Despite its many exciting possibilities for new business opportunities, cost-savings, and user freedom, wireless technology presents serious challenges to information security. Any form of wireless communications that is not properly encrypted can be intercepted with the right equipment--in some cases nothing more than a low-end notebook computer armed with a $100 wireless network card and specialized freeware packet sniffing and discovery software. Frequent reports of war driving (using just these interception tools while driving down the street) in major cities have identified numerous wireless access points via factory default security settings in insecure mode just waiting to be exploited by the use of default access passwords and simple attack methods.

Potential Exposures…

Consider too that employees desiring more flexibility in their office networking can easily go to the nearest office supply, electronics, and even major discount stores and purchase a powerful wireless access point and associated wireless network card for less than $200 to create an immediate, unsecured backdoor to the enterprise network. In addition, improperly secured WAP gateways can be used as an exploit focal point that can be leveraged to intercept wireless business transactions while they are temporarily in clear text during the gateway process of converting full-size Web applications to miniature-size applications for cell phones and PDA devices.

…And Proven Countermeasures

To maximize the huge benefits of wireless technology without putting the enterprise at serious and unnecessary risk, the following safeguards are recommended:


* Publish clear policies for use of wireless technology, including a standard product list of approved hardware and software and required baseline settings for all available security features in the wireless technology components.

* Ensure that all wireless gateways and access points are properly secured, including changing factory default "insecurity" settings. Most gateways run on general-purpose operating systems (OS) such as Windows NT/2000 or Unix, so prudent "OS hardening" would apply.

* Use network-level or session-level encryption (e.g., IPSsec- or PPTP/L2TP- based virtual private networks, Secure Shell - SSH) to protect communications from being intercepted and replayed. Although the Wired Equivalent Privacy (WEP) provided with most 802.11 products offers some basic protection, it has been recently found to be flawed and potentially vulnerable to intense key cracking attacks with freeware tools such as AirSnort and WEPCrack. WEP should not be relied on by itself to secure highly sensitive applications. Leading wireless technology vendors such as Agere, Cisco, and Symbol will likely be providing enhanced WEP security upgrades by the end of 2002 as part of the recently announced WPA (Wi-Fi Protected Access) initiative.