Imagine a home, filled with prized possessions. All of the windows are open, and all the doors are unlocked. The owner then announces on a bullhorn that his domain is wide open and invites anyone to come in and go through those prized possessions anytime they want.
This is essentially what happens when the available wireless security that comes with wireless systems today is not turned on. The issue is not that hackers (burglars) can break security measures, but that they can walk right in and take what they want. Only about 30% of the market is using security appropriately, because people just plug in a wireless access point right out of the box and do not change the default settings. Or users become frustrated trying to set up a system's wireless security features and turn them off.
On a wireless LAN (WLAN), the drop lines and Ethernet adapters of a wired LAN are replaced with radio access points and a radio card in the end devices. Anyone with a radio that can receive WLAN radio signals (called sniffing) can potentially connect to any system. Hackers gain access by intercepting signals carrying specific information about a company WLAN, manipulate that information to present themselves as valid participants of that network (called spoofing) and use that information to break in.
Hackers typically have interest in data and access. Depending upon a company's situation, analyzing each of these areas will help determine the level of security needed.
WLAN security can be categorized into three types: basic, active and hardened. The first thing to do to secure a home is to close the windows and doors and lock them. This is equivalent to the basic security standard established by the Institute of Electrical and Electronic Engineers (IEEE). One of the first IEEE task groups focused on bringing the equivalent level of security found in a wired network to the wireless world. The result was the Wired-Equivalent Protocol Standard (WEP) 128.
Sometimes, a good watchdog is needed in the yard. Unless that dog recognizes the person wanting access to its owner's house, he is not getting inside. That is the IEEE 802.1x security standard, which covers two distinct areas: network access restriction through the use of authentication, and data integrity through WEP key rotation. Without the proper key and authentication, unauthorized users do not get in.
A small number of enterprises manage data and access to other trading partners that could be considered top secret. These firms may need wireless security that is more difficult to crack, similar to having an alarm system and armed guards patrolling the grounds. Many of these firms may need to employ a security solution that is certified as Federal Information Protection Standard 1.40. Products in this category provide point-to-point security for wireless network communications and include IPSec virtual private networks.
Completely eliminating the risk that someone will hack into a system may not be possible, but the threat can be significantly reduced. To provide a reasonable level of network security based on a company's specific situation:
* Turn all available security features on. Thieves like unlocked doors and will pass by locked areas for the easy pickings.
* Assess what level of security is really needed. How important or confidential is the company data? Do network connections with trading partners have even more sensitive data? Implement security measures in proportion to needs.
* Stick with the standards. Standards not only ensure others have tested the waters, but protect a company's investment for future changes and expansion. Do not use default settings, obvious passwords or keys. Rotate WEP keys often-at least once per day or every 10,000 packets of information to foil hackers' efforts.
Finally, monitor, monitor, monitor. Do not just turn a network on and assume it will always stay the same. Check and sniff the network for possible hidden access points. Be aware of the physical environment. Look for any unfamiliar car along the street with a driver just sitting in it. He might be trying to break into the house.