WIRELESS HAS ITS PROS, BUT IS NOT WITHOUT SECURITY IMPLICATIONS
Wireless Local Area Networks (WLANs) bring true mobility to the business arena. It allows users to move from area to area while maintaining connectivity and offers a variety of business benefits driven by this user convenience. Other significant drivers of the technology include increased ability to transact business and immediacy of information.
Organisations who have so far embraced wireless technology and applied it to their business, have seen tangible results such as increased sales, improved customer service, a strong competitive advantage and, important for the financials, rapid return on investment.
For all these reasons, predicted growth in the WLAN market is from $2.4 billion to $5.2 billion by 2005.
However, according to Chris Davis, executive at NamITrust, the enterprise security division within NamITech, WLANs have distinct security implications for organisations. "It is exceptionally difficult to control physical access to a WLAN," say Davis. "They can be purchased and deployed with minimal cost and effort, possibly by individual departments who have not consulted with the IT department. Of course, this runs the risk of creating vulnerabilities on the overall security perimeter."
In addition, security weaknesses inherent in the WLAN protocols make a corporate network susceptible to any number of possible attacks. Should an organisation experience a malicious attack on its WLAN, it faces a compromise of information integrity and loss of customer faith.
Because of the above factors, it is critical that attention is paid to the security around WLANs. "Organisations need to seriously consider the vulnerabilities and additional security features required to make the basic WLAN specifications more secure and usable for the organisation," continues Davis.
A complication particular to WLANs is that an intruder could execute an attack without leaving a trace of evidence, as is generally found in traditional attacks. When an intruder closes their unauthorised session on the WLAN, no audit trail such as a traceable IP address is left behind. Without these vital audit trails, a WLAN operator may be held liable for illegal activities carried out on their networks.
But rest assured, there are several security measures that can be instituted to limit the threat facing a WLAN. On a very practical level, the organisation should make sure that only authorised users are allowed to access the WLAN, using approved mobile devices. The company can implement stringent access controls, regulating which areas of a network people can access when connected through a wireless device as opposed to a wired desktop. And of course, strong authentication measures are vital. The organisation must have clearly defined policies regarding its WLAN, and the users of that WLAN should be documented and managed carefully.
"An important point to remember when considering the establishment of a WLAN, is that although the challenges are slightly different, wireless security cannot be viewed in isolation. It needs to be considered within the context of the overall security of the organisation," explains Davis. "In fact, while it certainly does require attention, it is really remains just a symptom of the greater problem - overall security. As illogical as it may seem, only be treating your WLAN as insecure, will you be able to ensure the integrity of your organisation’s wired network."