[January 12, 2005]

WLAN Security: A Moving Target for IT Managers

By Robert Messinger

Wireless networking is one of the most dynamic growth areas in corporate computing. Its attraction of untethered mobility is irresistible. Yet with all the benefits of wireless networks come a passel of new security concerns. Can the company maintain security as the conventional network is integrated with wireless components? Many companies view the extension of a conventional network into a somewhat intangible hybrid network as two separate networks: the tried-and-true secure network, and the breezy interloper that is now poking holes in it. But it is a significant mistake to not keep all network security management under one roof.

Network management encompasses a number of key functions: monitoring the network's activity; dynamically evaluating its availability; measuring its performance; and logging its errors. These functions are more important, where the wireless portions of the network are concerned. Since the wireless zones are more portable, more variable in usage, and subject to greater interference than the conventional ones, performance tracking and error logging are more important than ever if IT managers hope to optimize the network's efficiency.

This management enables IT managers to monitor what is happening in a network and at the APs -- thus facilitating spotting intrusions.

There are many network management software packages available -- HP OpenView and Tivoli's NetView are two of these. These packages perform network management functions for the IT staff. If the wireless hardware supports SNMP, then IT managers can manage it in the same way as any other network component. But there is a risk: If an SNMP-supporting access point is hacked, then the intruder has access to information about the network, through SNMP.

If the IT manager is comfortable about the security of the access points, then he or she can and should safely use SNMP-based network management; although, if the APs are secure, by definition, it is less necessary. It's a trade-off, and the IT manager will have to weigh the pros and cons.

Audit Networks Regularly

It is still possible to audit a network, even with wireless components involved. There is nothing intrinsic to wireless workstations or access points that affects an audit per se. IT managers should continue to audit the network frequently. In fact, given the increase in the number of potential threats from viruses, worms and even internally generated program, IT managers should audit the network more frequently than ever. Wireless access points also generate audit logs. IT managers should integrate this information into the audit process.

Control Rogue APs

Rogue access points are an additional threat in wireless network security. Employees frequently deploy these for, but these exist beyond the perimeter of formal IT department procedures and deployment protocols and therefore pose a huge security risk. Rogue APs sometimes represent as much as one third of a corporate wireless network. The security threat of rogue APs alone are justification for implementing stringent network management procedures. Many network management software packages can rapidly identify rogue APs. Another way to detect rogue APs is the way hackers do it, with a WLAN scanner. A laptop with a wireless network card and WLAN-detection software can identify all APs, rogue or otherwise.

Test Network Perimeters Regularly

To ensure that a company's wireless perimeter security is sound, test it frequently. IT managers should literally walk or drive around the edge of a facility with a laptop, wireless network card and WLAN detection software. Some companies will make a content of encouraging their IT staffs to try and poke holes in the WLANs, knowing that if IT staff can do it, a determined hacker probably can as well.

Vector's Advice: While network management software, such an HP OpenView is expensive, it is well worth the investment as part of a comprehensive network security management solution. In addition, IT managers should be especially vigilant about ensuring regular audits, scanning for rogue networks and testing of facility perimeters take place. Wireless networks have many attractive features, but they also exponentially increase the number of risks to the corporate network.

Questions IT Managers Need to Explore:

• Who has control over the deployment of WLANs?
• What is the quality of the company's existing network management systems? Are they equipped to handle WLANs?
• How frequently and comprehensively does the company audit the network?
• Does the IT manager believe he/she has a handle on rogue Access Points (APs)?
• Is the IT manager confident about perimeter security?
• WLANs Make Network Management Even More Important