Deploying of Corporate Wireless Network
In terms of cost effectiveness and convenience, wireless networks have gained in popularity among organisations. But new security risks come with the benefits of adopting wireless networks in an organisation. To tackle these risks effectively, various security best practices need to be considered throughout the entire deployment lifecycle. To help organisations understand at what point in their wireless network deployments a recommended security best practice might be relevant, we outline here a five-phase lifecycle model for network deployment and point out security issues that need special attention.
Since the 802.11 standard was first introduced, enhancements have continuously been made to strengthen data rates, signal range, and security of wireless networks. Therefore, it is a good idea to keep track of the development of new standards as they appear, in particular when procuring new equipment or acquiring new wireless network services. In any new purchase, protection by one of the stronger wireless security protocols such as WPA2 or WPA3 should be considered, but by no means should such wireless security protocols be solely relied upon to protect data confidentiality and integrity, as new weaknesses in protocols may be discovered in the future.
Security assessments and audits are essential means for checking the security status of a wireless network and identifying any corrective action necessary to maintain an acceptable level of security. These assessments can help identify loopholes in the wireless network, such as poorly configured access points using default or easily guessed passwords and SNMP community strings, or the presence or absence of encryption. However, a security risk assessment can only give a snapshot of the risks to information systems at a given time. As a result, it is important to perform assessments and audits regularly once the wireless network is up and running.
Due to the nature of radio frequency (RF) propagation, radio signal emissions cannot generally be contained within a particular building or location. Excessive coverage by the wireless signal could pose significant threat to the organisation, opening it to parking lot attacks on the network. Therefore, it is necessary to have a good understanding of the coverage requirements for the desired wireless network during the network-planning phase. By performing a site survey, one can identify:
The concept of "defence-in-depth" has been widely employed in the secure design of wired networks. The same concept can also be applied to wireless networks. By implementing multiple layers of security, the risk of intrusion via a wireless network is greatly reduced. If an attacker breaches one measure, additional measures and layers of security remain in place to protect the network.
Separation of wireless and wired network segments, use of strong device and user authentication methods, application of network filtering based on addresses and protocols, and deployment of intrusion detection systems on the wireless and wired networks are all possible measures that can be employed to build multiple layers of defence.
Due to the nature of wireless technology, wireless networks are relatively hard to contain within a building and it is generally considered to be an un-trusted network. As a best practice, wireless networks and wired networks should not be directly connected to each other. It is common to deploy firewalls to separate and control the traffic between different networks. For example, ARP broadcast packets should be blocked from entering a wired network from a wireless network since a malicious user could uncover internal information, such as Ethernet MAC address from these broadcasts.
Due to the limited transmission capacity of a wireless network, a malicious attacker can easily launch a Denial-of-Service (DoS) attack to bring down the network. Segmenting access point coverage areas can balance the loads on a wireless network and minimise any impact from DoS attacks.
The loss or theft of network equipment may pose a significant threat to a wireless network because configuration of the network can be retrieved from a lost access point or wireless interface card. By securely mounting network equipment, such as access points, in less accessible locations together with strong physical security controls, the risk of theft can be minimised.
Using the information collected during the site survey, proper placement of access points can be designed to avoid excessive coverage by the wireless network and hence limit the possibility of intrusion. In addition to proper placement of the access points, adjusting the radio frequency (RF) power transmission or using directional antennas can also control the propagation of the RF signal and hence control coverage of a wireless network.
Access points are the core of a wireless network. Their security clearly has an overall effect on the security of the wireless network. Properly securing access points is the first step in protecting a wireless network. The following suggestions can help in hardening access points:
In a wireless network, an SSID serves as a network name for segmenting networks. A client station must be configured with the correct SSID in order to join a network. The SSID value is broadcast in beacons, probe requests and probe responses. To prevent a malicious attacker from collecting reconnaissance information on a wireless network by eavesdropping, SSIDs should not reflect internal information of the organisation.
In general, a wireless network can be operated using three different topologies; infrastructure mode, ad-hoc mode and bridging mode. When a wireless network operates in ad-hoc mode, client stations are connected directly and no access point is required. Using this mode, a potential attacker can gain access to a client station easily if the client station is improperly configured. Unless there is a specific business need, the ad-hoc mode should be disabled on wireless devices.
Most installed wireless networks operate in "infrastructure" mode that requires the use of one or more access points. With this configuration, all traffic in the wireless network travels through the access points. By controlling the communication among client stations at the access points, malicious users can be prevented from gaining access to vulnerable client stations.
Newly discovered security vulnerabilities in vendor products should be patched to prevent inadvertent and malicious exploits. Patches should also be tested before deployment so as to ensure they work correctly.
MAC address filtering can be considered the first layer of defence for wireless networks. With MAC address filtering enabled, only devices with pre-approved MAC addresses can see the network and be granted access to the network. However, such access control should by no means be solely relied upon to protect data confidentiality and integrity, as tools are available on the Internet for modifying the MAC address of a client. Besides, MAC address filtering mechanisms may not be feasible in some scenarios such as the implementation of public wireless hotspots.
Deploying wireless intrusion detection systems on the network can help detect and respond to malicious activities in a timely manner. More recently, a number of wireless intrusion detection systems have been equipped with capabilities to detect and prevent rogue access points.
Operations And Maintenance Phase
User awareness is always a critical success factor in effective information security. A good policy is not enough. It is also important to educate all users in following the policy. Best practices or security guidelines should be developed that end users understand and adhere to.
An accurate inventory of all authorised wireless devices helps identify rogue access points during security audits. This inventory will also be helpful for a variety of support tasks.
Network administrators should develop a coverage map of the wireless network, including locations of respective access points and SSID information. This map is a valuable asset for troubleshooting, or handling a security incident.
To simplify daily operations and ensure all access points are protected with appropriate measures, it is recommended a baseline security configuration standard for access points be developed. It is not uncommon to see security settings restored to their default factory settings after an access point is reset, which usually occurs when the access point experiences an operational failure. If a baseline security configuration standard is available, appropriate personnel can simply follow the standard settings to re-configure the access point.
Regular checking of log records must be performed, to ensure the completeness and integrity of all logs. Any irregularities spotted must be reported and a detailed investigation should be carried out if necessary.
It is recommended that administrators develop a set of in-house procedures for incident response, and update these procedures from time to time to address new potential security threats.
When disposing of wireless components, it is important to erase all sensitive configuration information, such as pre-shared keys and passwords, on the devices that are being disposed of. Malicious users might make use of the configuration information to conduct subsequent attacks on the network. Manual removal of configuration settings through the management interface is a must prior to disposal. Organisations may also consider degaussing devices whenever feasible. Secure deletion utilities can also be used if devices have storage disks.