Aside from the obvious distinction of having no wires, wireless LANs or WLANs have the same physical attributes as traditional networks and require the same security considerations. Indeed, both LANs and WLANs face three potential security hazards each day: risks to physical system elements, interception from outside, and unauthorized access to protected network areas by internal users.
Although many may believe wireless systems are less secure than their wired counterparts (most IT professionals suffer nightmares of vulnerable data flying around the airwaves), WLANs actually provide unique security elements at the physical layer that make them less susceptible than traditional LANs to a variety of security risks.
Unplugging weak points
Administrators of wired networks know all too well how important it is to protect the physical wires of a network, lest an unauthorized individual gain access to sensitive company data. But by implementing one or more WLAN segments in your network, you reduce the number of wires in your systems, thereby providing fewer access points for intruders and also greatly decreasing the risk of physical security violations.
Because typical WLANs often use access points as interconnecting bridges to wired networks, companies with WLANs can more easily isolate individual users on a wireless segment from a majority of the LAN traffic, which minimizes the threat of packet sniffing.
Most IT managers are already aware of the issues surrounding proper user authentication and authorization levels in wired networks. Given today's interconnectedness, administrators must combine network OS parameters with firewall technologies, which often include packet filter or proxy services.
Unfortunately, implementing a wireless LAN does not relieve you from any of these usual security tasks. But the good news is that because administrators can either allow or deny access to one or more wireless end points at any given time, WLANs can support an additional layer of authentication management, which occurs before the user even sees a log-on screen.
Furthermore, administrators can configure settings on a WLAN that require end-users to input parameters such as radio domain, sub-channel ID, or frequency-related information. These extra parameters make an enormous difference when securing WLANs.
Of course, most companies are also concerned that hackers may gain network access and sniff the traffic on their systems. Sniffing and other attacks can easily be prevented with encryption, but many network managers do not expend the necessary resources to put this precaution in place. We understand that time, money, and expertise are short, but we urge administrators not to cut corners when it comes to this vital security measure, be your network of the wired or wireless variety.
Most typical WLAN solutions come with support for 64-bit encryption. You can also usually obtain 128-bit encryption as an optional purchase with your WLAN. It should be noted that WLAN encryption only protects data; it is still possible for sniffers to pick up headers in the traffic, although the severity of resulting security breaches are significantly limited by data encryption.
Scrambling airborne data
Perhaps the biggest fear that network administrators have when it comes to implementing a WLAN is that security breaches will occur while network traffic is airborne.
Great news for the fearful: The design of a WLAN's physical layer protects network traffic by using spread-spectrum technology, a security measure introduced by the military some 50 years ago. WLAN solutions that implement spread-spectrum technology resist noise and interference while reducing the threat of unauthorized detection.
When data is transmitted using spread-spectrum technologies, the signal is sent out across a broad range of frequencies at very low power. Of the several ways to implement spread-spectrum technologies, the two most popular and supported methods are direct sequence and frequency hopping.
Direct-sequence spread spectrum combines the sent data signal with a higher bit sequence known as a chipping code or a processing gain. In this scenario, each time a data bit is transmitted, it is interspersed with a specific string of bits.
Frequency-hopping spread spectrum works much the way its name implies. Data is transmitted via a signal that hops from frequency to frequency over time. A hopping code determines which frequencies will be used and in what order.
Both types of spread spectrum enormously increase wireless network security, especially when combined with available encryption techniques.
Spread-spectrum technology requires users to have very specific knowledge to gain access to wireless network traffic, which decreases the possibility of unauthorized users or hackers gaining access to your systems. For instance, direct-sequence spread spectrum requires intruders to somehow acquire the chipping code for network entry, and frequency-hopping WLANs require acquisition of the hopping pattern. In both cases, intruders also need to acquire frequencies and modulation techniques as well as scrambling patterns to decode signals and gain full entry.
Although these encouraging attributes paint a bright picture for the growth of corporate WLANs, companies still need to keep a sharp eye on their networks' evolving security needs and act promptly when problems are suspected. Networking security advances are made daily, but intruders are simultaneously getting smarter, building tools to circumvent even the newest security methods.
This solemn warning is no more pressing for WLANs than for wired networks. When it comes to security, companies should feel as confident in wireless systems as they do in traditional LANs. When implemented well, WLANs can indeed be watertight, while of course also providing the conveniences that made them so appealing in the first place: greater mobility and freer, less tied-down working styles.
Maggie Biggs is editor at large at InfoWorld Media Group. Drop her a note at firstname.lastname@example.org and she'll retrieve it on one of her many wireless devices.
Spread spectrum options at a glance
Both popular spread spectrum technologies come with pros and cons.
* Frequency-hopping spread spectrum
+Less power consumption
+High capacity using multiple layers
+Tolerance of interference
-Low data rates from individual layers
* Direct-sequence spread spectrum
+High data rates from individual layers
-More power consumption
-Low capacity using multiple layers
-Limited number of channels
THE BOTTOM LINE Wireless networking security
Business Case: Wireless networks offer increased mobility, decreased wiring requirements, and a physical layer that may actually strengthen overall network security.
Technology Case: Wireless networks still require typical security measures such as encryption and firewalls. Spread-spectrum technologies and MAC (Media Access Control) available at the physical layer will help reduce the likelihood of attacks.
+ Increased mobility and collaboration
+ Reduced investments in cabling
+ Easy to learn and implement across multiple platforms
- Multiple access points required for dispersed networks
- Range reduction may occur in closed office settings
This story, "Unplugged data can also be hack-proof" was originally published by InfoWorld.