Wireless Nets Keep Security Crews on Their Toes

By Baselinemag  |  Posted 2005-12-13

You know that dream—the one where you're up on a stage in your underwear and everyone's staring at you? To some information-technology managers, keeping a wireless network secure evokes the same feeling of vulnerability.

There's a basic reason for this sense of exposure: Radio signals can't be confined to the walls of an office building. The wiring for conventional networks can be physically locked behind closed doors or sealed into walls. But wireless data bounces into the open air, and somebody with the right equipment in the parking lot or the building next door could get into an improperly secured wireless network and see things that are supposed to be secret.

Wi-Fi, the industry's marketing term for the technology that runs most wireless data networks, is as common today as double lattes. The hardware necessary to connect to Wi-Fi networks

is built into most laptops sold today, and service providers have set up Wi-Fi hot spots at airports, hotels and coffee shops around the globe. Hackers have even coined a term ("wardriving") for cruising around in a car with a wireless laptop to find unsecured networks.

Naturally, the people who protect wireless networks live in a state of constant vigilance. "We're trying to keep a paranoid vision of how many patient records we fling through the air," says Steve Champion, the senior data security analyst for The Methodist Hospital System in Houston.

1. Monitor who's using the wireless network. Set guest accounts to expire after, say, 24 hours.
2. Audit the network regularly. Check security with tools that scan for vulnerabilities and detect "rogue" access points plugged into the network.
3. Update equipment to the latest security standards. Experts
say an older standard like WEP can be cracked easily if it's incorrectly deployed.
4. Add security in layers. For especially sensitive data, require that applications be accessed only via virtual private networks, in addition to using Wi-Fi security measures.

Champion must ensure that the wireless infrastructure at Methodist's four hospitals—which includes more than 400 access points from Cisco Systems—isn't compromised. "Right now, we have very, very strict policies of how the network is used," he says.

Every device that connects to Methodist's wireless networks must be authenticated by a system that assigns a unique alphanumeric key to the device each time someone logs on. The data is encrypted when it is transmitted between the device and the access point, so that even if someone managed to intercept the transmission, it would be scrambled.

Moreover, doctors or employees who want to go wireless must contact the data security department and sign a confidentiality agreement before they're given access privileges.

But Champion still has worries. One concern is "rogue" access points that employees set up on their own without proper security. Last year, he scanned all of Methodist's hospitals, walking around with a laptop for four days, and found 15 access points his team didn't know about.

By the end of the year, Methodist plans to install a proactive monitoring system from AirDefense. The system uses sensors, installed next to each Cisco access point, to monitor traffic and identify unusual commands that may indicate a break-in attempt. As Champion explains: "We need to be able to look at our network the same way a hacker would look at it."

Knit a Safety Net

Champion and his team appear to be ahead of the curve. Most businesses with wireless networks have surprisingly inadequate security measures, according to industry experts.

"There are a ton of organizations with wireless, but there aren't many that are serious about doing what I'd consider enterprise-class wireless security," says Kevin Harvey, formerly practice manager of security technology for Forsythe Technology, a consulting firm based in Skokie, Ill.

For example, the six-year-old Wired Equivalent Privacy (WEP) protocol is often the only encryption mechanism companies use for wireless networks, but Harvey says the protocol is relatively easy to hack, particularly if it's set up improperly. He blames the lack of awareness on this issue, in part, on wireless vendors that don't give customers the whole picture. "They're going to say, 'WEP is perfectly fine, don't worry about it.' They don't want to add fear into the sales cycle," he says.

A newer, and more secure, technology is the Wi-Fi Protected Access (WPA) protocol. The latest version of WPA, called WPA2, offers enhanced encryption capabilities including the Advanced Encryption Standard algorithm used by many government agencies. Now, interoperability is the main problem, says Gartner analyst John Pescatore._"The issue is not that you can't do wireless networking securely, but that all the vendors do it slightly differently," he says.

New security technologies are also going on the offensive. Wireless intrusion detection systems from vendors including AirDefense, AirMagnet, Network Chemistry and WiMetrics monitor the radio spectrum in a given area and watch out for unauthorized users. Some can map the location of a suspected rogue access point, or detect sophisticated attacks such as the "evil twin" scheme, in which a hacker's computer impersonates a legitimate wireless access point to steal passwords or other private information.

as the products have improved, customers have become more aware of the dangers of leaving their networks unprotected. Five years ago, Consolidated High School District 230 in Chicago's southwest suburbs rolled out a wireless network with equipment from Lucent Technologies—without any security. "Initially, our networks were wide open," says Darrell Walery, the district's director of technology.

Walery soon realized his team needed to batten down the hatches to prevent students from accessing sensitive data, like their grades. The district, which includes three high schools with 9,000 students, now encrypts data on its wireless networks using software from Bluesocket. "In education," Walery notes, "we tend to have some hostile users"—i.e., disaffected teen-agers with ready access to high-tech gear.

The encryption added a layer of security, but Walery has remained on guard. His group carefully monitors access to the network, and one day discovered an unauthorized signal they traced to someone—out in the proverbial parking lot—who was trying to crack into one of the school's wireless networks using a Pringles potato chip can as a long-distance antenna.

Others find the need for security measures above and beyond those provided by the wireless infrastructure. The government of Culver City, Calif., on the west side of Los Angeles, runs a free Wi-Fi network for residents and visitors over a one-square-mile area of its downtown. The network, which provides access to the Internet, is unrestricted. There's zero security. "People don't want to deal with the WPA or WEP keys," says Carlos Vega, an information systems analyst with the city.

However, Culver City also runs a wireless network at

its primary administration building for some of its 700 employees. For this network, Vega and his team have three levels of security: A WPA key, issued by the city's information-technology department; a log-in to the city's Windows NT system; and a virtual private network that encrypts data before it hits the wireless network.

"We try to take every security precaution possible," Vega says. When every passing driver—or kid with a Pringles can—is a potential hacker, who would say he's overreacting?

ONLINE RESOURCES: Wireless Security
  • Wi-Fi Alliance (www.wi-fi.org), a consortium of wireless network technology vendors, provides white papers on
    security standards and practices.
  • The SANS Institute (www.sans.org) has an archive of wireless security white papers.
  • Wardrive.net offers primers on wireless security best practices.