Having the security flaws of your wireless LAN outed on the local TV news is never good; just ask the folks at...
the Georgia State Capitol building.
Back in 2002, a local television exposé of unsecured networks pointed a finger right at the Capitol.
"What happened was … one of the TV stations here in Atlanta was driving around in a van to see if they [could] hack into these wireless networks," said Michael Clark, of the Georgia Technology Authority (GTA), the IT group charged with the state's government networks and systems. "And they came upon the State Capitol."
The network wasn't secure, and the local TV stations and newspapers let the public know, broadcasting that pretty much anyone could get onto the network from close range. In response, the WLAN was immediately shutdown, Clark said.
So when the staff at the Capitol building started investigating the idea of deploying a wireless network late last year, the GTA had to make sure everything was secure. The WLAN was requested by Gov. Sonny Purdue's administration, which wanted the ability to take laptops with them wherever they went within the building -- from offices, to conference rooms to other areas.
"There were several issues, and security was obviously paramount," Clark said. "[The governor and his administration] didn't want the signal to leak outside the building."
Sounds easy enough, considering the Georgia State Capitol, built mostly from marble and granite in 1889, is essentially a fortress with walls three feet thick originally designed to withstand cannon fire.
But, ironically, those same walls presented a difficult challenge during this era of civil peace in Georgia. Waves from the access points used to design the network could not permeate them. That problem was solved with some creative adjustments in access point location, but still, the number of access points was also unsettling, because their visibility could invite unwanted network guests.
"There are so many people in and out all the time," Clark said. "We didn't want [the access points] to be obvious to anyone. We tried to make them as inconspicuous as possible" for security reasons.
"We used sophisticated security procedures and measures to make sure only people who are supposed to be on the network can get onto the network," Clark said. Those measures involve the ability to block unwanted users or sniff them out and bump them off the network if they -- by some stroke of luck -- manage to get on.
Eric Ahlm, director of emerging technologies with security consulting firm, Vigilar Inc., which handled installation and planning, called the Capitol's implementation a challenge because of the obvious need for 100% security and a "very aggressive" timeline to get everything installed.
"[IT] kind of learned a lesson the hard way. They basically ripped out everything they had and replaced [the entire wireless network]," he said, noting the added challenge that the team installing the network could only work weekends and off hours to avoid disturbing state business. Plus, Gov. Purdue wanted a quick turnaround, so the network had to be up and running within a few weeks.
Vigilar's Ahlm said his company provided a wireless access-point architecture review, product tuning, security consulting and training. Once the network was in, Vigilar tested its security by trying to hack in. After the follow-up risk assessment and some fine-tuning, it was ready to go.
AirDefense, on its end, added in the company's wireless intrusion prevention system, AirDefense Enterprise. The system monitors all 802.11 activity and correlates events across the WLAN. It detects unwanted traffic and protects the network from wireless threats and unauthorized devices. Engineers from AirDefense also helped with the architecture review, testing and tuning of the new WLAN.
"There is a tremendous amount of critical and confidential information flying through the airwaves in the Georgia State Capitol," Richard Rushing, AirDefense's chief security officer, said in a statement. "Our challenge is to keep this information secure while enabling wireless access."
According to Clark, so far there have been no noticeable problems on the WLAN, and it appears the TV crews have stopped driving by.
"There were no significant issues during planning, implementation and testing," he said. "It was all pretty seamless. It's running smoothly."