How to Make Wireless Networks Secure
by Michele Lewington - Managing Director of Network Utilities (Systems) Ltd - Wednesday, 26 March 2003
Organisations are eager to migrate to wireless LANs (WLANs). The demand for WLAN access in the USA has surged dramatically over the past year. Users are clamouring for WLAN access because it allows them to access their network and the Internet from anywhere in the workplace, without having to "plug in". Administrators are attracted to WLANs because they're easier to install (no cable to pull through walls and ceilings), they're flexible (they can be installed in places that wired LANs cannot, and do not require rewiring when seating or office plans change), and, in part owing to this flexibility, they're less expensive to maintain over the long-term.

For these reasons, experts expect the WLAN market to grow steadily, even in the face of an economic downturn. Cahners projects that WLAN revenues will grow to $4.6 billion by 2005. WLANs have already made significant penetration into the education, hospitality, healthcare and financial industries, and continually decreasing equipment prices should help drive adoption in other industries. Even owners of public meeting places - now known in the industry as hotspots - are trying to get into the act. Coffee shops, airline lounges, and libraries are just a few of the venues offering WLAN access to their patrons, enabling their customers to make better use of what used to be mandatory unconnected time.

WLAN Architecture and Security Challenges

As with any technology shift, migrating users to WLANs has its drawbacks.

The initial investment in hardware may be significant and somewhat irksome. Organisations will have to deploy multiple wireless access points, and outfit every user with wireless network cards, when most will already have perfectly good NIC cards for the wired LAN.

But the chief concern in migrating to WLAN access is security. Physical wires turn out to be one of the primary obstacles to attackers looking to hack their way onto a LAN. It's unlikely that a stranger plugging into a corporate network would go unchallenged, either by the network security that's already in place, or by surrounding workers.

On a WLAN, of course, this obstacle disappears. Instead, user credentials and data are broadcast from both the client and the wireless access point (AP) in a radius, which may reach 300 feet or more.

Of course, the fact that data is being broadcast via radio waves rather than transmitted over a wire introduces security challenges, namely:
  • How can you prevent user credentials from being hijacked during authentication negotiation?
  • Once authentication is complete, how can you protect the privacy of the data being transmitted between client and access point?
  • How can you make sure the authorised user connects to the right network?
Early WLAN Implementations

The first WLAN implementations - designed primarily for home use - did little to address these security issues. 802.11b, published in 1999, was the first IEEE draft outlining specifications and protocols for WLAN connections with LAN-equivalent speed and security. More popularly known as Wi-Fi (wireless fidelity), 802.11b provides for wireless transmission rates of 11Mbps.

In 802.11b WLAN solutions, user authentication happened in the clear, via the WLAN device's unique Media Access Control (MAC) address. Each AP contained a database of each authorised client's MAC address; if the client's MAC address was present in the AP's database, the user was granted access to the network. Of course, this left a user's MAC address exposed: anyone sniffing the network could see a valid MAC address being broadcast (and re-set his own device to that address). Also, if the user's client device were stolen, the thief would have all the credentials he or she needed to easily access the network (without having to know or guess a username and password).


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th