Wireless Security Background
Defending and maintaining the operational performance of computer networks is a full-time job. Ensuring continuity of operations and missions relies on the confidentiality, integrity, and availability of networks and the data that traverses them. Yet it is difficult to obtain situational awareness of what’s going on in a computer network. The addition of wireless technologies — especially the inexpensive and pervasive IEEE 802.11 — has further compounded the complexity of this problem.
Wireless technologies have created an additional space that must be monitored: the radio spectrum. With critical capabilities either relying directly on wireless technology, or on resources that are potentially accessible via wireless technology, all organizations must now build capabilities to protect and defend this space.
One of the most prevalent threats to an organization’s security is its own employees; and it can be the most motivated who are the worst offenders. Take, for example, an employee who is frustrated by the slow adoption of wireless by their IT department. All they need to increase their productivity is a simple wireless connection. They think, “What could possibly be the delay — after all, the physical setup for a wireless access point is pretty simple: You take it out of the box, put it on a shelf near a network jack and a power outlet, plug in the power cable, and plug in the network cable!” Unfortunately, this employee self-help creates unmanaged, unmonitored, often ill-configured infiltration points into otherwise secure networks.
With the now ubiquitous presence of wireless hardware in everything from laptops to cell phones, employees don’t need to even do something as obvious as plug in an unauthorized access point to create these infiltration points. Malware or software misconfigurations on employee devices can quietly transform them into access points, bridges, or remote agents. These compromises can lead to theft of data, injection of untrusted data or malware onto a network, and denial of service.
In the same way that all organizations are affected by the need to defend against employee self-help, all organizations should also routinely conduct vulnerability assessments. This includes discovering all nearby wireless devices, investigating rogue devices, and verifying the configuration of access points, clients, and network infrastructure. In order to be effective, it is critical that such assessments be performed routinely. Organization that process credit card data, for example, are required by industry standards to conduct such wireless security audits quarterly.
This need for around-the-clock scanning is one of the primary growth drivers for the wireless intrusion detection/prevention system (WIDS/WIPS) market. Such systems monitor the radio spectrum for the presence of unauthorized, or rogue, network equipment, wireless attacks, and can even monitor the health and performance of the wireless network. In 2010, the market was valued at more than $270M, up from $119M in 2007; it is expected to reach $350M in 2012.
One of the key limitations of all WIDS/WIPS, however, is their range. WIDS and WIPS come in two flavors: embedded and overlay. Embedded systems utilize the access points in a network to perform both defensive and network operations. Overlay systems employ dedicated wireless radios that exclusively perform defensive operations. Both systems, though, require access point hardware to be installed throughout a building or facility; each device costs between $850 and $2,600, installed. Especially for large facilities, this high cost of installation often means that significant areas of a campus or building are left uncovered by WIDS/WIPS sensors.
Compounding this problem, threat actors can employ amplifiers and high gain, directional antennas to breach wireless networks from an increasingly distant range. Detecting and locating these remote attackers presents a significant challenge. And attacks on targets that lie outside WIDS/WIPS sensor coverage will go undetected without supplemental coverage.
One tactic that can be used in response to this more distant threat is to employ specialized personnel to patrol an area with laptops or other portable wireless detection and survey tools. While such an approach satisfies the need, it is costly. Many organizations simply cannot afford the cost of using cyber vulnerability specialists to provide continuous wireless surveillance. This limits the window of time that policy enforcement and threat detection scanning is taking place — increasing the risk of exploitation by an adversary.