wlan security risks and technical challenges

Security is a principal consideration when planning, designing, implementing, and managing a
network infrastructure. This is especially true for wireless LANs, which present a unique set of
challenges to IT and security professionals. In addition to the typical problems that new network and
device technologies engender, including incompatibilities and ongoing support issues, non-secure
wireless LANs can expose an organization’s network traffic and resources to unauthorized outsiders.
Such individuals may capture data and exploit network-based resources, including Internet access,
fax servers, and disk storage. More importantly, wireless access to a network can represent the entry
point for various types of attacks, which can crash an entire network, render services unavailable,
and potentially subject the organization to legal liabilities.

Wireless LAN radio signals can extend beyond the intended perimeter and “leak” through the physical
boundaries of a floor or building. As these transmissions seep into common, public, or private
areas such as roads, parking lots, and other buildings, they may fall prey to “war driving” or a “drive-by
hacking” attack. Using off-the shelf hardware and freely available Internet software, unscrupulous
individuals can defeat WEP encryption capabilities and access corporate wireless data.

Insiders, including employees and contractors, may choose “not to wait for the IT Department.” They
succumb to the low price and easy installation of WiFi starter kits (two wireless NICs and a WiFi
Access Point), which can be purchased for about US$300 and set up with minimal technical
know-how in under ten minutes. When unapproved technology is plugged into a corporate network,
a number of challenges ensue, including end user and equipment support difficulties as well as
potential disruptions to existing services.

Malicious outsiders who gain office physical access could quickly place an unobtrusive wireless
AP in a conference room or lobby area. Such devices are easy to hide and simple to implement;
history is replete with stories of such “bugs” even in supposedly secure foreign embassies. Operating
from a nearby location, malicious outsiders can capture data, access company resources, and
interrupt services.

Many of today’s laptops ship with embedded WiFi capabilities. Hackers can access a device’s data
and the organization’s wireless LAN even if that particular device has never been used to send or
receive wireless transmissions.
Most new machines, including gateway servers, do not ship with optimal security settings. The
default settings are intended for easy installation and deployment, not for protecting assets.

Walls, columns, and other building features can reduce signal strength between a wireless NIC and
an AP, severely limiting a wireless LAN’s range and connection quality. These problems may be
mitigated with additional equipment. Other wireless technologies sharing the same public
spectrum—such as Bluetooth, cordless phones, and other wireless equipment—can also adversely
impact transmission range and quality.

Organizations contemplating a wireless LAN deployment can choose to implement an
802.11b-based wireless LAN today, or wait for upcoming variations, which are intended to address
performance and security issues. research and its workgroups are continually defining and refining
standards in light of emerging needs and perceived weaknesses in existing technologies. To the
extent that vendors’ 802.11 implementations deviate from the various research standards, their
equipment can create interoperability challenges.

Re: wlan Security Risks and Technical Challenges

How to prevent

• Establish wireless LAN security policies and practices
• Design for security
• Logically separate internal networks
• Enable VPN access only
• Remove unnecessary protocols
• Restrict AP connections
• Protect wireless devices.