It is best not to go charging blindly into Wi-Fi technology if you deal with data you want to keep private.
That is the advice of the National Institute of Standards and Technology (NIST), which just released a draft report outlining security problems that continue to plague 802.11b wireless local area networks (LANs), or Wi-Fi networks. The institute's advice also includes a number of steps that networking managers can take to reduce the risk of using the technology.
"We don't say that people shouldn't use wireless LANs," said Tom Karygiannis, a researcher with the institute's Computer Security Resource Center, the agency that produced the 100-page report. "But everyone should be weighing the risks against the benefits."
Wireless LANs are not for everyone, he said. He said the prime concern in assessing a wireless LAN is the sensitivity of the data that will be sent over the wireless network. If that information is too critical to place it under some level of risk, then network administrators might want to abandon the idea of going wireless, he said.
"A wireless LAN has all of the same security issues as a hard-wired network, and it adds a number of new problems on top of that," Karygiannis said.
A wireless LAN does not stop at a company's walls. The signal penetrates walls and often bleeds into parking lots and other outdoor areas. If stringent security measures are not taken, people passing by buildings or sitting in parking lots may be able to gain access to the network. In addition, booster antennae can allow hackers to access a wireless LAN located a kilometer or more away from the 802.11b node.
Since wireless devices are small, they are more easily lost or stolen, leading to the possibility of identity theft and potentially allowing imposters to gain access to the network with an employee's device. It also means that whatever information was downloaded to the device could end up in unauthorized hands.
Common security solutions, such as wired equivalent privacy (WEP), are not adequate to stop determined hackers.
While wireless LANs may provide significant benefits, Karygiannis said, for some organizations the security risks may simply be too high.
NIST has offered recommendations for keeping wireless LANs as secure as possible. Here are some of the best:
- Assess and test security systems frequently.
- Stay abreast of new developments in the wireless LAN market; specifically, be aware of changes in standards and the disclosure of new risks.
- Improve inventory procedures for devices in the field, so lost or missing devices are identified as quickly as possible.
- Implement organization-wide security policies regarding the use of wireless devices.
- Always deploy firewalls between wired and wireless systems.
- Organizations transmitting sensitive data should look for security systems that meet the Federal Information Processing Standards (FIPS-140) cryptographic standard.