Here are the opinions on wireless security issues by Gabor Szabo, 3Com EMEA Marketing Manager.
Despite the insecurities of 802.11, the number of wireless networks is growing rapidly. What should be done in order to raise awareness of wireless security problems?
Company implementing wireless network should first define its security policy before implementing any kind of wireless solution. In order to properly do this we must have educated partners that understand the security risks and help end users to properly design their wireless network.
What software do you use for testing the security of wireless networks?
I usually browse the web to see what is available. Tools like WEPCrack, AirSnort and some commercial tools.
Handheld devices are now owned by many people who use it for business purposes, which make companies more susceptible to wireless security problems. In your opinion, what is a good approach in writing a wireless and handheld device usage policy for a corporate network?
First we have to define what will this wireless network be used for. Based on the sensitivity of the data/application, we will have to define security measures that are going to implement to secure our wireless network. If this is just Internet access then all we have to do is to separate our corporate network from wireless network and install some basic Wi-Fi security like MAC security or/and encryption.
In my opinion first rule is to never connect the wireless access point to internal LAN. Always connect it to firewall (DMZ) and then setup VPN or IPSEC connection for corporate users…
Do you see Wardriving as an extensive problem?
I see it more like as a challenge for wireless vendors to enhance the security features and it is also creating security awareness for end users.
Wireless security is subject to interference and therefore to Denial of Service attacks. What can be done to protect from such attacks?
Wireless networks are a subject to interference and there is not much we can do about it. We can prevent DOS attacks by installing firewall with hacker pattern detection or state full inspection but we can't protect from brute force attacks like frequency jamming etc. … this would be the same as cutting the cables on wired network, except that you don't have to be on-site to do it.
Solution? The same as with every other network design if when you require high availability … setup another network for backup (redundand design).
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.