Let's face facts. Wireless Local Area Network (WLAN) technology is here; it is cheap and almost anyone can easily set it up. Worse, it can be installed just about anywhere, even within your organizations' LAN, without your consent. Any network that stores proprietary or sensitive data, which includes most commercial and/or government networks, should have a Distributed Wireless Intrusion Detection System (IDS) installed. Often, network policies regarding use of wireless networks are exceedingly strict; many users simply ignore policy and try to find ways to get their work done more efficiently. WLAN technology allows for greater efficiency and mobility, which allows users to increase productivity dramatically.
Of course, there is always the "cool factor."
Answer these questions:
Wireless is big. If you're not actively looking for wireless technology, you could have huge gaps in your network security and never know it. Your firewall and other perimeter defenses are useless if bypassed by wireless technology without organizational knowledge or consent. Rogue access points plugged into the LAN are, as a rule, not secure and therefore provide an open back door to the network - bypassing all perimeter security - similar to phone modems in workstations. Rogue access points are typically low cost consumer products with minimal security, installed with well-known default settings that make them easy prey. Using an ad hoc network while still plugged into the LAN makes an easy target for wireless hackers. (Ad hoc networks are individual clients connected to each other with wireless in a peer-to-peer fashion, similar to a workgroup in windows). Almost no security exists except the Operating System (OS) lockdown, or a host-based firewall, if installed.) Considering that most new laptops are shipping with wireless cards already installed, the threat of ad hoc networks could increase dramatically over the next year or so.
Wireless scanning software is readily available on the Internet. So called "war drivers" simply roam around, scanning for open or easily accessible wireless networks to hack, or just use the free internet services. If not properly configured, the wireless technology that frees up the workforce and improves productivity becomes your Achilles heel.
Consider the Service Set Identifier (SSID), which separates wireless networks similar to domains in Windows. Access points broadcast the SSID across the wireless medium so that clients are able to find them. This is precisely how war driver scanning software easily finds wireless networks.
So, how does an organization keep its wireless network hidden from casual war drivers?
Built into most enterprise grade wireless access points is the ability to turn off SSID broadcasting. The casual war driver will not be able to find the wireless network; unfortunately, an experienced attacker will still be able to find the SSID and with it, the wireless network. It just takes more effort. This constitutes a targeted attack, exactly why organizations build wireless security architecture. These targeted attacks may come from hackers out to prove their skills or from competitors looking for an edge.
It is possible to run a WLAN securely, but it takes planning and testing. The level of security built into existing wireless access points is not sufficient to secure an enterprise network. Both VPN technology and proper architecture are required to provide an acceptable level of security to a wireless network.
With wireless growing at an exceedingly high rate, many companies have stepped up to the plate by developing innovative software and hardware solutions. One such solution is a Distributed Wireless IDS, which is able to monitor an entire global enterprise (to include multiple buildings in multiple locations), round-the-clock, from a single location. A distributed wireless IDS provides a means to implement and enforce the written wireless policy as well as real-time alerts to administrators of intrusions and unauthorized use of wireless technology. This information is invaluable to the administrators who attempt to protect sensitive data on their networks. Detailed policies can be set to match existing use/no use wireless operating procedures, which would alert administrators of violations across the entire enterprise and in real time.
Existing wireless LANs benefit greatly from a distributed wireless IDS. For example, it handles many administrative tasks, keeping usage records, throughput, number of stations associated and to which access point, performance statistics, and more, in addition to intrusion detection. An administrator can easily manage an entire global wireless infrastructure while protecting sensitive or proprietary data at the same time. The benefits far outweigh the cost.
Wireless technology arrived on the fast track. Raising an organization's awareness to potential clandestine use of wireless technology is important. Administrators can ignore wireless technology or be proactive by enforcing security policy. Whether or not an organization runs a WLAN, it is important to understand the implications that wireless technology has on any network that houses sensitive or proprietary data.
December 30, 2002
Derek Krein, Network Security Engineer, PROSOFT
Krein has over 17 years experience in integration, installation, repair, upkeep and troubleshooting of all types of computer systems, server and client operating systems. He holds seven networking certificates including MCSE NT 4.0/Win2k, CCNA, CWNA, GSEC, A+ and SEF 7.0.