[ISN] No WLAN? You still need wireless security
isn at c4i.org
Mon May 17 04:44:57 EDT 2004
By David Berlind
May 16, 2004
It was nearly impossible to traverse a significant part of the show
floor at this year's Networld+Interop without encountering solutions
that dealt with the thorny issue of wireless security.
Indeed, when it comes to the threat matrix associated with wireless
security, there are many issues demanding attention: everything from
keeping unauthorized wireless users off wireless local area networks
(WLANs) to making sure that the traffic flowing through a WLAN is
encrypted in a way that keeps the payloads safe from prying eyes.
Although most wireless security solutions target organizations that
have deployed wireless networks, there is a class of solutions that
target all companies--even those that haven't deployed wireless
networks. These solutions detect the existence of rogue access points.
(An access point is a transceiver that connects devices on a wireless
LAN to the wired infrastructure. A rogue access point is not
authorized by an organization's IT department for operation.) Setting
up an access point is child's play. In addition to plugging the access
point into a power source, all one has to do is connect one end of an
Ethernet cable to an available Ethernet port, connect the other end to
an access point and voila! A new Wi-Fi WLAN is born.
Not all rogue access points are malicious. Until my IT department
found out about it and asked me to shut it down, I ran a rogue access
point for almost two years (long before Wi-Fi was popular). So early
was it in the history of Wi-Fi, that the software for setting up,
managing, and securing my Lucent-based 802.11b WLAN was both
proprietary and not very user friendly. Knowing that hardly anyone was
using Wi-Fi at the time, I didn't bother securing it. Eventually, the
company standardized on a single vendor's technology for deploying and
securing WLANs and, knowing about my access point through the
grapevine, the IT department saw my rogue WLAN for what it was: a back
door that bypassed all of the hard work and planning that went into
building a secure Wi-Fi network.
Nick Miller, CEO of wireless management solution provider Cirond, put
the problem in simple terms. "Companies spend thousands upon thousands
of dollars and man-hours on network security," said Miller, "and all
it takes is a $30 access point to render that investment useless."
Why set up a rogue access point in the first place? I can imagine at
least three scenarios that could result in rogue access points. The
first of these is where people with wireless networks at home and at
work are having difficulty with home-work interoperability. Though
software is making it easier to move back and forth between the two,
I've had this problem and I also know that the easiest solution is to
have the same kind of access point in both locations.
In the second scenario, people have a wireless network at home, but
none at work. Once people catch wireless fever at home, they want it
at work, too. If, for security or budgetary reasons, their company's
IT department is unwilling to provide it, many overzealous workers are
willing to install one for themselves.
In the third scenario, someone outside the organization--usually
someone with malicious intent--gains access to a physical Ethernet
port on the company's network and surreptitiously connects an access
point to it. Depending on where that port is (for example, underneath
a desk in an unused cubicle), such "deployments" can easily escape
The last two scenarios are particularly noteworthy since they could
introduce wireless security problems to companies that have, for
whatever reasons, no deployments of wireless technology.
More information about the ISN