Wireless Networks

Wireless networking is an extremely useful technology that carries with it numerous security concerns. There have been more failures than successes when it comes to designing secure wireless networking solutions for the average organization. Historically, most wireless products have failed in their implementation of encryption, access authorization, and the general ability to protect networks and communications.

The Security of Wireless

The idea of securing wireless communications is similar to that of securing Internet VPN sessions. Mostly, we rely on various forms of encryption for privacy, and hopefully, strong authentication mechanisms like one-time passwords and digital signatures. A common problem is that organizations tend to treat wireless access the same as if they were plugging directly into a switch when it should actually be treated like a dial-in modem.

The Reality of Wireless Security

Wireless communications pose several major security issues that undermine some fundamental concepts of security. This is not to say that wireless communications should not be used, but it is important to maintain the proper perspective on the risks being taken:

• There is no control as to where wireless communications are being sent The main advantage we have over hackers trying to listen in on our normal communications is that it is difficult for them to find a place to physically plug into the network without eventually getting caught. With a wireless network, however, hackers can be anywhere within the wireless radius, tapping in, probing, and decrypting without any chance of being caught.

• There is no control as to where access is granted from This means that a hacker does not have to probe around, searching for a hidden opening, nor does he or she have to scour the Internet and phone lines looking for an access point. The front door to the network is being transmitted invisibly in and around the facility.

Important Misconceptions

When discussing wireless security, I commonly find clients that have similar misconceptions about wireless security. These misconceptions lead many organizations into a false sense of security when working with wireless security products.

Misconception #1: It's difficult to listen in on a wireless transmission, or it takes expensive equipment to do so. This could not be more wrong. A wireless card can be put into promiscuous mode via software just like a normal network card. This means that a hacker can slap a cheap wireless card into an old laptop and run free software to start listening in on communications.

Misconception #2: People don't just walk around trying to find wireless networks. There are actually many people who wander around, searching for stray wireless communications. Some travel around in cars with their laptops, others go from office building to office building just checking. Why? Because there are so many unprotected wireless networks out there essentially leaving the door open for hackers. Why would a hacker bother to hack through the Internet or a dial-up connection when the front door is right at his/her feet?

Misconception #3: Wireless products come with high-grade encryption, so they are safe. Most wireless products offer some degree of encryption, frequency hopping, or other form of access control. However, no one of these controls can protect an organization, and so no one of these controls is infallible (as we have seen over and over again). To top it all off, if an administrator makes a mistake when implementing wireless security, an organization will be completely exposed.

If we really look at it, wireless makes it difficult to work with the Rule of Least Privilege. A person walking down the street does not need to be given an access point into a network, and they should never be presented with one. However, with wireless networking, it is impossible to control who will be presented with a door into the network.

Using Wireless Securely

Am I saying that we should not use wireless communications? Not at all. It is, however, important to use a high degree of caution when implementing wireless networks. It is necessary to classify wireless access points with a higher risk level than most organizations have.

Zoning and the Rule of Least Privilege

A wireless access point should be considered the same as an Internet connection or dial-up service. We have absolutely no control over who is going to be presented a front door, and as such, the wireless access point is outside the perimeter. Regardless of what level of security is implemented on wireless devices, access points should be separated from the internal network. Traffic flowing from the wireless network into the internal network should be regulated by a firewall and conform to the Rule of Least Privilege, similar to other foreign connections (see Figure 10.1). Wireless network users should not be given free reign as they would with a LAN, but rather, they should be limited to accessing required systems and services. When installing a wireless device, look back to the section on zoning and consider the wireless access point with the same caution as you would an Internet or dial-up access point. It is a bad security practice to place a wireless concentrator in the middle of an internal network, even if the device comes with strong security controls.

Layering Security

Security should be layered in the area between the wireless network and the internal network. Most wireless devices come with some form of integrated access control and logging capabilities similar to an external router. These features should be used as the first line of defense, much like a screening router. A firewall can then act as the middle layer of protection. By layering security, we avoid having the network directly exposed, and we ensure that adequate protection is in place if and when a vulnerability is discovered on a wireless device.

Large-Scale Wireless Deployments

Many organizations have chosen to deploy large-scale wireless networks, connecting hundreds of LAN devices as well as buildings and distant WANs. For these organizations, it may be difficult to follow these wireless security practices on each and every network. Placing hundreds of workstations outside the perimeter and limiting access to all of them may not be a viable solution. If the business need for hosting such wireless environments outweighs the major security issues, this is just considered an acceptable risk for the organization. In such cases, it is important for the organization to recognize and document this risk, and to make the major security implications of this decision clear to management and executive staff.