Wireless Nets Keep Security Crews on Their ToesBy Baselinemag | Posted 2005-12-13 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Even if you've managed to harden your wireless network to lock out the script kiddie with the Pringles, your access points offer easy entry to any one with with a good antenna, a little expertise and a decent set of cracker tools.
You know that dreamthe one where you're up on a stage in your underwear and everyone's staring at you? To some information-technology managers, keeping a wireless network secure evokes the same feeling of vulnerability.
There's a basic reason for this sense of exposure: Radio signals can't be confined to the walls of an office building. The wiring for conventional networks can be physically locked behind closed doors or sealed into walls. But wireless data bounces into the open air, and somebody with the right equipment in the parking lot or the building next door could get into an improperly secured wireless network and see things that are supposed to be secret.
Wi-Fi, the industry's marketing term for the technology that runs most wireless data networks, is as common today as double lattes. The hardware necessary to connect to Wi-Fi networks
is built into most laptops sold today, and service providers have set up Wi-Fi hot spots at airports, hotels and coffee shops around the globe. Hackers have even coined a term ("wardriving") for cruising around in a car with a wireless laptop to find unsecured networks.
Naturally, the people who protect wireless networks live in a state of constant vigilance. "We're trying to keep a paranoid vision of how many patient records we fling through the air," says Steve Champion, the senior data security analyst for The Methodist Hospital System in Houston.
Champion must ensure that the wireless infrastructure at Methodist's four hospitalswhich includes more than 400 access points from Cisco Systemsisn't compromised. "Right now, we have very, very strict policies of how the network is used," he says.
Every device that connects to Methodist's wireless networks must be authenticated by a system that assigns a unique alphanumeric key to the device each time someone logs on. The data is encrypted when it is transmitted between the device and the access point, so that even if someone managed to intercept the transmission, it would be scrambled.
Moreover, doctors or employees who want to go wireless must contact the data security department and sign a confidentiality agreement before they're given access privileges.
But Champion still has worries. One concern is "rogue" access points that employees set up on their own without proper security. Last year, he scanned all of Methodist's hospitals, walking around with a laptop for four days, and found 15 access points his team didn't know about.
By the end of the year, Methodist plans to install a proactive monitoring system from AirDefense. The system uses sensors, installed next to each Cisco access point, to monitor traffic and identify unusual commands that may indicate a break-in attempt. As Champion explains: "We need to be able to look at our network the same way a hacker would look at it."