In the last decade, 802.11 Wireless LAN technology has had a dramatic impact on the technology world. Reliable, high-bandwidth networking is now easily available to anybody who wants it, and the number of WiFi enabled devices continues to grow at a dramatic rate. So naturally, businesses ranging from basic office environments, to complicated co-located warehousing/retail/office operations have begun leveraging the technology as well. Unfortunately, the ease of setup that WLAN offers has led to some confusion among even seasoned IT practitioners. In this series of posts, I hope to provide some simple guidance to help clarify how to securely and efficiently manage an enterprise Wireless LAN.
Some History
I will not go into the history of the 802.11 standard in too much detail here, although there are a couple of important points to recognize when thinking about how to deploy a WLAN in your business. The most important thing to know is this – many of the WLAN security technologies that were being used in deployment until three or four years ago are vulnerable to several well-known attacks. If your business has a WLAN that has “just been working” for a while – it should probably get some attention.
To elaborate on this a bit further, the most common Wireless LAN encryption method used until late 2003, WEP, has been subject to some very public weaknesses, almost since its inception. Its temporary replacement, WPA-TKIP, has similar (although not as dramatic) weaknesses, that have been public since at least 2008.
Adding insult to these platform-common weaknesses, some of the alternate, “more secure” based authentication methods advised by vendors have also been picked apart and had their vulnerabilities shown to the world. I’m looking at you, LEAP.
To sum it up briefly – many networks that people thought were secure in 2003 or 2004 are definitely not secure today. And unfortunately, WLAN sometimes is treated like a part of the physical infrastructure – if it ain’t broke, don’t fix it!
Current Tech
Fortunately, 802.11 is really starting to come into its own lately, and can be an extremely secure – in some ways more secure – piece of critical infrastructure. The extremely solid (and so far unbroken) WPA2-AES encryption standard defined by 802.11i has had widespread vendor support since 2007. And certificate-based authentication methods such as EAP-TLS, PEAP, and EAP-TTLS have similarly experienced a growth in support, among not just desktop OS platforms, but mobile operating systems as well. And Wireless Intrusion Detection Systems are hitting their stride, ranging from several robust and effective professional solutions from vendors like AirTight, Cisco, and Motorola, to fantastic open-source applications like Kismet. And robust infrastructure management software is now making the administration of Wireless LANs more simple and effective.
In short, today it is possible to deploy a WLAN that will meet all the use cases an enterprise can throw at it, and that is as secure as a typical wired LAN infrastructure.
In the next post, I’ll cover typical enterprise WLAN use cases, and the strategies for designing and securing them.
1 Comments.