Wireless Nets Keep Security Crews on Their Toes

By Baselinemag  |  Posted 2005-12-13 Print this article Print

Even if you've managed to harden your wireless network to lock out the script kiddie with the Pringles, your access points offer easy entry to any one with with a good antenna, a little expertise and a decent set of cracker tools.

You know that dream—the one where you're up on a stage in your underwear and everyone's staring at you? To some information-technology managers, keeping a wireless network secure evokes the same feeling of vulnerability.

There's a basic reason for this sense of exposure: Radio signals can't be confined to the walls of an office building. The wiring for conventional networks can be physically locked behind closed doors or sealed into walls. But wireless data bounces into the open air, and somebody with the right equipment in the parking lot or the building next door could get into an improperly secured wireless network and see things that are supposed to be secret.

Wi-Fi, the industry's marketing term for the technology that runs most wireless data networks, is as common today as double lattes. The hardware necessary to connect to Wi-Fi networks

is built into most laptops sold today, and service providers have set up Wi-Fi hot spots at airports, hotels and coffee shops around the globe. Hackers have even coined a term ("wardriving") for cruising around in a car with a wireless laptop to find unsecured networks.

Naturally, the people who protect wireless networks live in a state of constant vigilance. "We're trying to keep a paranoid vision of how many patient records we fling through the air," says Steve Champion, the senior data security analyst for The Methodist Hospital System in Houston.

1. Monitor who's using the wireless network. Set guest accounts to expire after, say, 24 hours.
2. Audit the network regularly. Check security with tools that scan for vulnerabilities and detect "rogue" access points plugged into the network.
3. Update equipment to the latest security standards. Experts
say an older standard like WEP can be cracked easily if it's incorrectly deployed.
4. Add security in layers. For especially sensitive data, require that applications be accessed only via virtual private networks, in addition to using Wi-Fi security measures.

Champion must ensure that the wireless infrastructure at Methodist's four hospitals—which includes more than 400 access points from Cisco Systems—isn't compromised. "Right now, we have very, very strict policies of how the network is used," he says.

Every device that connects to Methodist's wireless networks must be authenticated by a system that assigns a unique alphanumeric key to the device each time someone logs on. The data is encrypted when it is transmitted between the device and the access point, so that even if someone managed to intercept the transmission, it would be scrambled.

Moreover, doctors or employees who want to go wireless must contact the data security department and sign a confidentiality agreement before they're given access privileges.

But Champion still has worries. One concern is "rogue" access points that employees set up on their own without proper security. Last year, he scanned all of Methodist's hospitals, walking around with a laptop for four days, and found 15 access points his team didn't know about.

By the end of the year, Methodist plans to install a proactive monitoring system from AirDefense. The system uses sensors, installed next to each Cisco access point, to monitor traffic and identify unusual commands that may indicate a break-in attempt. As Champion explains: "We need to be able to look at our network the same way a hacker would look at it."


Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.