Importance of WLAN Security

Four people looking at laptop computer in conference room

Importance of WLAN Security

We have all heard and know that the business network, no matter how small must be safe and secure. And even more now with the Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act, and the Health Insurance Portability and Accountability Act (HIPAA) that have their own security requirements. The initial security solution for wireless LAN relied on WEP (wired equivalent privacy.) WEP uses static keys in the encryption process to secure wireless communication. However, almost from the beginning, WEP was declared breakable and tools are readily available on the internet to break static keys. Static keys should never be used with any business network today, no matter how small. Generally, reasons for WLAN security can be divided into 3 areas: asset protection, preventing possible threats, and avoiding legal liabilities.

Asset protection:

The most obvious asset to protect is the company's intellectual property. These are the plans, drawings, trade secrets, etc. Everything that makes the company an unique entity and could ruin the company if ever made public or fell into the wrong hands. Another asset is your company's communication network. E-mail and database services are extremely important for operations and must not be misconfigured in a malicious manner. Then there are the web services. The company and public web site must not be misconfigured.

Preventing possible threats:

DoS or denial of service can be very easy to initiate. All one needs is a RF generator for the WI-Fi band and an antenna. The RF signal could overwhelm the access point, effectively shutting it down. Physical security is very important to prevent RF jamming. Another threat is the theft of an access point or related wireless LAN equipment. Sometimes an access point will be replaced with a less expensive one or just removed if not physically secured in some manner. Access points usually have several modes for configuration. The default user name and password must be changed so that someone doesn't come along and put their own password in and then shutdown the WLAN. Another threat is harmful data manipulation that can be performed in several ways. Product pricing in the company's online database could be changed so that the culprit could purchase product at reduced prices. Another threat to consider is storage of pornographic files in an employee's file system and then someone notifies Human Resources and the employee is in trouble. What would occur if this happened to the CEO.

Avoiding legal liabilities:

Most of the people that are trying break into a company's network are doing so in order to get network access. The problem is that person could be a spammer. Thousands of spam messages could be sent in minutes. The company's ISP may bar all internet access and shut down the account. How will this effect the the business operations? What would happen if a software application(s) was/were installed on the company's servers or worker's PC without their knowledge or authorization. The culprit then notifies the application company that so and so has their applications without purchasing the proper licensing. Then the trouble begins.

With all these potential security problems, it may be easy to conclude, "let's specify, no wireless in the network policy manual." But, even with a "no wireless" network policy, this must be enforced, otherwise an energetic employee may bring in his or her home access point and plug it into the network and now you have a big hole in your network security. What about solutions.

Business, SMB

WLAN Sectors