Here are the opinions on wireless security issues by Gabor Szabo, 3Com EMEA Marketing Manager.
Despite the insecurities of 802.11, the number of wireless networks is growing rapidly. What should be done in order to raise awareness of wireless security problems?
Company implementing wireless network should first define its security policy before implementing any kind of wireless solution. In order to properly do this we must have educated partners that understand the security risks and help end users to properly design their wireless network.
What software do you use for testing the security of wireless networks?
I usually browse the web to see what is available. Tools like WEPCrack, AirSnort and some commercial tools.
Handheld devices are now owned by many people who use it for business purposes, which make companies more susceptible to wireless security problems. In your opinion, what is a good approach in writing a wireless and handheld device usage policy for a corporate network?
First we have to define what will this wireless network be used for. Based on the sensitivity of the data/application, we will have to define security measures that are going to implement to secure our wireless network. If this is just Internet access then all we have to do is to separate our corporate network from wireless network and install some basic Wi-Fi security like MAC security or/and encryption.
In my opinion first rule is to never connect the wireless access point to internal LAN. Always connect it to firewall (DMZ) and then setup VPN or IPSEC connection for corporate users…
Do you see Wardriving as an extensive problem?
I see it more like as a challenge for wireless vendors to enhance the security features and it is also creating security awareness for end users.
Wireless security is subject to interference and therefore to Denial of Service attacks. What can be done to protect from such attacks?
Wireless networks are a subject to interference and there is not much we can do about it. We can prevent DOS attacks by installing firewall with hacker pattern detection or state full inspection but we can't protect from brute force attacks like frequency jamming etc. … this would be the same as cutting the cables on wired network, except that you don't have to be on-site to do it.
Solution? The same as with every other network design if when you require high availability … setup another network for backup (redundand design).
A significant part in the process of developing wireless networks is ensuring that the data on wireless devices is secure. What do you see as the biggest threats to that security?
As with every other network there will always exist a certain risk, but we can lower this risk if this network is designed and used properly. Biggest threat is to have a wireless network that is not setup correctly (not secure).
What is your vision for the future of wireless security?
Standards for wireless security are evolving very fast. Features like EAP-TLS-MD5, 802.1x, PEAP and many others are already available on some Access Points to enhance security, while Wi-Fi is working very hard to provide interoperability for this features. Also people are starting to understand the risks involved if they use unprotected wireless solutions. I expect that growth momentum on wireless networks will be very strong.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.