Today, the term “wireless security” usually means technologies that prevent unauthorized or malicious users from connecting to a wireless network. Wireless security technologies inspire heated discussions about key negotiation and data encryption, as well as user and host authentication. While these mechanisms are vital components of a secure wireless architecture, they do little to guarantee the configuration and patch levels of the machines joining the wireless network, and little to reduce the likelihood of a legitimate user’s infected machine using the wireless connection to spread chaos throughout the production infrastructure.
The real world limitations of “traditional” wireless security have been made abundantly clear during the past two years by the Blaster and the associated Windows RPC attacks, Sasser, the Agobot/Phatbot family of Trojans and other notorious Windows security incidents. As organizations quickly learned, neither encryption nor strong authentication defends an organization against Blaster and its ilk. In fact, relying solely on these mechanisms may actually make the organizational exposure worse because once these machines are authenticated, they typically have access to file shares and other network resources which can be leveraged by malicious code to spread infections. And if VPNs are used to provide access to remote users across public, insecure networks, they often unwittingly become the channel these mindless destructive exploits usurp to bypass firewalls and other perimeter defenses.
New challenges also bring new opportunities. Many security architects and network administrators are using the rapid adoption of wireless connectivity to reduce these mobile computing risks, by supplementing their native wireless security mechanisms with endpoint configuration management and enforcement tools. These systems secure wireless networks by blocking access to the production environment until an endpoint has passed a security audit which validates the endpoint’s patch level, the presence and state of security tools and a variety of system configuration details. The endpoints gain access to production systems only after their compliance to security policy requirements has been verified by the audit.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.