Wireless networks are forcing organizations to completely rethink how they secure their networks and devices to prevent attacks and misuse that expose critical assets and confidential data. By their very nature, wireless networks are difficult to roll out, secure and manage, even for the most savvy network administrators.
Wireless networks offer great potential for exploitation for two reasons; they use the airwaves for communication, and wireless-enabled laptops are ubiquitous. To make the most of their security planning, enterprises need to focus on threats that pose the greatest risk. Wireless networks are vulnerable in a myriad of ways, some of the most likely problems being rogue access points (APs) and employee use of mobile devices without appropriate security precautions, but malicious hacking attempts and denial-of-service (DoS) attacks are certainly possible as well.
Unlike traditional wired networks in which communications travel along a shielded copper wire pair or optical cable, wireless radio frequency (RF) signals literally traverse the open air. As a result, RF signals are completely exposed to anybody within range and subject to fluctuating environmental factors that can degrade performance and make management an administrative nightmare. Whether authorized or not, wireless access points and their users are subject to malicious activity and employee misuse.
Additional wireless access security challenges come through the use of wireless-enabled devices by employees, the growing amount of confidential data residing on those devices, and the ease with which end users can engage in risky wireless behavior. The value of connectivity typically outweighs concerns about security, as users need to get work done while at home or while traveling. Survey data from the leading research group, Gartner, shows that at least 25 percent of business travelers connect to hotspots, many of which are unsecure, while traveling. Furthermore, about two-thirds of those who use hotspots connect to online services via Wi-Fi at least once a day highlighting the need for extending wireless security outside of the enterprise.
To ensure effective, automated wireless threat protection, companies and government organizations should implement a complete wireless security solution covering assets across the enterprise that enables them to discover vulnerabilities, assess threats, prevent attacks, and ensure ongoing compliance - in the most secure, easy-to-use and cost-effective manner available.
IT departments must have a pre-emptive plan of action to prevent malicious attacks and employee misuse which compromise an organization's data privacy and enforce security policies for wireless use - both inside and outside their facilities. Whether or not a company has authorized the use of wireless or has a 'no wireless' policy, their networks, data, devices and users are exposed and at risk.
Chris Waters is CTO of Network Chemistry as well as an editorial board member of the Wireless Vulnerabilities and Exploits project.