Weigh and mitigate wireless risks: there need be no security trade-off

December 2003 Infrastructure

Wireless is a smart bet that is gaining corporate momentum, but the security concerns have put corporate spend in a holding pattern. “Security is certainly a big issue but standards are rapidly being ratified and the picture is becoming clear,” says Mark Lilje, MD at RangeGate. “There are several layers of security that can be implemented to safeguard sensitive data. It just takes some common sense.

Mark Lilje
Mark Lilje

"We have been in this market for 14 years, and we know of hundreds of wireless networks running in South Africa, many of them in the warehousing and distribution arenas - and we have implemented many of them. The focus is now shifting to the office environment, but companies wary of adoption are losing the opportunity to invest in architecture that could be of enormous benefit. The solution is to implement with caution, remaining aware of, and mitigating security risks according to the sensitivity of data with the technologies at hand.

"In three years' time we will have seamless roaming between WLANs and cellular networks and, according to researchers, in 15 years there will be more data travelling over WLANs than over cell networks. Locally, the wireless infrastructure market is expected to be worth R1 billion in revenues by 2005. and this excludes access and client device revenues," says Dave Scruse, account manager: wireless networking at RangeGate

"It is easy to get tangled up. Wireless security offers a maze of choices and the slow pace of security standards ratification has given rise to a number of interim solutions," says Lilje. "But do not get caught up in the hype.

"Yes, people can eavesdrop on your wireless communications and hack in through your wireless network if you do not put the right levels of authentication and encryption in place, but the security solutions are here. The latest 802.11i standard is ready to be ratified early next year. Upgrade paths are also being built into new products and alternatives (such as a switch which replaces the access point, with all the advantages of greater intelligence and component upgradeability) are being developed, cutting the cost associated with traditional wireless rip and replace strategies."

Just as important is to lock down the rest of the wireless value chain. Client device asset management, network management, and the physical security of your wireless infrastructure also play a role. Wireless LAN solutions are no longer islands of specialised functionality; they have to be integrated into the rest of the network infrastructure and applications.

"The risk and costs associated with wireless solutions need to be carefully weighed and mitigated - there need be no trade-off on security. It is essential that users and enterprise architects understand the issues, however - connectivity and setup are critical."

A quick glance through the wireless security standards developments paints the background against which companies must develop their security architectures.

The choices

"There is the tried and true IP Security (IPSec) that can be used in a virtual private network but it is limited to IP traffic, with all the complications of wired IPSec, such as configuration complexity and the requirement of client-side code," explains Scruse.

"Then there is the 802.11 Wired Equivalent Privacy (WEP) protocol. WEP's short and static encryption keys do not offer much in the way of security but proprietary and other solutions are attempting to make up for this. Companies such as Symbol have developed an enhanced key rotation technology, for example, that varies the security keys used in WEP at user-specified intervals, making it more difficult for an eavesdropper to obtain enough information to crack WEP keys. Vendors such as Cisco have also developed proprietary solutions that are built into their products. The problem here is that the user is limited to using one vendor's products.

"One up on this is Wi-Fi Protected Access (WPA), which the Wi-Fi Alliance vendor group announced last October. The first WPA-certified products are expected to become available this year based on the first WPA-certified chipsets. Of course South Africa is usually about six months behind on adoption and implementation of these products," says Scruse.

WPA offers stronger encryption with a firmware upgrade that overwrites WEP, and adds authentication protocol 802.1X.

The other choice is the IEEE's 802.11i. It is the WPA standard with stronger encryption and is expected to be completed early next year. Products that claim full or partial 802.11i compliance might begin to ship before 802.11i's ratification. Fully compliant products may only begin to appear in the second quarter of 2004."

The real issues

"The real issues are upgrade paths, migration, integration and compatibility. Of encryption and authentication, the latter is currently the weakest link. Authentication depends on the IETF and there are five incompatible variants of extensible authentication protocol (EAP) that can be used with 802.1X, including proprietary versions from vendors such as Cisco," explains Scruse. "The client and access points have to use the same version for proper authentication. Meanwhile, the EAPs are all at different stages of development or maturity and have different levels of compatibility.

"Replacement also currently means 'rip', which in turn can destroy the solution's estimated ROI because it negates the depreciation period of the equipment. ROI is thus not something many want to bet on.

"A blended or dual access point environment is one solution, while other users are placing their bets with a single vendor, relying on their speed and security upgrade paths. The alternative is to go with IPSec VPNs until the 802.11 standards have matured and de facto EAP winners emerge."

Conclusion

"The value proposition of wireless technologies has been proven; it is now a matter of deciding where and how you want to gear for inclusion of wireless solutions into your existing enterprise architecture," says Lilje. "The single biggest success factor is understanding the strengths and weaknesses of the wireless strategy you choose and ensuring that suitable measures are in place to gain the business advantage without the risk."

For more information contact Mark Lilje, RangeGate, 011 723 9300, [email protected]





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

The hidden cost of cheap networking gear
Duxbury Networking Infrastructure
When it comes to building a network, price is always a consideration, especially in the current economic climate, but there is a difference between smart spending and short-term savings with long-term losses.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
Fastest PCIe Gen 5.0 NVMe SSD
Products & Solutions Infrastructure
Sandisk has unveiled the WD_BLACK SN8100 NVMe SSD with PCIe Gen 5.0 technology, an internal SSD delivering speeds up to 14 900 MB/s and capacities up to 4 TB, with 8 TB solutions available soon.

Read more...
Unified storage solution
Products & Solutions Infrastructure
CASA Software has announced the local availability of Nexsan’s upgraded unified storage solution, Unity NV4000, which is ideal for mixed workloads, from virtualisation and video surveillance to secure backup and recovery.

Read more...
Suprema unveils BioStar Air
Suprema neaMetrics News & Events Access Control & Identity Management Infrastructure
Suprema launches BioStar Air, the first cloud-based access control platform designed to natively support biometric authentication and feature true zero-on-premise architecture. BioStar Air simplifies deployment and scales effortlessly to secure SMBs, multi-branch companies, and mixed-use buildings.

Read more...
Back-up securely and restore in seconds
Betatrac Telematic Solutions Editor's Choice Information Security Infrastructure
Betatrac has a solution that enables companies to back-up up to 8 TB of data onto a device and restore it in 30 seconds in an emergency, called Rapid Access Data Recovery (RADR).

Read more...
Advanced surveillance storage from ASBIS
Infrastructure Surveillance Products & Solutions
From a video storage solutions perspective, SkyHawk drives, designed for DVRs and NVRs, offer high capacity, optimised firmware, and a reliability workload rating of hundreds of terabytes per year.

Read more...
Power surges are killing our networks
Duxbury Networking Infrastructure
With power surges and lightning strikes becoming an all-too-familiar threat to South African infrastructure, Duxbury Networking is calling on local installers and network integrators to follow proper grounding protocols.

Read more...
A passport to offline backups
SMART Security Solutions Technews Publishing Editor's Choice Infrastructure Smart Home Automation
SMART Security Solutions tested a 6 TB WD My Passport and found it is much more than simply another portable hard drive when considering the free security software the company includes with the device.

Read more...
Five tech trends shaping business in 2025
Information Security Infrastructure
From runaway IT costs to the urgent need for comprehensive AI strategies that drive sustainable business impact, executives must be prepared to navigate a complex and evolving technology environment to extract maximum value from their investments.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.