Wireless Security Issues

It is helpful to consider the specific challenges that exist when it comes to the security of wireless technologies. Breeding (2002) in his examination of wireless technologies notes that, "A wireless network operates just like a traditional LAN, except without the wires. Instead it uses signals transmitted over radio frequencies to enable computers to communicate with one another" (p. 42). This author goes on to note that the organization must establish an access point for individual users to access the network. This access point is physically connected to the wired network and allows for wireless access of all computers in the organization.

While the basic context of wireless networks appears to provide the overall security necessary for ensuring the protection of data, Poore (2002) argues that, "Where standards support encryption (e.g., IEEE 802,11b), the implemented products generally default to an unencrypted connection and often support protocols and cryptographic key methodologies with known security weaknesses" (p. 4). Thus, even when individuals using the wireless network believe that they are protected from security threats, the reality is that there are significant problems when it comes to ensuring the overall integrity of the network. Breeding (2002) contends that the inherent flaws in wireless security are exacerbated because, "anyone with the right equipment in physical proximity might be able to capture your network traffic, gain unprotected passwords, and launch an attack on your computers" (p. 42).

When placed in this context, it becomes evident that the issue of wireless security in the organization is one that is of paramount concern. Not only are there significant weaknesses in wireless technologies, research clearly demonstrates that anyone within close proximity to the network can hack into the system. For this reasons, information technology professionals must consider the specific security steps that can be utilized to ensure that the organization's data is protected. Without clearly defined protocols for wireless security in place, the organization may face considerable problems dealing with unlawful access to the system.

Solutions for Security on Wireless Networks

Encryption

Among the most notable issues that must be addressed in the context of wireless security is that of encryption. Scholars examining the transmission of data across wireless networks note that while most users assume that the data they are sending across the network is encrypted, and thus secure, in most instances, plaintext data is being sent. This represents a considerable security threat as hackers looking to pick information off the network will not have to worry about decoding the information once it has been captured. What this perhaps most troubling about this issue is that it can easily be resolved though the application of encryption protocols that protect the sensitivity of data being transmitted over the network (Radding, 2001).

When examining the process of encrypting data sent over the wireless network, Radding notes that there are some considerations that must be addressed overall. As reported by this author, most wireless technologies contain Wireless Application Protocol (WAP) capabilities. With respect to laptops, these capabilities are often disabled because the WAP is not compatible with Secure Sockets Layer (SSL), upon which most organizations run their businesses. According to Radding, "There's nothing wrong with WTLS except that it is not compatible with SSL... So WTLS messages must be converted into SSL before an e-commerce site or corporate network can read them" (p. 52).

Conversion occurs just outside of the network gateway, which means that critical information is vulnerable to attack in the seconds before it is sent through the access point. Although this is a considerable safety issue, the use of WTLS notably reduces the overall threat posed by using wireless technologies. By implementing WTLS, the IT professional will be able to significantly reduce the threat of data capture as a result of close proximity to the network. Although the use of WTLS for encryption still engenders some small degree of security risk, the overall threat of compromising data is decreased significantly.

Virtual Private Networks

In addition to utilizing encryption to transfer data, some scholars have recommended the development and implementation of virtual private networks or VPNs. Deveaux (2000) in his examination of VPNs observes that virtual private networks are defined as "the emulation of a private wide area network (WAN) using IP facilities, including the public Internet or private IP backbones. Privacy is maintained through the use of a tunneling protocol and security procedures" (p. 30). Virtual private networks provide a myriad of security features that can enhance and improve security for organizations choosing to utilize wireless networks. Deveaux goes on to examine the security features as follows:

Tunneling Protocols: According to Deveaux, tunneling is a process that specifies a pathway for the transmission of data. Protocols used for tunneling include: Point to Point Tunneling Protocol (PPTP), IP Security (IPSEC), and Layer 2 Tunneling Protocol (L2TP).

Authentication: VPNs require the user to verify identity before establishing a VPN tunnel. "Methods for authentication include public key infrastructure (PKI) technology, which utilizes cross-authentication and checking certificate revocation lists (CRL)" (p. 31).

These security features enable IT professionals to ensure that the data transferred through the VPN is secure.

The virtual private network as a means for engendering security in a wireless system had been noted to be a formidable method for reducing security breaches. According to Savarese (2002) the overall level security provided in the VPN is quite high, making it difficult for hackers to gain access to the network. Savarese goes on to argue that while security on the wireless network can be improved, the organization must address some compatibly issues in the context of developing these networks. Further, because of the extent of the security that is used to protect VPNs, widespread use by individual members can slow the network considerably. "Coverage is spottier and the network is slower. Wireless users need session persistence, link optimizations and compression for the network to be usable" (p. 39). These issues must be taken into consideration when implementing a VPN for the organization.

Personal Firewalls

Bradley and Warring (2005) in their examination of the security protocols that should be used by organizations employing wireless networks argues that firewalls represent a formidable method for reducing security breaches. In particular, these authors argue that the use of a wireless network engenders certain problems that can be addressed by the use of personal firewalls:

When you connect to a public wireless network you are joining a local network with other unknown computers. Having these computers on the same IP subnet makes them more dangerous than machines elsewhere on the Internet. Machines in your network and subnet range are able to more easily capture traffic between your computer and the wireless access point or attempt to connect with your computer and access your files and folders (Complete guide...).

Bradley and Warring go on to argue that the unique security threat created in this situation is one that can be addressed through the use of a personal firewall. "A personal firewall will help you restrict the traffic allowed in and out of your computer. This protects you not only from attacks that originate outside of your network, but also those from other computers on the same network" (Complete guide...).

Although Bradley and Warring present a notable case for the development and implementation of personal firewalls as a central means to mitigate security threats on wireless networks, there are some notable disadvantages to using these tools. Wilson, in his investigation of personal firewalls notes that despite the fact that personal firewalls offer so much protection to the end user the cost of implementing firewalls can be quite prohibitive for large organizations. Wilson reports that while firewall costs for individuals and small businesses are often "reasonable" for large organizations, the cost of implementing firewalls can be quite high. As such, organizations must take this issue into consideration when developing security protocols for wireless networks.

In spite of the costs that can be associated with installing firewalls, Wilson argues that it is important to note that many current firewalls available for purchase contain integrated virtual private networks. Further, many firewall vendors are now including gateway security protocols into their software. Placing this into the context of selecting security protocols for wireless networks, the organization needs to consider the specific features that are offered though purchasing personal firewalls. If done correctly, the IT professional may be able to capture two or three security measures by purchasing one firewall package. This can provide a cost conscious alternative for the organization to protect its wireless networks.

Antivirus Software

Finally, Bradley and Warring (2005) argue that up-to-date antivirus software can improve the overall security and integrity of the network. These authors note that when a user connect to a personal network, they can operate with "fair assurance" that other machines on the network are protected against viruses and malicious code. However, Bradley and Warring note that: "When you connect to a public network you have no such assurance. Suddenly it is more important than ever to have antivirus software installed" (Complete guide...). Antivirus software can provide the rudimentary protection that is needed to ensure that the organization's network is not exposed to malicious code that can significantly impact data integrity. For organizations using large wireless networks, antivirus software is a basic component for protecting the security of the network.

Even though antivirus software is a basic component for protecting the organization, Schwartz (2002) report that there are two specific issues that must be addressed when it comes to this software. First the software must be continually updated in order to ensure that all users have the necessary protection to fight the latest threats. Second, Schwartz notes that virus protection cannot be offered until a new virus has been discovered. As such, even with the latest, most comprehensive antivirus software installed, the organization still faces the threat of contracting a "new" virus. Thus, even though the organization may spend a considerable amount of money on regularly updating its antivirus software, there are not guarantees that the system will not be subject to the threat of a virus attack. Organizations must be aware of this issue when implementing antivirus software.

Conclusion

When it comes to protecting the organization from the security threats that could manifest in the context of the wireless network, the reality for information technology professionals is that regardless of the methods used to secure the network, there will ultimately be some type of vulnerability. Whether it is through the conversion of WTLS data to SSL data before it enters the network gateway or through the development of a new virus that is not covered under antivirus software, the reality is that it is difficult to make the wireless network completely secure. Although complete security on the wireless network is difficult to secure, as this investigation demonstrates, there are a host of steps that can be taken to markedly improve the security of the network. Thus, for IT professionals, the challenge that remains is one of selecting the right protocols that will match both the technological and financial needs of the organization.

At the present time, there are no comprehensive methods that will ensure the complete protection of the wireless network. However, what this research clearly demonstrates is that the specific tools that have been developed to protect the wireless network are vastly underutilized by IT professionals in most organizations. As more companies begin to extrapolate the value of implementing wireless networks in their organizations, IT professionals will have to work with the organization to ensure that its sensitive and critical data is protected. Even though wireless networks engender considerable utility and cost conscious alternatives for the organization, security issues will remain a pervasive issue for these networks, at least in the short-term. For this reason, information technology professionals need to educate themselves about the different solutions that are currently available to address these pressing security issues. Only though the implementing security protocols will the IT professional be able to ensure the integrity of the wireless network

.

References

Bradley, T. & Warring, B. (2005). Complete guide to Wi-Fi security. JiWire. Accessed May 5, 2006 at: http://www.jiwire.com/wi-fi-security-introduction-overview.htm.

Breeding, M. (2002). The benefits of wireless technologies. Information Today, 19(3), 42-44.

Deveaux, P. (2000). Virtual reality. America's Network, 104(2), 30-35.

Poore, R.S. (2002). The wonders and woes of wireless. Information Systems Security, 11(5), 4-10.

Radding, A. (2001). Crossing the wireless security gap. Computerworld, 35(1), 52-54.

Savarese, J. (2002). Security standards improve. Communications News, 39(1), 38-40.

Schwartz, E. (2000). Making wireless handhelds secure could be the next major mobile frontier. InfoWorld, 22(38), 68A-70.

Wilson, J. (2005). The future of the firewall. Communications Review, 35(5), 28-32.