Wireless security and the enterprise
Jesse Frankel is the head of the AirMagnet Intrusion Research Team. He has been working in various areas of wireless LAN technology and applications for more than 15 years. Currently he manages the AirMagnet Enterprise WLAN IDS/IPS and performance measurement platform and drives technology directions for the Wi-Fi security space.
In this interview he discusses wireless LAN security policies for mobile users in the enterprise, challenges faced by mobile warriors, and more.
The CSO is becoming increasingly aware of the dangers posed by mobile devices that contain confidential information and that are subject to theft or loss. What can they do to mitigate those risks?
Mobile devices are ubiquitous. Especially in the past decade, their usage has skyrocketed. Most people today own multiple mobile devices. The BYOD (bring your own devices) phenomenon is happening and is here to stay. Smartphones have the capability to be an AP.
As a CSO, the first challenge is to know which devices are connecting to the enterprise network. Visibility into the wireless network is a critical first step. (S)he has to ensure that there are no unauthorized devices. Policies need to be defined and implemented for protecting confidential data. You can’t practically control the end device security. Mobility breaks the traditional model of centralized control by opening doors for outbound connections. In a WLAN every AP and client matters when it comes to security. By adopting best practices in WLAN security, a CSO can mitigate these risks:
- Full monitoring of the airspace with no blind spots
- Automated analysis – proactively detect all types of threats
- Active response – stop threats at source; notify and escalate as required
- Audit, track and report.
What are the biggest challenges related to the implementation of wireless LAN security policies for mobile users in the enterprise?
The sheer volume of devices and clients connecting to the WLAN is staggering. Gone are the days when the IT network engineer had to worry only about connecting and controlling an AP. Today, it is not uncommon to see more than two mobile devices per employee connected to the WLAN. Devices have become an extension of your wireless network. Now you need to protect the AP, clients and other devices if you want to protect your network. To overcome this challenge it is often best to implement an overlay WIPS/WIDS (wireless intrusion prevention or detection system).
Wireless hot spots, and especially rogue access points setup as hot spots to trick users, raise unique concerns for the mobile warrior. What can be done in order to mitigate the risks associated with their usage?
It is important to have complete visibility into your wireless network. Systems should be implemented to scan and get continuous analysis of all channels, devices and traffic.
Scanning of all channels, including extended channels doesn’t allow the rogues to hide. Furthermore, a complete solution should include Spectrum analysis that looks deeper than Wi-Fi, i.e., exposes Layer 1 DoS (denial of Service) attacks and other wireless devices such as Bluetooth or wireless cameras. It should be able to detect and stop rogue devices, man-in-the-middle attacks and mitigate other threats.
What are your predictions for the future when it comes to wireless security?
Let’s look at the evolution of the wired network for comparison. As network usage grew, monitoring data traffic and firewalls became prevalent. In WLAN, encryption alone is never sufficient when it comes to security. New technologies will evolve at a staggering pace and hybrid environments will exist.
Additionally, innovations will happen at a different rate for the various components of a wireless network – mobile devices, APs, controllers, etc. Use of WLANs for mission critical application will continue to grow. Add to that compliance requirements and it is obvious that wireless security is not an easy problem to solve.
Everyone will need a WIPS solution capable of promptly diagnosing and stopping wireless threats. Wireless networks will become multi-technology networks, e.g., Wi-Fi and cellular. The optimal wireless security solution will encompass these different technologies and will offer actionable business intelligence to the administrator.