We continue to see dramatic growth in the use of Wireless LAN technology as both intranet and roaming (remote access) media. The cost and ease of installing a simple Wireless LAN makes it a preferred choice for home, small offices and businesses. These same features simplify "adds, drops, and changes" in large buildings and empower employees with persistent intranet connections anywhere within a corporate campus. Wireless LANs are now appearing in hundreds of "hot spot" locations at airports, hotels, cafes, conference and convention centers. Today, every organization must prepare for WLAN penetration into their networks.

Potential Problems

WLANs present unique problems to every networked organization, and should be of particular concern to financial institutions. Wireless LANs run over radio frequencies, and without appropriate countermeasures, any computer with an interface card and antennae can "tune in" to the frequencies used in your WLAN environments. Some retailers learn the potential exposure to fraud, theft, and misuse in hard and embarrassing ways. Best Buy was recently forced to take cash registers offline after a customer reported he was able to capture credit card numbers while testing WLAN equipment outside a store.

The problems that enterprises commonly experience begin with unauthorized access by so-called "war-drivers" who connect through unprotected WLANs from parking lots and adjacent buildings. Some intruders simply want to borrow bandwidth and earn a free ride onto the Internet. Others use hacking tools to steal passwords and masquerade as authorized users; to capture potentially sensitive data off WLANs; and to disrupt WLAN service through denial of service attacks. Unauthorized WLAN deployment is particularly troublesome. Like so many convenience features, employees who install a WLAN "access" point can unwittingly undermine existing security measures such as firewalls and perimeter intrusion detection systems by opening back doors to intranets, providing attackers direct access to mission critical servers.

Solutions

Your organization can remedy many of these issues by admitting today that WLANs must be secured. Emerging best practices for WLAN deployments begin with the recognition that WLAN access demands at least the same strong security measures as remote access. Begin with an appropriate use policy that prohibits unapproved deployment of access points. Continue by making use of the group authentication and privacy measures built into WLAN equipment, but be aware that these features have known vulnerabilities and by themselves do not provide adequate protection. Adopt a layered approach to security. Use a Virtual Private Networking solution on top of WLANs to enable user authentication and provide data confidentiality and integrity through encryption. Take additional measures to protect all mobile computers with personal firewall and anti-virus software, and in certain situations, consider file encryption and boot level passwords. These latter measures may protect your organization from attacks following laptop (or PDA) theft.

Even with these measures, organizations should seriously consider segregating WLANs from trusted networks. It's better to treat all WLAN users as potentially hostile and impose the same constraints on them as you do remote access and teleworkers. It's also popular to place WLAN users in a demilitarized zone (DMZ) so that you can uniquely assign access controls to these users. Again, think layers when you think security. The more hurdles you place between your mission critical data and intruders, the more likely intruders will seek other, easier targets.

Return to Core Competence website