Wireless technologies are more vulnerable than wired technologies, yet the subject of security for Wi-Fi devices is often overlooked.This subject of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts:
So it makes sense that wireless security should be a big concern.
Keep in mind that many businesses have wired and wireless networks. Wireless devices are vulnerable to any attacks that may be made on wired devices. But there are many more threats to wireless networks. This is because wireless transmits data over the air. The air cannot be secured. So wireless technologies must incorporate more safeguards against eavesdropping and man-in-the middle attacks than wired technologies.
For example, man-in-the middle attacks in a wireless environment are child’s play. An attacker connects to the Internet and configures a laptop to look like a legitimate wireless access point (AP). Victims wanting Internet access unwittingly connect through the bogus AP. Furthermore, the attacker can launch a de-authentication attack, causing devices already connected to a legitimate AP to drop their connection and to automatically reconnect to the attacker’s AP. The attacker now has unlimited access to data transmitted by any attached user since wireless operates at Layer 2. Layer 3 protections such as encryption, network authentication, and virtual private networks (VPNs) cannot protect against this scenario.
Two wireless devices can communicate without involving the access point. This is clearly not a possibility in the wired world. So not only must there be protection against external threats, but also against other devices attached to the AP.
Denial of Service attacks are a danger to any network, but especially with the restricted bandwidth of wireless networks.
Some sources recommend wireless security measures that are not effective for business. Here are three examples:
There are different approaches depending on the size of the organization and the level of in-house IT expertise:
Using end-to-end encryption would be ideal. However, not all intervening software and hardware may support encryption. For example, not all web sites offer https, and even if they do, the browser sends out IP addresses in clear text. The next best alternative is to require users to connect to the company network through VPNs .
Of course, authentication is critical. IEEE 802.11i Wi-Fi Protected Access II (WPA2) should be used. For authentication, there are alternatives:
A hardware or software card or token can be used in combination with the above authentication techniques, depending on the vendor.
Educate your users about the dangers of using public wireless. Be aware of “shoulder surfing” in public wireless areas. An attacker doesn’t necessarily have to be a computer genius.
Sign-up for email updates...