The growth of wireless connectivity is being fuelled by the
need for mobile working: the ability to work on a mobile device
without being tied to a desk, to stay connected while moving
between rooms or buildings, and to work from cafes, airport lounges
and so on.
However, when accessing corporate data over a wireless network,
security should never be sacrificed. Wi-Fi access has been regarded
as insecure in the past, but now this is not strictly the case. If
Wi-Fi is given due care and attention when deployed, it can be as
secure as a cabled network, if not more so.
In recent years there have been a number of advances in Wi-Fi
security:
- The initial Wired Equivalent Privacy protocol that used static
keys was quickly found to be lacking and relatively easy to
compromise
- End-to-end virtual private networks can be implemented over
Wi-Fi
- Wireless Protected Access (WPA), which utilises Temporal Key
Integrity Protocol to constantly change encryption keys and IEEE
802.1x for authentication
- The revised and standardised version of the WPA protocol, WPA2,
is expected later this year.
The security measures a firm should deploy depend greatly on the
data that needs securing and the service that will be provided.
Wi-Fi is just a transport medium between end-stations and, in that
sense, is no different to the internet.
Many businesses now have the security in place to provide employees
with access to corporate resources over the internet via
appropriate authentication, authorisation and encryption, so why
not deploy these products in a Wi-Fi environment?
Wi-Fi can be implemented so that connectivity into the corporate
infrastructure is through IPsec VPN concentrators, or SSL VPN
gateways with strong authentication. In this way the user, whether
using Wi-Fi at home, in the office or from one of the growing
number of wireless internet service provider hotspots around the
country, can access a corporate desktop with a common look and
feel.
Before buying Wi-Fi products, make sure that current and future
requirements are fully understood first. Do the products include
seamless roaming between access points, buildings and subnets,
between cable connections, Wi-Fi and GPRS?
All these options need to be considered before designing a Wi-Fi
system and plans for security must be made at the start. Be aware
of interoperability issues with cards, access points and
authentication servers and plan these into the strategy.
As the market continues to mature and standards are ratified and
adopted, the interoperability barriers will come down and the
choice will increase. For now, however, it is probably advisable to
buy from the market leader.
Wireless security still has too much of a general lack of focus to
ensure a totally secure deployment, but the answer is to spend more
time finding out what is available, rather than eagerly rushing to
deploy new technology.
Andy Thompson is head of security services at
Cap Gemini Ernst & Young. He will be speaking at the
Infosecurity Europe 2004 show