Why distributed wireless IDS is needed

Wireless is big. If you're not actively looking for wireless technology, you could have huge gaps in your network security and never know it. Your firewall and other perimeter defenses are useless if bypassed by wireless technology without organizational knowledge or consent. Rogue access points plugged into the LAN are, as a rule, not secure and therefore provide an open back door to the network - bypassing all perimeter security - similar to phone modems in workstations. Rogue access points are typically low cost consumer products with minimal security, installed with well-known default settings that make them easy prey. Using an ad hoc network while still plugged into the LAN makes an easy target for wireless hackers. (Ad hoc networks are individual clients connected to each other with wireless in a peer-to-peer fashion, similar to a workgroup in windows). Almost no security exists except the Operating System (OS) lockdown, or a host-based firewall, if installed.) Considering that most new laptops are shipping with wireless cards already installed, the threat of ad hoc networks could increase dramatically over the next year or so.

Wireless scanning software is readily available on the Internet. So called "war drivers" simply roam around, scanning for open or easily accessible wireless networks to hack, or just use the free internet services. If not properly configured, the wireless technology that frees up the workforce and improves productivity becomes your Achilles heel.

Consider the Service Set Identifier (SSID), which separates wireless networks similar to domains in Windows. Access points broadcast the SSID across the wireless medium so that clients are able to find them. This is precisely how war driver scanning software easily finds wireless networks.

So, how does an organization keep its wireless network hidden from casual war drivers?

Built into most enterprise grade wireless access points is the ability to turn off SSID broadcasting. The casual war driver will not be able to find the wireless network; unfortunately, an experienced attacker will still be able to find the SSID and with it, the wireless network. It just takes more effort. This constitutes a targeted attack, exactly why organizations build wireless security architecture. These targeted attacks may come from hackers out to prove their skills or from competitors looking for an edge.

It is possible to run a WLAN securely, but it takes planning and testing. The level of security built into existing wireless access points is not sufficient to secure an enterprise network. Both VPN technology and proper architecture are required to provide an acceptable level of security to a wireless network.

With wireless growing at an exceedingly high rate, many companies have stepped up to the plate by developing innovative software and hardware solutions. One such solution is a Distributed Wireless IDS, which is able to monitor an entire global enterprise (to include multiple buildings in multiple locations), round-the-clock, from a single location. A distributed wireless IDS provides a means to implement and enforce the written wireless policy as well as real-time alerts to administrators of intrusions and unauthorized use of wireless technology. This information is invaluable to the administrators who attempt to protect sensitive data on their networks. Detailed policies can be set to match existing use/no use wireless operating procedures, which would alert administrators of violations across the entire enterprise and in real time.

Existing wireless LANs benefit greatly from a distributed wireless IDS. For example, it handles many administrative tasks, keeping usage records, throughput, number of stations associated and to which access point, performance statistics, and more, in addition to intrusion detection. An administrator can easily manage an entire global wireless infrastructure while protecting sensitive or proprietary data at the same time. The benefits far outweigh the cost.

SO… How much is your proprietary or sensitive data worth? What would it cost your organization if competitors had it?

Wireless technology arrived on the fast track. Raising an organization's awareness to potential clandestine use of wireless technology is important. Administrators can ignore wireless technology or be proactive by enforcing security policy. Whether or not an organization runs a WLAN, it is important to understand the implications that wireless technology has on any network that houses sensitive or proprietary data.
December 30, 2002

Derek Krein, Network Security Engineer, PROSOFT
Krein has over 17 years experience in integration, installation, repair, upkeep and troubleshooting of all types of computer systems, server and client operating systems. He holds seven networking certificates including MCSE NT 4.0/Win2k, CCNA, CWNA, GSEC, A+ and SEF 7.0.

Rate this Tip To rate tips, you must be a member of SearchNetworking.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Wireless Networks How to plan for 802.11n wireless LAN upgrades Deploying 802.11n access points: Best practices Rogue access points: Preventing, detecting and handling best practices Persistent, secure connections for roaming WiMAX, 3G and 802.11x Securing embedded 802.11n devices 802.11n's impact on WLAN security Set up secure wireless networks with 802.11x, access points and bridges How to use Netsh WLAN to configure Windows Server 2008 and Windows Vista wireless connections from the CLI How to avoid the WPA wireless security standard attack IEEE 802.11w protects wireless LAN management frames Network Security Application-specific network intrusion detection systems emerge Anomaly-based intrusion protection configuration and installation Preventing hacker attacks with network behavior analysis IPS Rogue access points: Preventing, detecting and handling best practices The TPM chip: An unexploited resource for network security Shifting defenses and dynamic perimeters challenge network security Compliance in a virtualized world: Server virtualization and NAC security Securing the new network architecture: Security for distributed, dynamic networks How to configure Windows Server 2008 advanced firewall MMC snap-in USB storage devices: Two ways to stop the threat to network security Wireless LAN Security 10 Common questions (and answers) on WLAN security Wireless handhelds need defense-in-depth Wi-Fi Security - Chapter 4 Identify malicious users Securing wireless, part 2: WLAN best practices Securing wireless, part 1: No boundaries WLAN security checklist War driving: Who's browsing your wireless network? Ten steps to low-cost wireless LAN security Wireless corporate access can spawn security problems RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.