February 27, 2001, 1:11 PM — Aside from the obvious distinction of having no wires, wireless LANs or WLANs have the same physical attributes as traditional networks and require the same security considerations. Indeed, both LANs and WLANs face three potential security hazards each day: risks to physical system elements, interception from outside, and unauthorized access to protected network areas by internal users.
Although many may believe wireless systems are less secure than their wired counterparts (most IT professionals suffer nightmares of vulnerable data flying around the airwaves), WLANs actually provide unique security elements at the physical layer that make them less susceptible than traditional LANs to a variety of security risks.
Unplugging weak points
Administrators of wired networks know all too well how important it is to protect the physical wires of a network, lest an unauthorized individual gain access to sensitive company data. But by implementing one or more WLAN segments in your network, you reduce the number of wires in your systems, thereby providing fewer access points for intruders and also greatly decreasing the risk of physical security violations.
Because typical WLANs often use access points as interconnecting bridges to wired networks, companies with WLANs can more easily isolate individual users on a wireless segment from a majority of the LAN traffic, which minimizes the threat of packet sniffing.
Most IT managers are already aware of the issues surrounding proper user authentication and authorization levels in wired networks. Given today's interconnectedness, administrators must combine network OS parameters with firewall technologies, which often include packet filter or proxy services.
Unfortunately, implementing a wireless LAN does not relieve you from any of these usual security tasks. But the good news is that because administrators can either allow or deny access to one or more wireless end points at any given time, WLANs can support an additional layer of authentication management, which occurs before the user even sees a log-on screen.
Furthermore, administrators can configure settings on a WLAN that require end-users to input parameters such as radio domain, sub-channel ID, or frequency-related information. These extra parameters make an enormous difference when securing WLANs.
Of course, most companies are also concerned that hackers may gain network access and sniff the traffic on their systems. Sniffing and other attacks can easily be prevented with encryption, but many network managers do not expend the necessary resources to put this precaution in place. We understand that time, money, and expertise are short, but we urge administrators not to cut corners when it comes to this vital security measure, be your network of the wired or wireless variety.