WIRELESS ACCESS POINTS

Wireless network communications in a medical center environment can allow clinical staff and physicians, while visiting patients in their rooms or exam rooms, to have instant access to medical records, radiology images, and treatment history on PDA's, wireless PCs or other medical devices. An IS department can also use such devices to have access to servers and user accounts to change or reset passwords or permissions.

In a December 9, 2002 article entitled 'Six basic tips for implementing closed networking on a wireless network' by Scott Lowe, MCSE, and publish by Tech Republic http://www.techrepublic.com/article.jhtml?id=r006200212091ow02.htm ¹² we are given some initial steps for wireless security:

1. Plan antenna placement-limit the external reach of the signal by placing the WAP in the center of the area to be serviced, away from windows and outside walls

2. Use WEP (Wireless Encryption Protocol)-make sure it is enabled, even though it is not completely secure

3. Change the SSID and disable its broadcast-change the factory defaults and passwords

4. Disable DHCP-use only assigned IP addresses on WAPs and devices connection to them

5. Disable or modify SNMP settings-if supported by the WAP. Change or disable both pubic and private community strings

6. Use access lists-controls based upon MAC address, if supported by the WAP. (This topic is discussed below)

Even with these steps taken, wireless networks are inherently un-secure because of radio signal propagation in all directions, through walls, and even outside buildings. Due to the physical size of most medical center and hospital buildings , 'Multiple Access Point Architecture' is required if Wireless access is to be available campus-wide. Most newer Wireless Access Points include WEP to prevent eavesdropping, but WEP has been shown to be vulnerable. WEP can be cracked with publicly available software such as 'AirSnort' or 'WEPCrack'.

Because of this, current generation Wireless communication needs to be made more secure through the use of IPSec or access through a VPN.

In the July 2002 issue of Healthcare Information Security-Newsletter , Eddie Schwartz states the need for securing Wireless Access Points ¹³ :

The quickest solution to creating wireless access will be to connect wireless access points through to your existing VPN access. Any user can connect to the access point and arrive at the door to the VPN. From there, supporting the device is the same as supporting any remote computer.

Other options for securing WAPs include setting controls based solely on MAC address or SSID, but since MAC addresses may be spoofed, relying on this alone may not be sufficient. You could also disable the SSID on Access Points. Since this prevents them from broadcasting their SSID, they are not as easily located, and they won't respond to anonymous requests for SSID. But neither of these methods is as secure as connecting WAPs through a VPN, based on the current generations of Wireless products. The InfoSec industry can only hope that future versions of 802.xx Wireless will have more security and encryption built-in.

With this amount of security in place, one of the few remaining concerns would be Denial of Service (DoS) attacks by Radio Frequency (RF) interference in the area where the Wireless service is active. While RF interference is possible to manipulate to those who know about this technology, it is expensive to do and not practical to defend against. In a serious situation that could affect patient care, local law enforcement or other experts could use a spectrum analyzer to locate the source of the RF. The source of such a DoS would be traceable if run continuously and so the prospect of on-going RF DoS attacks is not realistic.

Additional security assessment and vulnerability of WAPs can be done by running sniffing software such as 'AirSnort' or 'WEPCrack' and 'War Driving' (or walking) in the area of Wireless service. Get written permission first, enable audit logs and check for signs of attempted or successful intrusion.