The wireless network as a computing paradigm has brought unprecedented access, flexibility and usability to the I.T. environment in a relatively short time. When one considers that the “conventional” computing environment of an enclosed mainframe system accessed exclusively by hard wired terminals, evolved over a period of 30+ years. Such slow growth of an I.T. system allowed for a maturing of the implementation plan and the time to develop adequate security measures.
By contrast, the wireless network paradigm has exploded just within the last five years. From an infancy in which wireless I.T. access was the stuff of theory, experimentation and science fiction we have come to a point that wireless network access is common to the general public on the same level of widespread use as the television or the automobile. While such success is amazing and a testimony to the ingenuity of its developers, it also brings with it unprecedented security risks. Because of the rapid nature of industry growth, such core necessities as protocol standardization and development and administration of security agreements has had to occur at a rapid pace. As we near the end of 2004, we must review where the industry is in the development of wireless security, what problems still daunt the industry and the direction of addressing these problems that is currently showing the most promise.
Scope of this Article
This article will address at a summary level the most significant security risks in the wireless computing environment. The purpose of the article is to introduce in a centralized fashion the scope of the problem and the most significant talking points on the issue of wireless security and to summarize where the industry is in addressing these problems and where it is going.
Most Significant Sources of Security Risk in the Wireless Environment
The heart of the security problem in the wireless security setting is that networks are at heart an amalgam of independent processing units and the architecture itself is resistant to controls. The very ease of access, flexibility of expansion and evolution that makes the wireless world so successful make it highly vulnerable from a security standpoint.
Ease of access itself represents the greatest security challenge. The very navigation protocols that make it possible for users of a wireless network to find their destination nodes leave vulnerabilities for those who would use the network in an unethical, harmful or illegal manner. To date the strongest response to this form of threat is access controls which we will discuss shortly.
A second level of threat to the network are rogue access points both within the network or department or from outside of the network firewall. We will discuss rogue access points in greater depth momentarily as well.
Unauthorized use of network services represents a threat to the security of the system as well. Such network utilization not only creates unproductive network traffic but unauthorized users are the ones who will attempt to use network resources in a harmful way or attempt to break into data resources either for entertainment or illegal reasons. “Hacking” of this nature is a very serious problem particularly for network clients whose software and data repositories are of a sensitive and/or financial nature.
Another devious mythology used by network attackers is spoofing and session hijacking. Using the open nature of the network and sophisticated detection tools, the network hacker can simulate legitimate network directional information – “spoofing” those commands and in that way redirect traffic within the network in a way that disrupts performance and causes unauthorized and unexpected results for network users. Such activity represents forgery and is a serious attack on the network.
In addition to these threats, attackers will often “spy” on the network infrastructure, tracking traffic flow and eavesdropping on the network in operation. Such information can be valuable to anyone planning an attack or unauthorized use of network functionality.
Rogue Access Points
A rogue access point is an unauthorized point of entry into the network that is used to access the infrastructure either from within the corporate environment or from outside the firewall. The ease of access to the wireless network combined with broad availability of standardized equipment makes it very easy for an intruder to purchase necessary equipment and “plug in” to the network with virtually no resistance.
From within an organization, an employee can bring unauthorized equipment and plug into the network from a break room, an unused cubicle or any open access point. Such ports to the network are routinely built into the structure of the office complex when the offices are constructed to allow the business maximum flexibility over time. In the same way, this gives employees maximum flexibility for unauthorized access.
The solution for internal introduction of rogue access points is rigorous network topology audits to assure that all internal nodes to the network are by design. While external intrusion using rogue access to the network is most likely to represent criminal intent, internal access is the greater threat because it can occur inside the firewall. It is likely that internal access is done for benign reasons such as desire to use the internet for chat or other recreational activates. However controls are necessary because an internal break in can occur by someone outside the company as long as they can access the port access points anywhere in the WAN or by disgruntled employees or employees with criminal intent. The good news is rigorous implementation and compliance with the WPA standards dramatically reduces if not makes external rogue access intrusion impossible. We will discuss the WPA standards later in this white paper.
Access Control methods
In light of what we now know about rogue access to the network, access control becomes the primary defensive mechanism for reducing or eliminating unauthorized access to the network. And of the access control tools and weapons, authentication holds the highest promise as a security approach that can provide effective protection. Authentication is so effective because it can be a response to both internal and external rogue intrusion to the wireless network. Other access control methods are limited to internal attack but they still deserve to be included in the computer security plan.
Physical access control however cannot be overlooked in importance. Internal rogue access of the wireless network occurs within the firewall and utilizes access points supported by the infrastructure of the company. So two primary controls should be reviewed for feasibility and security at those points improved to cut down or eliminate the potential of a security breach. First of all, securing those access points by physical restraints or other technological resources that the I.T. department can introduce will cut down on the temptation to internal users to access the network from an unused entry point.
Secondly, rigorous monitoring of network use is in order. Oftentimes software network “sniffers” or other system level intelligence can be integrated into the wireless infrastructure and appropriate alerts or automated responses programmed into the day to day operation of the network. If such precautions are utilized, security assurance in the wireless network will improve noticeably.
Authentication is an access control method that is well understood by the network users. Utilizing the login and password system, authentication not only permits network security to know who is utilizing the system and to control their access easily, it affords the ability to control with precision how each user can use the system, the level of security they can be granted and the level of impact each user is permitted to have on the data resources and network performance.
Computer security has long been regimented to make available security levels that range from low risk access to very highly secured networks such as those used by financial or military institutions. Such disciplines worked out under the mainframe paradigm do provide a structure for the organization to implement access control systems in the wireless landscape.
Authentication similarly can be introduced at a relatively loose level or increasingly more strict controls imposed depending on the potential risk and the criticality of the resources and services offered by the network. User name and password controls are common but for more tightly controlled networks, an access card such as used in the ATM setting layers into the security plan greater controls. Further the rate of revision of the passwords, the level of complexity passwords are required to maintain raise the standard of security significantly but also introduce “east of use” difficulties that must be considered. Over all however, how authentication is used and a program for routine review and improvement of authentication is critical to the creation and ongoing operation of a wireless security scheme.
Encryption addresses a different level of security concerns than access control and authentication are designed to defend against. Encryption stated simply is the encoding of sensitive data within the network to be decoded upon arrival at the destination point. In this way if the information is accessed by an unauthorized agent, decryption would be difficult or impossible.
Encryption has its value in a wireless security plan because it defends against spoofing, session hijacking or external unauthorized monitoring of the network. Encryption of the user name and password does enter into the authentication plan but only by way of securing those codes against possible identity theft. Within the operation of the network, encryption of packet data transverseing the network does provide a higher defense against network compromise coming from a hacker learning of network data flows as well as access to sensitive data.
The trade off of encryption is high cost of keeping abreast of encryption technologies and standards and the impact on network performance due to the overhead encryption and decryption must have on the movement and access to data packets. Before deciding on the use of or the level of encryption to utilize, performance evaluation, throughput, response time and capacity studies should be completed to have a firm grasp on what the potential customer impact such security will introduce.
The Wi-Fi Protected Security Specification – The WPA
The most significant leap forward toward a universally applicable wireless security specification was the release of the Wi-Fi Protected Access (WPA) Security Specification. As with any important step toward greater control in I.T. history, it has been the implementation of industry standards that brought the ability to impose controls on an other wise out of control situation.
The WPA addressed in detail and put standardized protocols in place for the highest level security measures that needed to become stabilized and supported across the board. Amongst those were user authentication standards, a data encryption protocol that came to be identified as TKIP and data validation methodologies.
While WPA became an industry standard in early 2003, the first drafts of each of the protocols were not well developed enough to represent a strong response to the security threats that faced the wireless industry. However, throughout 2003 and on into 2004, each discipline within WPA has continued to be strengthened, made more intelligent and bolstered with improved technology and moved forward both in sophistication and in representing a potent security resource for all concerned with wireless security.
The efforts that have gone into implementing and developing the WPA protocols are beginning to provide a realizable security resource for all members of the wireless community. With WPA serving as a standard under which continued innovation and research can thrive, the industry is very close to becoming a secure environment. In that WPA has become the de facto standard, most wireless products in the year to come will be WPA compliant. Smaller companies that chose not to comply with WPA directly will fall into line to remain competitive with a market that is not tolerant of products that are out of the standard security agreements. In this way the natural competitiveness of the marketplace will impose a discipline that will lead all participants to a more secure environment that will assure that revolution in computing represented by the wireless architecture will continue to spread and grow both in breath of acceptance and depth of services offered.
Jerry Malcolm is an I.T. professional with 30 years of experience at all levels of IT project development, design, management and documentation. With 20+ years in project management plus a solid background in systems development and implementation, Mr. Malcolm has a keen understanding of the needs of I.T. projects and systems issues. Since 2003 Mr. Malcolm has been the owner/principle of Malcolm Systems Services, an IT services consulting firm specializing in project management consultation, technical writing, development of technical white papers and web page content and I.T. project problem resolutions.