|
 |
|
General Information
|
Add To My Personal Library |
June 18, 2004
• Vol.26 Issue 25
Page(s) 1 in print issue
|
Air Security
Guard Your Networks With Wireless Protection Products
|
 nt>
Although passwords and other means of authentication are seemingly sufficient to protect wired networks from intruders, they simply don't rise to the task when the network is exposed to the outside world through wireless access points. Wireless communication works very much like radio waves in that at any given time, someone is able to look in on data that is being transmitted—that is, unless preventative steps are taken.
One key mistake that companies often make when they implement a wireless network is to assume it will be secure directly out of the box. Unfortunately, default security settings are often set at a lower threshold than necessary to protect an internal network from compromise. Manufacturers do this intentionally to ensure compatibility with existing software and hardware systems during installation. After a successful install, it is essential that administrators raise security settings to meet the organization's needs. Further, it's important to remember that wireless access points do not have innate authentication methods. By not incorporating existing authentication infrastructures into a wireless access point, internal corporate networks are left vulnerable.
 Detection Is Key
Before you can protect your wireless network, it's helpful to know where vulnerabilities exist. Essentially, if a company wants to be able to detect and locate an unauthorized wireless device (access point, client, ad-hoc, etc.), it needs a product that can scan the airwaves and report back if anything is discovered.
Rich Swier, CEO of Highwall Technologies, says his company's Highwall products are best-of-breed in rogue wireless detection and location. "Our high-range appliance, called the Sentinel, can see about 20 times farther than our competition," says Swier.
Another unique product offered by Highwall is Scout, which is essentially a phased-array antenna (that is, a bunch of directional antennas) wrapped into a box. "This allows us to expand our coverage and range, and also allows us to determine the directivity (location) of the wireless device. Once we detect it, we help find it," adds Swier. He also points out that Highwall's products are open and interoperable with all major third-party network management software. "We sell an appliance that can work in any IT environment," Swier says. "It is plug-and-play and does not require you to use our software."
With many competitors jockeying for position in the network security and management space, Highwall works with existing applications and provides a clean and simple approach to securing the air. For more information, visit www.highwalltech.com or call (941) 362-3502.
Open To The Public
According to Mitchell Ashley, CTO and VP of engineering at StillSecure, "Wireless devices have added risk because they frequently connect to networks other than our own. Wireless devices commonly connect to Wi-Fi networks at the local coffee shop, at the airport terminal, in hotel rooms and lobbies, at customer and vendor locations, as well as at employees' home networks. This increased exposure means greatly increased risk, but there are some existing and emerging technologies—such as intrusion detection/prevention, vulnerability management, and endpoint security—that can significantly reduce this exposure."
When your organization's security stance includes intrusion prevention and intrusion detection in conjunction with vulnerability management and endpoint security, it is a layered approach. When it's combined with appropriate firewalls and antivirus software, the layered security approach allows the utmost in network security.
"StillSecure provides effective wireless security by offering solutions that detect and block attacks, manage the repair of wireless network vulnerabilities, and ensure that wireless devices accessing the network are safe and free of security threats. We accomplish this using a number of point products including Border Guard, our intrusion detection/prevention software; VAM, our vulnerability management system; and Safe Access, our endpoint security compliance solution," says Ashley. For more information, visit www.stillsecure.com or call (303) 381-3830.
Another important player in the wireless security market is Guardian Digital. "Guardian Digital Internet Productivity Suite is a cost-effective, comprehensive small-business Internet security and productivity management system," says company CEO Dave Wreski. "IPS includes . . . Web services, email functions, proxy management, intrusion detection, VPN services, and secure wireless capabilities."
Using the most technologically advanced open-source tools and industry-standard security applications, Internet Productivity Suite's secure wireless component incorporates capabilities unavailable in other small-business solutions delivering wireless functionality. Powerful virus protection, simple Web-based management, sophisticated authentication mechanisms, and wireless encryption control using WEP are some of the capabilities available in Internet Productivity Suite. Contact the company for more information (www.guardiandigital.com; 201/934-9230).
In The End
Although convenient and attractive to most organizations, wireless solutions present many key barriers to security. These threats, however, can be avoided if the proper precautions are taken. Julian Smith, director of Polestar Interactive, says, "A small business that wishes to use wireless technology [needs to] answer the following question to the best of its ability: ‘What data can I not afford to give away, and if I did want to allow access to some of it to my staff, what can I do to make the existing wired network more secure before I grant wireless users access to this data?'"  by Douglas Schweitzer
|
Wireless Security Protocols: What's Next?
Although IPsec and SSL VPNs make the grade for wired networks, the increased vulnerabilities exposed via the open connections of wireless networking require enhanced protection mechanisms.
According to Ken Evans, Fortress Technologies' vice president of marketing and product management, WPA 1.0 (and soon 2.0) patches many of the holes associated with WEP. Evans notes that "WPA has addressed not only the security deficiencies, but also [many] of the usability issues that kept users from turning on the basic protections bundled with their access points and wireless NICs."
WPA uses the lower level of Layer 2 as part of its protocol. Evans says, "The WPA protocol ties security to the AP. Fortress Technologies' AirFortress system is vendor/protocol agnostic and restricts security functionality to the DataLink (still Layer 2) layer of the network stack, providing better scalability, management, and investment protection." Organizations will rely on and implement only the best-of-breed technologies to ensure their security policies in terms of access control, confidentiality, and user authentication.
It's anticipated that in coming months, link security will be the focus of attention of the vendor community. Providing security for networks to the "edge" is likely to win wide support among vendors. According to Evans, "Fortress is in the unique position of having [created] a security product that is not bound by wireless and can be applied to secure the edge of any network, wired or wireless. As the enterprise edge market evolves, you will see these distinctions blur, and vendors [will offer] comprehensive security products for however the user decides to connect."
|
|
|
