Wireless LAN security: Why encryption isn't enough

Anil Khatod

The benefits of 802.11 wireless LAN connections are easy to see from the mobility of un-tethered workers connecting to the network from a conference room, retailers easily running cash registers throughout a store, or manufacturers wirelessly connecting operations throughout a plant. However, the risks of wireless LANs are still being identified as hackers become more familiar with the technology and develop more creative ways to compromise wireless security.

Many feel that by encrypting the information transmitted through the air, they are utilizing an affordable, easy answer to wireless security. While encryption is certainly a critical aspect of securing WLANs, it is not the end-all, be-all solution and there are many other risks to wireless networks, including:

• Ad hoc networks: Peer-to-peer wireless networking between laptops without an access point opens up a laptop to be directly attacked and used as a conduit to the network.

• Policy violations: Authorized users who violate network policies against rogue access points, file sharing, and turning off security measures circumvent your investment in network security.

• Identity theft: Intruders can pick off Service Set Identifiers (SSIDs) and Media Access Control (MAC) addresses to steal the identity of an authorized user.

• Man-in-the-Middle attacks: Hackers can force a rogue station between an authorized station and an access point where all traffic between the authorized station and access point is routed through the rogue station.

• Denial-of-Service: Outsiders who cannot gain access to a WLAN can none-the-less pose security threats by jamming or flooding the airwaves with static noise that causes WLAN signals to collide or simply force stations to continuously disconnect from access points.

Securing the wireless network

1. Lock down all access points and stations
The first step of wireless LAN security involves the basics of configuring all access points to implement the best practices of wireless LAN security.

Enterprises should change the default Service Set Identifiers (SSIDs), which are essentially the names of each access point. The SSIDs should be changed to names that are meaningless to outsiders. An SSID of "CEO Office" or "East Cash Register" only calls attention to valuable information that a hacker would like to get into.

Enterprises should also configure access points to disable the broadcast mode where the access point constantly broadcasts its SSID as a beacon in search for stations with which to connect. By turning this default feature off, stations must know the SSID in order to connect to the access point.

Most enterprise-class access points allow you to limit which stations can connect to it based on filtering of MAC addresses of authorized stations providing basic control over which stations can connect to your network. Larger enterprises with more complex wireless LANs that allow hundreds of stations to roam between access points may require more complex filtering from remote authentication dial-in service (RADIUS) servers.

In addition, to eliminate the threat of intruders connecting to your wireless LAN from the parking lot or the floor above you where connection speeds will be greatly reduced, access points should be configured to not allow the slower connection speeds.

2. Encryption and authentication
In 2001, researchers and hackers demonstrated their ability to crack Wired Equivalency Policy (WEP), the standard encryption for 802.11 wireless LANs. Soon after, hackers published freeware tools, such as WEPCrack, which allow anyone to crack the encryption after observing enough traffic over the network to figure out the encryption "key." WEP can be configured with a variety of key lengths, the longer of which can be harder to crack. While the longer key lengths take longer to crack, they remain vulnerable.

With authentication vulnerabilities stemming from WEP, the wireless LAN standards group introduced 802.1x as strengthened authentication for all 802.11 networks. However, 802.1x also has shown to be vulnerable to hackers.

Because these encryption and authentication standards are vulnerable, stronger encryption and authentication methods should be deployed to more completely secure a wireless LAN. The recently ratified 802.11i has accounted for weaknesses in previous protocols but is still subject to vulnerabilities if improperly implemented or bypassed by rogue devices.

3. Set and enforce wireless LAN policies
Every enterprise network needs a policy for uses and security. Wireless LANs are no different. While policies will vary based on individual security and management requirements of each wireless LAN, a thorough policy -- and enforcement of the policy -- can protect an enterprise from unnecessary security breaches and performance degradation.

Wireless LAN policies should begin with the basics of forbidding unauthorized access points and ad hoc networks that can circumvent network security. Because many security features are controlled on the access points and stations, policies should be in place to forbid the reconfiguration of access points and wireless LAN cards to alter these features.

4. 24x7 RF monitoring
The overarching layer of security organizations need to adopt to secure their WLAN is 24x7 RF monitoring, which includes intrusion detection and protection and rogue access identification for the entire organization.

Discovery of rogue devices and vulnerabilities

The same insecurity can come from network vulnerabilities originating from improperly configured wireless LANs. Upon a power surge or after a power failure, some access points restart in their default modes that do not include encryption, authentication, or other security measures with which they were configured.

Neighboring wireless LANs located in the same vicinity as your wireless LAN also pose risks of the neighboring stations accessing your network and interfering on wireless channel.

Intrusion detection and protection

As wireless LANs become further engrained in the business landscape, it is critical to consider their security a top priority. A layered approach is the only way to fully secure a network. Locking down devices and communication between devices is a start; however, organizations must also have visibility into their wireless network to understand where breaches are occurring. To achieve this, 24x7 monitoring of the air space is required to enable safe deployment of wireless LANs.

About the company:
AirDefense Inc. is the thought leader and innovator of wireless network security and operational support solutions. Founded in 2001, AirDefense pioneered the concept of 24x7 monitoring of the airwaves and now provides the most advanced solutions for rogue WLAN detection, policy enforcement, intrusion protection and monitoring the health of wireless networks. As a key element of wireless network security, AirDefense complements wireless VPNs, encryption and authentication. Based on a secure appliance and remote sensors, AirDefense solutions scale to support single offices, corporate campuses or hundreds of locations. Blue chip companies and government agencies rely upon AirDefense solutions to secure and manage wireless networks around the globe. For more information, go to www.airdefense.net or call 770.663.8115.

Rate this Tip To rate tips, you must be a member of SearchNetworking.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Wireless LAN Implementation University tackles large-scale 802.11n wireless network management Why is my network adapter not working after a Vista Business upgrade? How many wireless base stations can connect to 802.11g access points? 802.11n wireless APs bring IP video to sprawling Illinois high school No data cable? Wireless mesh networking the answer for Wi-Fi backhaul Integrated wireless and wired LAN: Brocade-Motorola deal ups the ante 802.11n WLAN architecture strategies: The 2.4 vs. 5 GHz band debate 802.11n upgrade: College ditches legacy network for new vendor 802.11n ratification will drive down wireless LAN prices How does Wi-Fi ad-hoc mode react when 802.11n and legacy peers are present? Wireless Networks How to plan for 802.11n wireless LAN upgrades Deploying 802.11n access points: Best practices Rogue access points: Preventing, detecting and handling best practices Persistent, secure connections for roaming WiMAX, 3G and 802.11x Securing embedded 802.11n devices 802.11n's impact on WLAN security Set up secure wireless networks with 802.11x, access points and bridges How to use Netsh WLAN to configure Windows Server 2008 and Windows Vista wireless connections from the CLI How to avoid the WPA wireless security standard attack IEEE 802.11w protects wireless LAN management frames WLAN Security Where can I find a wire driver that unblocks recognized passwords? Will using a VPN protect me against fake wireless hotspots? Fluke gets WLAN design, management, security cred with AirMagnet Is WPA2 secure enough for a commercial business wireless network? Health center cut cost securing wireless network edge with Aerohive Wi-Fi RTLS for WLAN management, location-based security, asset tracking Wireless LAN performance management and security standards beefed up How can I hide my WLAN's SSID in an Aruba AP-61? Wireless LAN security: SonicWall joins crowded WLAN market Stolen laptop recovery using remote access and wireless network SSIDs RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary 802.11a  (SearchNetworking.com) Asynchronous Pulsed Radiated Incident Light  (SearchNetworking.com) beamforming  (SearchNetworking.com) cognitive radio  (SearchNetworking.com) direct sequence spread spectrum  (SearchNetworking.com) frequency-hopping spread spectrum  (SearchNetworking.com) patch antenna  (SearchNetworking.com) phase-locked loop  (SearchNetworking.com) radio frequency  (SearchNetworking.com) wireless mesh network  (SearchNetworking.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.