The first consideration should be just how secure the wired local area network (LAN) is. Clearly the degree of security for the wireless LAN should reflect the corporate policy toward the wired LAN. In other words if a company doesn't encrypt their wired LAN they may not feel a need to encrypt their wireless LAN. It depends on how secure their network communications need to be. What other wireless security issues should you consider?
There are a couple basic things to do with wireless security. You need to turn it on. Forty percent of networks never turn on their wired equivalency privacy (WEP) security. It's very minimal, but you need to turn it on. There is a common misconception, people don't realize that the default is off and not on.
User based is better. The problem with device-based schemes is that the device can be stolen or spoofed. In other words if you're doing a Media Access Address (MAC) authentication, if somebody steals a machine and you don't update your records soon enough they can just log right in and the machine will be accepted. Also there are ways of imitating a MAC address so the access point thinks it's talking to certain node when it's really talking to a hacker. Can you explain the three WLAN protocols A, B and G? How do they differ in terms of security?
They don't. The three different network topologies have to do with way data is transmitted. They all fall under 802.11, so they all have the same basic security issues. No one is more secure than the other, although there is a slight advantage to 802.11a in terms of interference, because there is less traffic in that spectrum. What is a rogue access point and what danger do unauthorized access points pose to a WLAN?
A rogue access point is simply an access point that is not accounted for. It's not officially part of the network. It transmits and eventually becomes accepted as part of the network. The major danger is that on most networks, once you are part of the network there is no further protection scheme in place to limit access to network resources. So once you're in, you're in, and you have access to all the data that's on the network. In some cases companies have mistakenly put their WLANs inside the firewall so in effect once you're in the WLAN you're in the corporate wired LAN and access to everything including routers. What security measures can a network manager take that go above and beyond Wired Equivalency Privacy (WEP) keys?
Basically you can create a tiered security approach focusing on authentication, encryption and authorization. Essentially what you want to do is to authenticate at layer three, which means that you want to have a user ID and password that is authenticated. Generally that is done via Remote Authentication Dial-In User Service servers (RADIUS). Most of the vendors have proprietary support for what they call 802.1X authentication. You want to have that kind of authentication that goes well beyond the layer two authentication that you have with WEP. As far as the encryption, ideally you want to have 128-bit dynamic key encryption so that the key is changing all the time, so you don't have to do it manually. The problem with the WEP key is that it is static and the only standard WEP encryption is the 40-bit encryption key. How can virtual private networks (VPNs) provide security for a WLAN?
VPNs are on of the best ways to add authorization, which means that you're able to limit the resources that somebody is authorized to use. So even if they do make it into the network, past the WEP security to access key parts of the corporate network inside the firewall, they still have to wind up going through a VPN. So in effect, what you are doing is treating the WLAN as if it has the same level of insecurity as Internet access does. The alternative to a VPN is to use a virtual local area network (VLAN), but those can be a nightmare to administer keeping track of who belongs to what segments and so forth. Are there other problems?
A lot of times what happens is that people are buying WLANs with departmental money and not telling corporate. So you have all kinds of ad-hoc wireless in place. Since some people haven't disabled the broadcast functions in their access points essentially what happens is the access point accepts any signal that is broadcast to it and lets it join the network. What are some methods for detecting rogue access points?
There are all kinds of tools out there. The latest one is called Air Magnet; there are lots of others. Essentially what you wind up doing is a sweep looking for signals figuring out where the signals are coming from and who they belong to. What does the future hold for WLAN security, are there any emerging trends?
One is that 802.1X is moving towards fruition. There are some holes even in 802.1X but those will probably get ironed out for the next version. 802.11I is being developed which is going to be a much more sophisticated type of encryption which should be a big help. Those are the two major optimistic things to look for in terms of security. We're also starting to see more devices out there to monitor your WLAN.