Securing wireless communications

This excerpt from "The tips and tricks guide to securing Windows Server 2003" describes four security implementation opportunities that exist for wireless networking.

This Content Component encountered an error

The tips and tricks guide to securing Windows Server 2003 The following excerpt is from Chapter 4 of the free e-book "The tips and tricks guide to securing Windows Server 2003" written by Roberta Bragg and available at Realtimepublishers.com. Click for the complete book excerpt series.



Securing wireless communications

Wireless communications have come under fire for their weak data-encryption implementation and lack of sound authentication mechanisms. Add to these shortcomings a cavalier implementation, and you have the recipe for disaster. Although techniques for spying on computer systems using specialized antennas, watching the blinking network access lights, telescopically viewing computer monitors and other techniques have been used in the past, these techniques require some sophistication or clear line of sight to implement. Wireless networking as now used requires neither.

For most, the threat to data exposure has been perceived as limited to penetration of limited access points to the network. No access points, no threat. Limited access points with detection and firewalling lessen the threat. Difficult to entirely prevent exposure, but if properly designed and configured, an acceptable risk. However, wireless access to the corporate network exposes internal communications to external entities. The outsider doesn't have to physically connect to the internal LAN, penetrate the corporate firewall, nor discover unprotected dial-up access. He or she has only to sit within the range of the WAP (60 to 300 feet for most) and have his or her own wireless networking card. A single, improperly configured WAP serves up the network to any such passerby. Many properly configured WAPs are easily subject to penetration due to weak encryption implementations and the existence of tools that purport to decrypt communications.

Several wireless 802.xx standards exist. Many of the differences in technology are not important to security but can cause problems in implementation. Before adopting a standard, you will want to consider these differences, but first consider the security facilities offered by the particular solution. The information offered here is merely to help you differentiate between the currently available products:

802.11 1 or 2Mbps transmission, 2.4GHz band, using frequency hopping spread spectrum (FHSS) or direct sequence spread spectrum encoding (DSSS) schemes

802.11a extends 802.11 to provide 54Mbps in the 5GHz band, uses orthogonal frequency division encoding scheme; typical access areas extend up to 60 feet

802.11b Wi-Fi extends 802.11 to provide 11Mbps in the 2.4GHz band and using only DSSS; typical access areas extend up to 300 feet

802.11g is an extension that provides 20+ Mbps in the 2.4GHz band

802.1x is currently a draft proposing authentication mechanisms for 802.11 wireless networks

Four security implementation opportunities exist for wireless networking: do nothing, use standard security options available for configuration on the access points, use standard security options plus firewall the access point, add 802.1x authentication and improved technology.

Click for the next excerpt in this series: Standard security options.


Click for the book excerpt series or visit Realtimepublishers.com to obtain the complete book.

Dig deeper on Windows Server and Network Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close