Chapter 17: Dealing with Security Issues

Overview

Some wireless local area networks (WLANs) are deployed just for the sake of convenience; others are implemented to transform business processes by giving employees mobile access to information. Most of us work in organizations that fall somewhere in between these two extremes. But most Wi-Fi advocates are grappling with the question of whether the convenience, mobility, and ability to process real-time information on the spot justifies the diminished security WLANs bring to an organization's overall networking environment.

When reports began circulating in mid-2001 that researchers had found the IEEE 802.11 WEP (Wired Equivalent Privacy) security system was vulnerable to attack, the news dampened the extremely hot wireless LAN market. While Wi-Fi's performance, interoperability, and manageability continue to improve, the image of security vulnerability hangs like a dark cloud over the Wi-Fi industry. In 2002, Network Computing magazine conducted a WLAN security reader poll wherein fewer than one-third of the respondents said they would be willing to accept a little less security in exchange for the benefits of wireless network access.

However, some organizations don't give security a second thought. In fact, in a TNS Intersearch study commissioned by Microsoft, only 42 percent of WLAN sites surveyed had implemented authentication systems. (Hopefully, these organizations implemented their internal WLANs "outside the firewall," to provide limited access to internal systems.)

Others feel that the benefits of Wi-Fi versus security hazards are acceptable tradeoffs. This same group rationalizes that when network users need more sensitive information, they can be provided with VPN connections, just like dial-up, DSL, and cable-modem users. That's all well and good, but those networks still are vulnerable to wardriving or other external attacks, in which users outside the organization gain access to the organization's Internet connection, or to insecure internal systems where they can mount further attacks.

What most people don't realize, and the press hasn't emphasized, is that you can design a secure wireless system. There are numerous products on the market that can help you to deploy a secure wireless network—most are based on existing 802.11X standards. In addition, a number of vendors have jumped on the obvious market opportunity and released WLAN security overlays that provide a range of enhanced services that adequately address Wi-Fi's security issues. Those vendors include Agere Systems, Cisco Systems, Proxim Corp., and Symbol Technologies, among others. However, those solutions often forsake multi-vendor interoperability. To deploy a WLAN based on this type of gear, however, will require a larger budget. In addition, the network manager must accept the burden of increased network complexity. But not every wireless network needs a "security overlay" system.

This chapter will help you to determine what is best for your wireless networking environment. As such it is written so as to help the reader to understand the key elements of a comprehensive WLAN security system. Hopefully, that will enable the reader to assess a specific WLAN's security needs, and also to assess the organization's level of risk aversion, along with the price the organization is willing to pay to achieve security. With that knowledge in hand, the reader can craft a security plan that best suits his or her organization's needs.