Are worries over wireless LANs warranted?
Canadian wireless analyst Jeremy Depow notes that despite all the productivity gains to be had by using a wireless LAN (local area network) – increased mobility, ease of use, flexibility – many enterprises are nonetheless concerned by the potential security risk.
“The fear in general seems to be we’re passing data through the air within the environment,” said the senior analyst for Kanata, Ont.-based research firm The Yankee Group Canada. “Can people tune in and pick them up? Are you going to lose data?” These are valid concerns, Depow added.
The good thing, Depow offered, is that vendors are becoming more sensitive to customer concerns. “Most vendors are now anxious to get the technology perfected, to get standards set and make it available. As we go forward it’s becoming more of a focus because they’re hearing from their own clients and customers,” Depow said.
“Wireless LANs really don’t present new security challenges, rather they simply bring to the fore security issues that have always been there in the wired world,” said Cisco Systems product line manager Ron Seide in Akron, Ohio. “To truly get to an enterprise level of security in terms of robustness and scalability, the existing ratified standards are inadequate.”
Seide noted that Cisco is working as part of the 802.11i task force to develop proven methods for encryption. “What we’re doing there is actually repurposing a number of pre-existing standards or pre-existing technologies to bring security to the wireless world,” he said.
Seide added that Cisco’s products are fully 802.11b compatible and allow both secure and non-secure connections on the same access point.
Targeted at medium to larger enterprises, products such as those offered by Laval, Que.-based Colubris Networks Inc., use embedded VPN technology to boost 802.11b security. Pierre Trudeau, founder and chief technology officer, said wireless security products such as its CN1000 model extends the reach of the existing wired corporate VPN server to the wireless network. “That way we make sure that not a single PC can attach to the access point without first setting off a secure VPN. That secure VPN allows us to taste very strong authentication and then very strong encryption using trickle desk encryption – once we have authenticated and authorized users to connect to the network,” Trudeau said.
Trudeau conceded that a lot of companies are placing a moratorium on wireless LAN projects and that wireless security is still a problem, but noted that manageability is improving and products such as those offered by Colubris will “open the gates a little bit.”
Markham, Ont.-based IBM Canada Global Services information security consultant Gary McIntyre said wireless LANs should be treated as any other entrusted network. “IBM as a vendor as well as a service provider has definitely come on the side that says that wireless LANs are essentially an extension of the Internet,” McIntyre said. Wireless LANs will always be more dangerous than a wired, especially since it is like a hub environment where everyone is sharing the same bandwidth, McIntyre said.
“Wireless isn’t quite there yet,” he said, adding that IBM deploys architectures based upon static VPNs and wireless authentication gateways which allow for more roaming capabilities. “The standards that are being developed now promise to actually fix most of the problems we’ve had with wireless up until now. It’s just that they are being justifiably cautious in bringing those things to the market,” McIntyre said, adding that enterprises planning on using wireless LANs will need to architect extra security.
Depow agreed. “It depends on the individual enterprise whether the productivity gains outweigh any potential security risk,” he said. Larger enterprises with more competitive and secure data may wish the seriously evaluate the pros and cons.
“If you’re small-medium business with not that much secure material and you really want to have laptops mobile around the office it’s not really a problem.”
