Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 08/01/05 issue

Airtight WiFi 101

By William Jackson, GCN Staff

Wireless security is achievable, but you have to work at it. Here’s how:

As with many other technologies, wireless networking was developed with an eye toward functionality rather than security. The 802.11 family of wireless standards has become the basis of products that are so easy to use and misuse that the National Institute of Standards and Technology in 2002 described wireless access points as “the logical equivalent of an Ethernet port in the parking lot.”

The security shortcomings enumerated by NIST in Special Publication 800-48, Wireless Network Security, were serious enough that many agencies have shied away from wireless LANs, also known as WiFi.

“It’s a wonderful technology that I would like to see be successful,” said Dennis Heretick, director of IT and security for the Justice Department’s management division. “It was too bad that wireless got off to such a weak start.”

But the standards and the products have matured in the three years since NIST issued its warnings, said Praphul Chandra, a software design engineer with Texas Instruments Inc. and author of the book Bulletproof Wireless Security.

“The technology and the standards available today allow you to make your wireless networks secure enough to be used for any commercial purpose,” Chandra said. “Put another way, you can make your wireless networks as secure as, and some may argue more secure than, your wired networks.”

NIST is in the process of updating SP 800-48 to reflect advances in wireless security, but the principal caveat of that publication still applies: “All the vulnerabilities that exist in a conventional wired network apply to wireless technologies,” plus a host of others associated with radio communications and mobile clients.

Even agencies that decide against deploying WiFi networks cannot afford to ignore the technology.

“They can’t assume wireless will stay outside of their perimeter,” said Tim Cranny, senior security architect for Senforce Technologies Inc. of Draper, Utah.

Most notebook computers today have wireless capability embedded in them and can communicate with each other without a wireless access point, opening unexpected holes in the network. Without tools to discover and control end points and enforce policy, a policy is just so much shelfware.

More news on related topics: IT Security, Mobile & Wireless



GCN Popup