Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Four reasons to buy (and one reason to avoid) the Droid
Cisco MARS shuts out new third-party security devices
Verizon Droid buzz muted in Boston
Week in Google news: Google Dashboard, Droid fever, focus on e-commerce
Cloud computing, virtualization proponents getting antsy
Data center start-up offers energy saving software
Vendors scrambling to fix bug in Net's security
Judge dismisses lawsuit challenging Gartner's Magic Quadrant
Boston Celtics clamp down on spam
Cloud computing inevitable? Not so fast, educator says
Blue Coat slashes staff, buys S7 services company
Apple seeks new sheriff to lock up iPhones
Google releases new search engine for e-commerce sites
Rackspace apologizes for cloud outage, prepares to issue service credits
Security /

Securing the wireless LAN

Related linksToday's breaking news
Send to a friendFeedback

By Joel Snyder

Network World, 08/12/02

Wireless LANs are too inexpensive to ignore, but security has stymied many network managers looking to bring wireless into the corporate fold. There's a lot of information and misinformation out there about issues and approaches. Here are some simple strategies to help guide your path.

First, educate yourself. The best place to start is Matthew Gast's "802.11 Wireless Networks: The Definitive Guide." Digest what Gast has to say and you'll be far ahead of the power curve.

The Internet has a lot of data and opinions on wireless, but it's difficult to get perspective on things without a good background primer. You need to put this into the context of corporate security. What threats are you worried about? How sensitive is the data on the wireless LAN? What vulnerabilities do you need to guard against? Sniffing? Denial of service? Freeloading? Impersonation? You'll never establish an appropriate 802.11 security policy for your corporate network if you don't think about these things now.

Second, do something to start. Wired Equivalent Privacy (WEP) is still an awful technique - it's like giving everyone in the company the same password and never changing it. But that doesn't mean you shouldn't use it. The theoretical attacks on WEP exploited by tools such as WEPcrack are blocked by modern firmware. In some recent testing using current releases of 10 different enterprise-class access points and eight different client cards, Initialization Vector-based attacks on WEP were no longer effective.

Use WEP and at least you're not blasting your wireless LAN out to any passerby. During some war-driving exercises last month, I found that more than half of the wireless LANs I could "see" from my car were not even using WEP to protect their data.

Third, arm yourself. Wireless tools like Airmagnet are fabulous for enterprise network managers. If you only have a few access points to worry about, a laptop or PocketPC with some public domain tools such as NetStumbler is a fine start. But without at least some tools, you're completely in the dark about the 2.4-GHz aura beginning to surround your network.

Fourth, prepare your strategy. For now, 802.1X-based authentication is the up-and-coming technology to help resolve basic wireless security problems. (You can read about my experience setting up 802.1X) Or, go down the VPN path and treat wireless users the same way you treat remote access VPN clients. Either works fine with off-the-shelf hardware.

Over the long run, the IEEE 802.11i standard will lay out a path to higher security for wireless networks that combines 802.1X authentication with better key management than is available on WEP. But that standard is still being cooked, and it will be a year or more before things completely settle.

RELATED LINKS

Snyder, a Network World Test Alliance partner, is a senior partner at Opus One in Tucson, Ariz. He can be reached at Joel.Snyder@opus1.com.

Read more of Snyder's

Bottom Line columns.

Put cybersecurity chief in DHS not the White House, Senator says 11/4/2009
US-CERT moves in with NCC, NCSC 10/30/2009
NSA to build $1.5B cybersecurity center near Salt Lake City 10/26/2009
Powered by Inform

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.