By Galen Gruman, editorial director, IT Wireless
A free newsletter to all IT Wireless subscribers.
This issue's sponsors: NowSpeed | eWEEK | CTIA
IN THIS ISSUE:
Note to readers: Some email clients, such as Lotus Notes, do not properly handle links within an email, such as those above to specific stories. If your email client cannot properly use these links, simply scroll down for the stories. Links to Web sites outside this email should work in any email client.
From our sponsors
GET CONTROL OF
WIRELESS ENTERPRISE ACCESS
Find out what 10,000 Enterprise users already know. NowSpeed Mobile Office(TM) behind-the-firewall server is a high performance, secure gateway to Microsoft Exchange(TM) for smart phones, mobile devices and Web browsers. It even includes push notification and fast attachment support. Download a FREE copy and automatically enter to win a Handspring Treo(TM).
GET CONTROL OF
WIRELESS ENTERPRISE ACCESS
A Guide to Wireless Security
It's clear that security concerns are one of the biggest barriers IT organizations see when they consider whether and how to deploy 802.11 wireless networks in the enterprise. Wireless's biggest advantage -- open access for people that come and go -- is also its biggest security disadvantage. Unmanaged, a wireless access point can be like a unsecured modem, Ethernet jack outside your building, or server accessible over the Internet to anyone. Based on interviews with security vendors such as NTRU and PsionTeklogix, as well as wireless connectivity vendors such as Symbol Technologies and IBM, here are basic issues that IT and networking administrators should consider when addressing security aspects of wireless LANs. "You want to treat all your wireless connections as hostile," says Daniel Lieman, co-founder of wireless security provider NTRU.
The basic advice is to treat your wireless network like an Internet or dial-up connection and use firewalls, virtual private networks (VPNs), authentication, and encryption to secure wireless access as you would access through the Web or dial-up.
Wireless access points and routers -- the entry points into the wireless network and eventually to the enterprise network -- come with at least basic encryption built-in, the 40- and 128-bit Wireless Equivalency Protocol (WEP). At the very least, this should be turned on, since it requires that users' wireless radios use an IT-issued authentication key. For low-security information, WEP is fine. While someone can snoop the wireless network to try to capture the encrypted key, it requires several hours to get enough traffic to analyze what part of the data stream are the keys. (For specific details of how WEP encryption can be broken, see the University of California at Berkeley Web report that revealed the flaws.) For internal company wireless networks, such as in training centers and conference rooms, that don't leak outside the environment, the chances that someone can snoop on that much traffic is very small.
Most of the stories about intruders scanning for wireless access points and then entering people's networks involve access points for which WEP has never been turned on, making them huge security holes. While such unsecured access points are common in people's home wireless LANs, they typically occur in the enterprise only for unauthorized access points installed by end users. If that's a concern, many vendors offer "rogue access point detection" hardware that can find such unauthorized access points. Another WEP weakness is that many employees have the key and could share it, on purpose or accidentally, with outsiders.
For wireless access points in public areas, WEP alone won't do. The Wi-Fi Alliance, a vendor consortium, has developed the Wi-Fi Protected Access protocol (you can download an overview paper in PDF format) to overcome WEP's weaknesses. WPA is an early, pre-release version of the IEEE's 802.11i standard meant to replace WEP. But WPA has two significant deficits: One, it requires that you get all new access points and client radios (some existing products may be flash-upgradable). Two, it won't be available until this spring. Plus, it will be replaced about a year later by 802.11i, so many IT organizations will decide there are too many security changes to support and simply want to delay any wireless deployment until the 802.11i standard is finalized.
Many vendors of enterprise-class wireless access points, routers, and radios offer additional security in their products beyond WEP. Typically, these provide VPN capabilities and perhaps additional encryptions such as Kerberos or FIPS 140-2 (a federal security standard). FIPS specifies the use of a gateway between access points and the LAN and requires a higher level of encryption than WEP. FIPS essentially codifies good security practice that enterprises should have already deployed for Web and dial-up users. The federal National Institutes of Standards and Technology has put together a PDF white paper on wireless security best practices.
Some companies, such as Psio/Teklogix, offer closed-loop wireless LANs that require all clients to use that vendors' equipment and client software -- this minimizes the chances that an unauthorized user could gain access, even if they had the right authentication codes.
The other issue to consider if you set up firewalls is the architecture of your firewall setup, notes NTRU's Lieman. "Do you have one firewall for each access point or a common firewall that separates the access points as a group from the rest of the network?" Both approaches require ongoing, hands-on management, just as would a series of Internet firewalls. Wireless security vendors all come to this point: Securing wireless LANs is essentially the same as securing Internet connections. While there are some wireless-specific issues related to the 802.11 standards, good basic network security practices will overcome most concerns.
From our sponsors
Did you know that qualified IT professionals can get eWEEK for FREE? eWEEK -- The Enterprise Newsweekly -- is packed with IT news, vendor analysis, reviews and tech evaluations which help keep you informed and make educated IT buying decisions. eWEEK (formerly PC Week) is an award winning newsweekly brought to you exclusively by Ziff Davis Media. Act now to secure your FREE subscription!
The Latest in Wireless Products and Tech
From our sponsors
There were lots of announcements recently of wireless infrastructure, software, and hardware for the enterprise. Among the highlights:
Got a great product or technology tip? Send it to firstname.lastname@example.org.
From our sponsors
CTIA WIRELESS 2003
March 17-19 -- Ernest N. Morial Convention Center -- New Orleans, LA
Register Now -- Today, Feb. 3, is the Last Day to Get the Early Bird Discount !
wireless show in the world!
Live Well, Work Smart, Play Hard -- Wireless makes it possible!
There's more evidence that wireless LAN adoption will be a big trend this year and next, as enterprises deploy the technology in increasing numbers.
First, Allied Business Intelligence (ABI) issued a report saying that wireless growth will continue to accelerate as multibillion dollar technology and telecommunications companies such as Microsoft, Intel, Dell, AT&T, and IBM enter the wireless LAN industry. These corporations bring their deep financial pockets and millions of potential consumers to the WLAN industry, the report says. "The WLAN industry will continue to experience stellar growth as deployments in several key markets take place," predicts ABI analyst John W. Chang. "These key markets include residential homes, small-medium offices, enterprises, academic campuses, transportation facilities, health care sites, industrial centers, and at the local neighborhood eatery. Additionally, 802.11a, 802.11g, and dual-band protocols are some of the key catalysts that will accelerate the market adoption of WLAN with its higher speeds of up to 54 Mbps." ABI's research also indicates:
Second, International Network Services issued a new report that found that wireless LANs will become a key component of many companies' network infrastructures in 2003. The report's findings include:
And finally, the Yankee Group predicts that more than 50% of large U.S.
enterprises will plan to implement a mobile/wireless solution in
Forward them this newsletter
From IT Wireless
Tell a Friend!
As an IT professional, you know that wireless technologies such as 802.11 promise to provide significant benefits to your organization. Before you go full steam ahead, you need answers to your critical concerns about wireless LANs. Questions concerning security, compatibility and best practices, to name just a few. The IT Wireless Insider email newsletter is now here to help you figure it all out. And coming later this year, IT Wireless magazine!
Get your FREE subscription to the email IT Wireless Insider newsletter today and to IT Wireless magazine when it debuts!
Subscription and account
This newsletter is sent to all subscribers to the IT Wireless Insider newsletter and IT Wireless magazine; subscribers provided their email address at the time they requested the publications at our Web site and received a confirmation of their subscription at that time. Click here to change subscription information.