USF Corporate Travel, like any other modern business today, needs to have an online presence. Networks have become a global tool that is used as platforms for any organization to remain competitive. Installing a Wireless Local Area Network (WLAN) is one of the recommended methods of implementing a network through which all computers within an organization can be connected to achieve a smooth flow of information and execution of business processes. USF would like to increase their corporate image by allowing potential and existing customers to use their laptops while they are in their premises.
Even though different models of the WLAN exist, they have a common vulnerability which is security. These vulnerabilities or threats to security can be curbed or reduced to an acceptable level that will cause minimal loss for USF Corporate Travel.To thoroughly understand the security implications of the implementation of WLAN, it is important to take a look at the concept, technology and architecture of Wireless LAN Technology. This insight is necessary so that USF Corporate Travel can make an informed decision as to the most appropriate way of deploying the Wireless Local Area Network.
The Concept of WLANA Wireless Local Area Network is a type of network that does not rely on wired connections to be functional. It may be implemented as an extension of or as an alternative to a wired LAN. Data is received and transmitted over the air (Proxim, 1998).The speed of a WLAN ranges from 1 to 54Mbps though some manufacturers offer up to 108Mbps solutions. A WLAN signal can cover areas ranging from small offices to large campus and areas. Several standards of WLAN hardware can be found, for example, 802.
11a, b and g standards are the most common for home access points and large businesses. There are different types of technology utilized in implementing wireless technology and one of them is the Narrowbandechnology, which involves spreading and receiving information on a specific radio frequency. The second is the Spread Spectrum Technology which is implemented via Frequency-hopping spread-spectrum and the direct sequence spread-spectrum. Also, there’s the Infrared Technology which is also very popular (Proxim, 1998).Wireless LANs use electromagnetic waves to communicate information without the need of any physical connections.
Access points are used to transmit and receive information and are thus called transceivers; one single access point can support many users. LAN configurations can employ peer-to-peer topologies and complex networks offering data connectivity and roaming facilities. IEEE 802.11b/WiFi standard encryption for wireless networking has been replaced by the more secure IEEE 802.1x standard, which comprises three different sections: Extensible Authentication Protocol (EAP), Point-to-Point Protocol (PPP), and 802.1x (Proxim, 1998).Benefits of WLANIt is more flexible than wired Ethernet connections. Users and Staff of the company can move around the office space and still remain connected to the network.
The installation procedure of a WLAN is easier and more cost-effective because it eliminates the need to run cables around the building; it also eliminates the cost of labour required in installing cables all over the building. Even though the cost of setting it up may outweigh that of a wired connection, over time, it proves to be more cost-effective due to the innovative technologies that are continually introduced into the market (Proxim, 1998). Another major benefit of a WLAN is that the configurations to the wireless networks can be easily changed and modified to fit the organization’s mobility requirements. Other major benefits include the ease of deployment, flexible installation options and scalability. WLAN security may be compromised by the effects of Denial-of-Service attacks, spoofing and eavesdropping (Proxim, 1998).Vulnerabilities of Wireless NetworksThere are inherent security flaws in Wireless Local Area Networks. IEEE 802.
11 is a standard model of WLAN and this is used as reference in the discussions contained in this document. There are numerous reasons while wireless systems are seen as insecure and not secure suitable enough even though it provides excellent network connections. Most of the data sent via wireless networks are protected by encryption at the low level but there are still some vulnerabilities at higher levels (Komu &Nordstrom, 1999).One of the major vulnerabilities of Wireless LAN is that an intruder can easily block an entire radio channel used for communication by transmitting junk over that channel.
This is a form of Denial of Service (DOS) attack that can prevent legitimate users from gaining access to network systems. WLANs can also be exploited by stealing the laptop of a legitimate user and gaining unauthorized access to the network (Komu &Nordstrom, 1999).The authentication procedures used for logging onto the network are quite unreliable and this may subsequently lead to the compromise of security settings, information and possibly, loss of millions of dollars. With Wireless networks, only the data that is transmitted is encrypted. Data headers are not encrypted and as such, it becomes possible for anyone to decipher the source and destination of the data being transmitted.With WLANs, data is sent through air and this leaves it open for intruders to intercept whatever information is being sent.
Data is vulnerable to being sniffed by anyone who already has access to the network Another major problem with wireless networks is that the management of the keys that facilitate access to networks is done by an operator (Komu &Nordstrom, 1999).Accessibility is another major feature of WLANs that make them easy to attack. Wireless LANs are very easy to access because they need to announce their existence so that existing and potential clients can connect directly to them. This is possible through a special feature known as beacons.
These beacons have no privacy functions. The only security methods that can be implemented at this level are encryption and strong accesses control (Johnson, 2002).Rogue access points can be created by any malicious attacker.
Access points can be purchased from a store, and used to connect to corporate networks without a hitch. These pose security threats to the entire network (Johnson, 2002).How can we improve the Security of Wireless LANs?Adopting a layered approach is one of the most recommended methods for securing the Wireless Network.
This includes locking down communication between devices, and monitoring neighbouring air spaces to ensure a safe implementation of the WLAN. Sensitive traffic may also be monitored through the use of Virtual Private Networks and Intrusion Detection Systems (IDS). An effective IDS should be stationed at all access points to monitor 802.11a/b/g protocols and analyze them for signals of attack or irregularities (Khatod, 2004).There are other ways of improving the security of Wireless LAN systems.
By following the approaches outlined below, information assets of organizations can be kept reasonably safe. Unauthorized access points, user stations, laptops and printers constitute significant threats to network security. The default configuration of these systems offer little security to the entire network and can easily be misconfigured. Intruders may also use any of these insecure stations as an entry point to attack the network (Khatod, 2004).Neighbouring Wireless LANS located within the same area also present certain security risks because they may attempt to access an organization’s network and thereby interfere with the existing wireless channels. There are however, certain software that can help to identity unauthorized access points and network vulnerabilities. For example, NetStumbler and Kismet.
These are however limited and involve the system administrator walking across the area and scanning for threats in the air. The recommended way to detect rogue stations and connections is by continuous monitoring. A continuous network monitoring strategy should be adopted through the use of wireless intrusion-detection sensors (Khatod, 2004).All access points should have security and management features. MAC (Media Access Control) address filtering is another method of securing the wireless network and preventing it from abuse. MAC address filtering is used to determine and filter which computers can connect to the network. Larger enterprises that have a huge number of computer systems may however, not be able to use MAC address filtering effectively and may employ the use of Remote authentication dial-in service (RADIUS) servers.
Also, to prevent pople from connecting to the Wireless LAN without the organization’s knowledge, access points should be configured not to allow slow connections which are typical from stations close to the area where the WLAN is deployed. Encryption and authentication are the main methods of security used by Wireless LANS these days. Unfortunately, they are not fool-proof. In 2001, Hackers where able to show how the Wired Equivalent Privacy (WEP), a standard method used for the encryption of 802.11 WLANs could be cracked. Many organizations after seeing this illustration became wary of deploying WEP and this made their networks more exposed (Khatod, 2004).
To combat intrusion, it is important to set and enforce WLAN policies. This will help to prevent security breaches and attacks. Examples of policies that may be implemented limiting WLAN traffic to selected channels, speeds, and durations (Khatod, 2004).
Major Access points running default configurations need to activate this WEP facility so that unauthorized access can be prevented. Unauthorized access can cause bandwidth charges and legal and security problems. 802.1x is a modified version of wireless connectivity that is more secure and allows the selection of an authentication mode based on Transport Layer Security (TLS) to ensure users attach only to authorized access points (Johnson, 2002). ReferencesJohnson, B. C.
(2002). Wireless 802.11 LAN Security: Understanding the Key Issues. SystemExperts Corporation.
Khatod, A. (2004, November 4). FIve Steps to WLAN Security. Retrieved December 11, 2008, from Computer World: http://www.computerworld.
com/mobiletopics/mobile/story/0,10801,97178,00.htmlNordstrom, M. K. (1999). Known Vulnerabilities in Wireless LAN Security.
Retrieved December 10, 2008, from http://www.niksula.hut.fi/~mkomu/docs/wirelesslansec.htmlProxim. (1998).
What is a Wireless LAN? Proxim.