Organisations are increasingly seeing new security threats to personal data and privacy. Recent cyber attacks and associated data breaches at Google, Symantec and Sony Playstation are just the tip of the iceberg. Government networks, critical infrastructure operators and the private sector face growing frequency and sophistication of these attacks, often with discovery after the fact.
The proliferation of consumer devices in the workplace has also placed a wealth of corporate data in the hands of employees, thereby increasing the stress on wireless network security. In fact, personal wireless devices within the corporate wireless space are now viewed as emerging threats to vulnerabilities in organisational IT infrastructure.
Additionally, the explosion in the deployment of wireless networks has given rise to a new generation of hackers who specialise in hijacking wireless networks. For example, 'wardriving', a simple technique of driving around in a car with a laptop computer or a personal digital assistant with scanning software that is freely available, looking for an unsecure wireless network to carry out network attacks or other malicious intents.
Global estimates of losses from intellectual property and data theft range as high as US$1 trillion . However, despite the obvious vulnerabilities, Gartner predicts that throughout 2012, privacy programmes are set to remain constantly underfunded. With the explosive increase in the uptake of different types of wireless devices in enterprises, a converged approach to network security configuration management will help protect against present and emerging security vulnerabilities. The only way forward for organisations is to bite the security bullet. Organisations should take a layered approach to bring security management in wireless networks closer to that established in wired networks.
Secure wireless LAN devices
As the boundaries of corporate wireless networks extend far beyond the brick and mortar, organisations need to manage their network perimeter. This includes personal firewalls on every wireless-equipped device on the corporate network, deployment of corporate-class access points with superior security and management capabilities, segregation of wireless land area network (WLAN) from the enterprise wired network to allow for wireless-specific management and security policies. Some organisations choose to establish set channels of operation for each access point to identify any off-channel traffic as suspicious activity.
Secure communications with authentication and encryption
The next layer of wireless LAN security is to control user access. Most access points support simple Media Access Control (MAC) address, a unique identifier assigned to any network interface such as a network interface card, network adapter or LAN adapter. However, depending exclusively on MAC address filtering leaves a network vulnerable to simple identity thefts. Larger organisations with complex wireless networks of hundreds of stations and dozens of access points require more sophisticated access control by incorporating remote authentication dial-in service servers.
Sign up for Computerworld eNewsletters.