This paper examines the fundamentals of wireless network technology and the growing security challenges organizations face as wireless adoption expands. It reviews how wireless networks operate using radio waves and SSIDs, then addresses the evolution of security threats from relatively benign early risks to today's sophisticated hacking methods. The paper outlines practical enterprise WLAN security strategies, including changing default SSIDs, segmenting users with VLANs, implementing strong encryption and authentication (WPA2), educating employees on security policy, deploying Wireless Intrusion Prevention Systems (WIPS), and performing regular vulnerability assessments. The conclusion emphasizes that secure wireless deployment is essential for organizational competitiveness.
A wireless network is a technology that relies on radio waves instead of wires to connect computer devices to the internet. A transmitter — known as a wireless access point or gateway — is wired into an internet connection and provides a "hotspot" that transmits connectivity over radio waves. A hotspot can broadcast identifying information, including an item known as an SSID (Service Set Identifier), which enables computer devices to locate it. Computers and other devices equipped with a wireless card that have permission to access the wireless frequency can then connect to the network. Some devices automatically identify open wireless networks within a given area; others require the user to locate and enter information such as the SSID manually.
Network security has always been a challenge, particularly given the rising number of staff who hold different access permissions. Wireless networks have provided an easier platform for sending information across a network, and existing tools help protect the integrity of that network. Currently, wireless networks have increasingly become both more common and more sophisticated, taking on a growing role in the way most businesses operate. However, the security of these wireless networks remains a primary challenge for users. The more widely this technology has been embraced, the more it has also been exposed to different kinds of threats.
Taking steps to build a secure and reliable wireless network is considered one of the most effective infrastructure projects a company can undertake. Given the widespread adoption of mobile devices — especially laptops — having a flexible network can open new avenues for improving staff effectiveness. Mobile devices as new tools require a more sophisticated network capable of handling a dramatically greater set of demands (James F., 2001). A set of wireless best practices helps lay the foundation for a system that takes full advantage of available technology while meeting organizational needs.
Most organizations and users have recognized that wireless devices and communications tend to be flexible, convenient, and easy to use. Those who use wireless local area network (WLAN) devices enjoy the flexibility of moving devices such as laptop computers from one location to another within an office while maintaining connectivity (Ross, D., 2005). Users can share data and applications with networked systems and other compatible users without requiring printer cables or other peripheral connections. Those who use handheld devices such as cell phones and personal digital assistants (PDAs) are able to synchronize data between personal computers and PDAs, and can use network services such as web browsing, internet access, and wireless email. Moreover, wireless communication helps many organizations reduce their wiring costs.
As wireless network services have grown more popular, the risks to users have also increased. When wireless networks were first introduced, there were relatively few dangers. Hackers had not yet found ways to exploit this new technology, and wireless infrastructure was not commonly found in offices (Gast, Matthew S., 2002). Today, there are significant security risks associated with existing wireless protocols and encryption methods, compounded by carelessness and ignorance among users and corporate IT departments alike. Hacking methods have become increasingly innovative and sophisticated, with attackers also taking advantage of easy-to-use software tools to simplify their efforts.
It is concerning that some organizations have not yet recognized the need to address wireless security because they believe they have not installed wireless access points. According to In-Stat MDR and META Group, 95% of all corporate laptop computers planned for purchase in 2005 were equipped with wireless capability. An organization that considers itself non-wireless may still encounter a wireless laptop or a wireless device plugged into its corporate network with the intent of extracting information. A hacker on the premises can capture data using a wireless device, or can break in through any wireless card-equipped laptop to access the wired network. Anyone within the geographical range of an open, unencrypted wireless network can capture and record traffic, gain unauthorized access to internal network resources and the internet, and exploit that access to carry out illegal or disruptive acts (Nichols, R. K., 2002). These kinds of security breaches remain serious concerns for enterprises and home networks alike.
Some robust security tools have been developed to prevent data from reaching unauthorized devices, and several best practices help guarantee a secure information loop. WPA2 encryption has emerged as the most powerful security protocol for modern wireless devices, superseding the simpler WEP standard (Matt Lytle, 2010). Using a password set by a network administrator, the network is protected to ensure system security. As the majority of organizations have adopted wireless network security measures, however, network threats have evolved to exploit new vulnerabilities that affect both malicious hackers and casual intruders. To address the rising wireless threat, several fundamental areas must be considered.
Deployments of enterprise wireless LANs have been increasing. They have evolved from guest access in conference rooms to hot-zone connectivity to full organizational coverage. However, many such deployments remain insecure, allowing malicious hackers to enter the network and access confidential company information. The following strategies address the most important areas of enterprise WLAN security.
Access points typically come with a standard network name — such as "default" or "tsunami" — that is broadcast to clients to advertise the presence of the access point. This name should be changed immediately after installation. The replacement SSID should not be directly related to the company, such as the company name, phone number, or any other readily available information that could be easily guessed or found on the internet.
Different types of users may need varying levels of access to a wired LAN network. For example, a marketing and sales team may need access to sales performance data; accounting and finance staff may need access to accounts receivable, payable, and other financial systems; and order administrators may need access to order entry and shipping systems. Using an access point that supports virtual LANs (VLANs) allows each authorized wireless LAN user to access only the network resources relevant to their role (William Arbaugh, 2001). For instance, shipping and manufacturing personnel accessing the wireless network via the "operations" SSID might be granted access only to email and ERP systems.
Because default settings for many access points do not include any enabled security, malicious hackers or unauthorized personnel can easily access wireless LANs. To prevent this, over-the-air security should be enabled. The recommended secure encryption and authentication method may include the use of a VPN, IEEE 802.11i (also known as WPA2), or IEEE 802.1x (NSA, 2013).
Employees are generally willing to participate in maintaining a secure enterprise network, especially when they are educated about existing policies and the potential consequences of non-compliance. Some employees may not be aware that deploying a wireless LAN access point straight out of the box can expose corporate network security to risk (Ross, D., 2007). It is therefore important for organizations to provide multiple education opportunities as soon as wireless access is made available to staff.
"WIPS deployment and wired-side port suppression"
It has been acknowledged that wireless network technology has indeed brought significant productivity gains, and organizations are forced to find ways of deploying it securely in order to remain competitive. As the wireless industry has evolved, the need to develop new standards and security solutions has grown — both for the wireless perimeter and for the wireless infrastructure itself. Organizations that invest in robust wireless security practices, employee education, and proactive monitoring are best positioned to take advantage of wireless technology while protecting their information assets.
You’re 73% through this paper. Sign up to read the remaining 1 section.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.