Wireless networks are commonplace today, as many companies give their staff the freedom to carry their laptop computer from office to office and boardroom without having to worry about wired connections.
However, while mobility might add significantly to corporate efficiency, there is a price to pay in terms of security risks, says Andy Robb, chief technology officer at Duxbury Networking. In this article he identifies the technology solutions necessary to ensure the confidentiality, integrity and availability of information in a wireless environment.
Andy Robb, chief technology officer at Duxbury Networking
South Africa is currently experiencing one of the broadest deployments of 3G worldwide - and the services on offer provide affordable access to broadband communications from a global perspective.
This focus on wireless telecommunications for the masses is mirrored in the corporate environment, where wireless networks are becoming commonplace.
Here, the challenge facing network users is to ensure that their infrastructures enable high-performance mobile computing without compromising the confidentiality, integrity or availability of sensitive and often critical corporate information. Threats of network intrusion and malware are becoming more dangerous and selective as organised crime and industrial espionage syndicates ramp up their activities.
For example, in many cases of identity theft reported by South African companies, intruders have exploited inherent system weaknesses not countered by conventional point security technologies. In fact, intruders have found wireless networks relatively easy to break into, and even use wireless technology to crack wired networks.
Compounding the problem, we find that unacceptable levels of carelessness and ignorance exist within many corporates. This has magnified the seriousness of the problem, particularly as hacking methods have improved in terms of their sophistication - as have the levels of innovation of their creators.
What is more, there are many easy-to-use Windows or Linux-based hacking tools freely available for download on the Internet.
Countering the risks
Encryption is one of the oldest methods known for securing data and is still a viable passive counter measure. WPA is the next generation of wireless encryption technologies, more secure and easier to configure than its predecessors.
WPA (Wi-Fi protected access) is actually a certification program administered by the Wi-Fi Alliance to indicate compliance with the security protocol created by the Wi-Fi Alliance to secure wireless computer networks. This protocol was created in response to several serious weaknesses found in the previous systems. It boasts an improved encryption algorithm called Temporal Key Integrity Protocol as well as the ability to prevent denial-of-service and spoofing attacks.
WPA2 is the latest version and is based on the Advanced Encryption Standard - the US government's current standard for security. It can be used in 'personal' or 'enterprise' modes and has so far proven difficult to attack.
Turning to 'active' methods to pre-emptively block and counteract wireless network intrusions, we find that no single strategy - or technology platform - is absolutely secure. The best technique is to combine a number of security measures.
One of the most successful techniques is to deploy a vulnerability management system that leverages existing infrastructures, but at the same time integrates patch management, compliance management, configuration management and application control into a coordinated system.
Vulnerability management systems work by performing two very different but related tasks. They scan or query network systems for their detailed configurations and store the results for later analysis. They also acquire up-to-date threat, vulnerability and patch-availability information from the system vendor's home site.
And they correlate the installed-software configuration, collected from enterprise systems, with the threat, vulnerability and patch availability information and develop a rank-ordered list of work that must be performed to minimise risk.
When purchasing wireless network security solutions, network managers should also look at offerings which meet the stringent Security Information Management (SIM) standard.
SIM uses data aggregation and event correlation techniques to support the gathering, storing and processing of data gleaned from a broad cross-section of security devices such as firewalls, proxy servers, intrusion detection systems, antivirus software and other applications. It applies the data to these devices' event logs to provide an 'awareness report' for the network - in much the same way as network management software provides situation reports.” SIM products can normalise data - that is, they can translate and correlate software alerts from various vendors' products into a common format.
More importantly, SIM products can integrate with a heterogeneous array of security products and network devices, giving network managers the opportunity to centrally monitor, analyse and react to security alerts based on well-defined, standardised security incident handling methods. In this way SIM also simplifies the detection of irregularities and also enables an organisation to retaliate and actively - and aggressively - repel an attack with the possibility of taking stringent legal action against the criminal or criminal agents responsible.