The purpose of this chapter is to provide you with enough information to tackle the challenge of securing your WLAN infrastructure. This book repeatedly mentions the need for a security posture because security in your network is only as strong as the weakest link. This chapter provides an overview of key security components in WLANs, fundamental security vulnerabilities, key WLAN security standards, and security management challenges.
Wireless Security in Your Enterprise
The fundamental premise of security in networked environments is that no network is truly secure. Even a network that is not connected to the Internet can be compromised if physical access can somehow be obtained. This point further drives home the point that there is no perfect way to secure a network.
To approach security, you need an awareness of the components that determine how to secure your infrastructure while maintaining an attitude of elevated paranoia. You should always assume that at some point in time there will probably be an attempt to break into your network with the goal of compromising intellectual property or disrupting your business.
Attacks don't necessarily come from the outside. Research from the Computer Security Institute (CSI) and the FBI has shown that most security attacks come from the inside of an enterprise: (http://www.gocsi.com/forms/fbi/csi_fbi_survey.jhtml). (The document is free after registering at the CSI website.)
These attacks can be intentional, such as a disgruntled employee, or unintentional, as in the case where a computer is infected by a virus. The unintentional act is more likely to happen and probably more destructive. Armed with this state of healthy paranoia, you can strike the delicate balance between how much you invest to secure your infrastructure and the degree of difficulty an attacker needs to overcome.
Thinking Securely
The broadcast nature of a wireless network effectively raises the importance of authentication, encryption, and hashing. Starting with Authentication, you want to be sure that only permitted parties can communicate with your APs. Because you are effectively broadcasting your message over the ether, everyone can potentially hear every communication. Encryption is, therefore, needed to ensure communication privacy. Finally, the broadcast environment makes it relatively easy to capture, modify, and resend a message. Hashing your messages will address this problem.
Literature on information security typically uses the example of communication between two people. This section does the same, using the example of communication between Tony and Kelly. The specific security challenges that Tony and Kelly face when communicating are
Tony and Kelly need to know that they are indeed communicating with each other. This is known as authentication of the communicating parties.
Tony and Kelly want to be sure that only they can interpret the message exchange. Encrypting the messages into ciphers that only Tony and Kelly can decipher achieves this goal. Keys are used to lock and unlock the messages. These keys can be static or dynamic, and symmetric or asymmetric (Public/Private). The combination of the respective key characteristics determines how secure the solution is but also the computational cost.
Finally, Tony and Kelly want to be sure that the messages have not been tampered with while the messages were in transit. This is achieved by attaching a checksum (hashing) to the message that is recomputed and compared upon receipt. If the checksum is the same, the messages have not been tampered with.
It is not impossible to ensure secure wireless communications. Securing WLANs is possible if done correctly. However, heightened awareness is required to ensure that you don't overlook a critical component and thus create a back door.
Note - It might not be possible for you to think like a hacker, but it is not necessary, either. What is important is to establish a security posture that identifies the parts of your network (or information that passes through it) that are most sensitive and need protection.