so do the threats.
Assessment & AssuranceThe State of Play with Wireless Security
This article was written by Sense of Security and published in ISACA magazine volume 4, 2006.
The prevalence of wireless networks, specifically 802.11, has increased considerably over the past few years. While awareness of wireless security issues in general is improving, this technology brings with it a set of unique security risks that many organisations still fail to properly understand and address.
Historically, organisations have implemented security measures, including WEP, WPA and WPA2, on wireless networks. However, these solutions when implemented in unison are often insufficient to prevent determined hackers from gaining access to the wireless network.
There is a perception that WPA and WPA2, using TKIP and AES, make the wireless network secure, and they do - as long as these solutions are deployed correctly. WPA and WPA2 deployed using pre-shared keys (personal mode) do not make the wireless network more secure than using WEP encryption. Weak passwords that users typically employ are vulnerable to password cracking attacks, and the same passwords are often used indefinitely.
The key to making these methods secure is to introduce 802.1x security to the network. 802.1x was originally designed for port authentication on wired networks, and has been modified and adopted in the wireless arena to cover three main areas:
1. User authentication - Ensuring that the user is an authorised/valid user on the network
2. Network authentication - Ensuring that the network the user is connecting to is the intended network and not a rogue network
3. Data privacy - Ensuring that the confidentiality of data being transferred is maintained through encryption 802.1x requires that hardware supports 802.1x and that there is an AAA/RADIUS authentication server in the back end to authenticate these users. There are also a number of authentication methods available under the 802.1x framework, with EAP-TTLS looking likely to become the leader in the market today.
In conclusion, many organisations that have implemented 802.1x believe that their wireless networks are more secure than their wired networks. This is because 802.1x implements authentication and data encryption, which are absent in many wired networks.