 wireless security
In the post 9-11
world, network security is one of the biggest issues facing companies. But
a serious threat to mission-critical data has already infiltrated most
companies through the back door: mobile wireless.
Across the globe, PDAs, laptops and smart phones have quickly become
instrumental in reducing network deployment costs, boosting employee
productivity and improving customer interactions. The rapid growth of WLAN
— estimated by IDC to reach $3.2 billion in 2005 — has raced ahead of a
wireless industry with multiple standards from 802.11b to Bluetooth. And
none of the current standards provide true security out of the box.
One
wireless expert recently sat in a car across from the Federal Defense
Information Systems Agency and cracked its WLAN within half an hour, using
a simple wireless LAN card, laptop and third-party software.
Steps To Improve Security
What can you do right now to protect your network from these mobile
threats? Until the wireless industry implements a more robust and
interoperable next-generation standard, here are some steps you can take
to protect your company’s data:
1. Restrict
access to sensitive data.
Think of your WLAN as open to outside risks. When possible, restrict
sensitive information to the wired network. If mobile employees must
access sensitive network information, limit access to job-specific areas
only.
2. Evaluate
and strengthen your network security.
There are two ways to allow employees wireless access yet guard against
unauthorized intrusions.
VPN
is the most secure avenue; however it does require a more substantial
investment and in-house expertise to implement the technology. Proprietary
VPN software solutions, such as 3Com and OPSEC’s Check Point, offer
authentication and 3DES encryption at speeds of 20 Mbps.
The
other option is the wireless industry standard, 802.11b, which delivers
packets at speeds of up to 11 Mbps. This standard uses Wired Equivalent
Privacy (WEP) encryption. Both the 40-bit and 128-bit versions have been
successfully hacked, so many companies are now using IEEE’s stopgap
solution, the Temporal Key Integrity Protocol (TKIP). Software management
tools are available for 802.11b solutions.
Once the wireless security method has been implemented, IT staff should
map wireless access points, secure the network perimeter with firewalls,
and inspect the network regularly for unauthorized uses.
3. Bring
control of mobile devices back to the IT department.
Have the company purchase select PDAs and laptops for employees, rather
than letting people use their personal devices on the job. This tactic
gives IT staff ownership over information and streamlines device
management by limiting purchases to one or two models.
4. Establish
and communicate a wireless security policy within your business.
The
policy should be concise, easy to understand and firm. IT staff must be
established as gatekeepers to all wireless access. Mobile users can then
be educated on the policy, what is expected of them, and worst-case
scenarios of security breaches.
5. Register
and secure all wireless devices before distribution.
Steps
include:
·
Registering network cards and access points
·
Filtering
MAC addresses, turning off broadcasting
·
Enabling
WEP/TKIP
·
Installing
device-based firewalls and intrusion detection
·
Using
Service Set Identifiers to control access through tokens, certificates and
dynamically generated passwords
Protecting your network against unauthorized wireless access is extremely
difficult in this shifting technological landscape. But we can guide you
safely down the mobile wireless security path.
|
