Tech Guide: Wi-Fi: Security For The Masses - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

01:40 PM

Tech Guide: Wi-Fi: Security For The Masses

A lack of effective security standards has slowed Business adoption of Wi-Fi but hasn't quashed enthusiasm for the technology. Here's what's being done about it

Tech GuideThere's no doubting the hipness of wireless hot spots. Thanks to Wi-Fi technology, tech-savvy people can jack into the Net at Starbucks coffeehouses or on Lufthansa Airlines or at upscale hotels across the nation. In corporate America, Wi-Fi has the potential to become the de facto standard for connecting mobile users to networks, despite serious security worries. New security standards on the horizon might solve some of those problems, making this hip technology far more practical.

Wi-Fi, which stands for Wireless Fidelity, is a consumer-friendly name to describe a gory set of wireless-networking standards. In the engineering world, Wi-Fi refers to a set of IEEE standards, the most common of which is 802.11b, which describes a wireless networking system with speeds up to 11 Mbps. Since the 802.11b standard was ratified in 1999, Wi-Fi use has exploded in both the consumer and business sectors.

Its pervasiveness has also spawned a widespread security risk. The standard security shipped with all Wi-Fi hardware, a system called Wired Equivalent Privacy (WEP), is somewhat of a joke in the security community. Wi-Fi's lack of security wouldn't be such a big issue if not for the way Wi-Fi LANs operate. Wi-Fi access points, the boxes that sit between wireless users and a wired LAN, broadcast their existence to the world, making them easy to locate. With a range of 100 to 500 feet, access points often give workers network access in several adjacent rooms of an office. Unfortunately, that offer sometimes extends to the parking lot and street out front as well.

Tips for Securing Your
Move your access points to locations that aren't accessible from outside your building, typically closer to the center of your building
Never use the open (no security) mode, which is the default (out-of-the-box) setting of most access points
Develop a user security policy to match your security architecture. Users can defeat even the most well-planned security system
Don't use WEP, Wi-Fi's standard security mechanism. Use WPA or your VPN instead
If your access point can be administered via wireless links, turn that capability off. Administer your access point via wired connections only. Also, never use the default administrative password provided by your vendor
If your access point allows it, turn off the broadcast of the ESSID (Extended Service Set Identifier) and choose a hard-to-guess ESSID. This will make it harder for hackers to connect to your access point
Data: InformationWeek
The combination of an essentially useless security protocol implemented on promiscuous access points creates a huge potential security hole in any business' infrastructure, including home offices. While entrances to conventional wired LANs can be surgically blocked by deploying firewalls and taking other measures at specific locations, wireless LANs, based on Wi-Fi, offer access to anyone who can get physically close enough to the access point.

Wi-Fi Internet connectivity promises strong business value and convenience, so it's worth figuring out how to make it work safely. There are security options available, and upcoming standards could make them far more palatable.

In the past few years, more than a few network hardware vendors have come up with proprietary solutions for the lack of security in the 802.11b standard. They include proprietary security systems in Wi-Fi PC cards, access points, and PCI adapters. But these require that a customer use only that vendor's networking hardware. While single-vendor sourcing is common in companies, proprietary security mechanisms can be difficult to integrate into enterprisewide security systems that may include VPNs and single-sign-on authentication systems.

So how have enterprises been implementing Wi-Fi security? A common approach is to bypass WEP and use the corporate VPN to provide a secure connection over Wi-Fi links. VPNs manage data confidentiality by encrypting network traffic, but they don't always have authentication systems or access controls that work well in wireless environments, especially when the access point may be publicly accessible (like that Starbucks hot spot). If a VPN isn't set up with strong mutual authentication on both ends, users may be open to a "man in the middle" attack in which a villain on the wireless LAN, monitoring traffic to the access point, intercepts your attempts to connect to the corporate VPN and manages to masquerade as your VPN server, perhaps just long enough to steal logon credentials.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

How CIO Roles Will Change: The Future of Work
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2021
A Strategy to Aid Underserved Communities and Fill Tech Jobs
Joao-Pierre S. Ruth, Senior Writer,  7/9/2021
10 Ways AI and ML Are Evolving
Lisa Morgan, Freelance Writer,  6/28/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Flash Poll