Tech Guide: Wi-Fi: Security For The Masses - InformationWeek
IoT
IoT
Infrastructure
News
6/27/2003
01:40 PM
50%
50%

Tech Guide: Wi-Fi: Security For The Masses

A lack of effective security standards has slowed Business adoption of Wi-Fi but hasn't quashed enthusiasm for the technology. Here's what's being done about it

Tech GuideThere's no doubting the hipness of wireless hot spots. Thanks to Wi-Fi technology, tech-savvy people can jack into the Net at Starbucks coffeehouses or on Lufthansa Airlines or at upscale hotels across the nation. In corporate America, Wi-Fi has the potential to become the de facto standard for connecting mobile users to networks, despite serious security worries. New security standards on the horizon might solve some of those problems, making this hip technology far more practical.

Wi-Fi, which stands for Wireless Fidelity, is a consumer-friendly name to describe a gory set of wireless-networking standards. In the engineering world, Wi-Fi refers to a set of IEEE standards, the most common of which is 802.11b, which describes a wireless networking system with speeds up to 11 Mbps. Since the 802.11b standard was ratified in 1999, Wi-Fi use has exploded in both the consumer and business sectors.

Its pervasiveness has also spawned a widespread security risk. The standard security shipped with all Wi-Fi hardware, a system called Wired Equivalent Privacy (WEP), is somewhat of a joke in the security community. Wi-Fi's lack of security wouldn't be such a big issue if not for the way Wi-Fi LANs operate. Wi-Fi access points, the boxes that sit between wireless users and a wired LAN, broadcast their existence to the world, making them easy to locate. With a range of 100 to 500 feet, access points often give workers network access in several adjacent rooms of an office. Unfortunately, that offer sometimes extends to the parking lot and street out front as well.

Tips for Securing Your
Wi-Fi LAN
Move your access points to locations that aren't accessible from outside your building, typically closer to the center of your building
Never use the open (no security) mode, which is the default (out-of-the-box) setting of most access points
Develop a user security policy to match your security architecture. Users can defeat even the most well-planned security system
Don't use WEP, Wi-Fi's standard security mechanism. Use WPA or your VPN instead
If your access point can be administered via wireless links, turn that capability off. Administer your access point via wired connections only. Also, never use the default administrative password provided by your vendor
If your access point allows it, turn off the broadcast of the ESSID (Extended Service Set Identifier) and choose a hard-to-guess ESSID. This will make it harder for hackers to connect to your access point
Data: InformationWeek
The combination of an essentially useless security protocol implemented on promiscuous access points creates a huge potential security hole in any business' infrastructure, including home offices. While entrances to conventional wired LANs can be surgically blocked by deploying firewalls and taking other measures at specific locations, wireless LANs, based on Wi-Fi, offer access to anyone who can get physically close enough to the access point.

Wi-Fi Internet connectivity promises strong business value and convenience, so it's worth figuring out how to make it work safely. There are security options available, and upcoming standards could make them far more palatable.

In the past few years, more than a few network hardware vendors have come up with proprietary solutions for the lack of security in the 802.11b standard. They include proprietary security systems in Wi-Fi PC cards, access points, and PCI adapters. But these require that a customer use only that vendor's networking hardware. While single-vendor sourcing is common in companies, proprietary security mechanisms can be difficult to integrate into enterprisewide security systems that may include VPNs and single-sign-on authentication systems.

So how have enterprises been implementing Wi-Fi security? A common approach is to bypass WEP and use the corporate VPN to provide a secure connection over Wi-Fi links. VPNs manage data confidentiality by encrypting network traffic, but they don't always have authentication systems or access controls that work well in wireless environments, especially when the access point may be publicly accessible (like that Starbucks hot spot). If a VPN isn't set up with strong mutual authentication on both ends, users may be open to a "man in the middle" attack in which a villain on the wireless LAN, monitoring traffic to the access point, intercepts your attempts to connect to the corporate VPN and manages to masquerade as your VPN server, perhaps just long enough to steal logon credentials.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Commentary
Tech Vendors to Watch in 2019
Susan Fogarty, Editor in Chief,  11/13/2018
Commentary
Getting DevOps Wrong: Top 5 Mistakes Organizations Make
Bill Kleyman, Writer/Blogger/Speaker,  11/2/2018
Commentary
AI & Machine Learning: An Enterprise Guide
James M. Connolly, Executive Managing Editor, InformationWeekEditor in Chief,  9/27/2018
Register for InformationWeek Newsletters
Video
Current Issue
The Next Generation of IT Support
The workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll