. Each wireless-equipped device should be secured by deploying a personal agent that can enforce conformance to enterprise policies and alert the organization and user of all security vulnerabilities. Organizations should also deploy enterprise-class access points that offer advanced security and management capabilities. The default Service Set Identifiers (SSID) of these access points should also be changed as the default SSIDs may alert hackers to vulnerable WLANs. It is also good to disable SSIDs and implement MAC filtering if possible. The implementation of RADIUS servers should also be considered when deploying WLANs in corporate environments. These mechanisms aid in reduces the threat of intruders connecting to your WLAN.

Encryption and Authentication - VPN Encryption and authentication provide the core of security for WLANs. However, fail-proof encryption and authentication standards have yet to be implemented. VPNs can apply strong authentication, and encryption mechanisms between the access points and the network, and remote authentication dial-in service (RADIUS) systems can be used to manage authentication, access to network resources, and accounting. While VPNs promotes secure connections to WLANs, one-way authentication VPNs are still vulnerable to exploitation. One-way authentication VPNs are known to be vulnerable to man-in-the-middle attacks and several other known attacks. Mutual authentication wireless VPNs, on the other hand, offer strong authentication and overcome weaknesses in WEP.

Set and Enforce WLAN Policies - While policies vary based on individual security and management requirements of each WLAN, a thorough policy and enforcement of the policy can protect an enterprise from unnecessary security breaches and performance degradation. WLAN policies should include clauses that forbid unauthorized access points and ad hoc networks that can circumvent network security. Several security features, such as the use of VPNs or WEP and open broadcast of SSIDs, are managed on the access points and stations. As such, WLAN policies should include clauses that also forbid the modification of enterprise WLAN cards and access points without proper change management. A policy that limits WLAN traffic and usage to select hours of operation to protect a network from intruders who would seek to carry out late night attacks or an unscrupulous employee seeking to transfer sensitive files over the wireless network while no one else is around. Though policies are necessary, unless enforced, they can be useless paperweights.

Intrusion Detection and Protection - WLAN focused intrusion detection and protection systems ensure that all components of wireless networks are secure and protected from threats and attacks. Through continuous monitoring of all WLAN attack signatures, protocol analysis, a statistical anomaly, and policy violations, organizations can detect attacks against the WLAN, including man-in-the-middle, identity thefts from MAC spoofing, anomalous traffic from unusual off-hours activity or large downloads and denial-of-service attacks.

The cost of implementing wireless infrastructure is decreasing with each innovative development. As such, it has become more accessible for people to use for work and play anywhere they desire. But it is also easier for hackers to exploit the vulnerabilities of wireless networks to gain access to potentially secured networks, rendering millions of dollars spent on firewalls and wired IDS obsolete. Without proper WLAN security, the integrity of valuable information can be compromised.