However, when accessing corporate data over a wireless network, security should never be sacrificed. Wi-Fi access has been regarded as insecure in the past, but now this is not strictly the case. If Wi-Fi is given due care and attention when deployed, it can be as secure as a cabled network, if not more so.
In recent years there have been a number of advances in Wi-Fi security:
- The initial Wired Equivalent Privacy protocol that used static keys was quickly found to be lacking and relatively easy to compromise
- End-to-end virtual private networks can be implemented over Wi-Fi
- Wireless Protected Access (WPA), which utilises Temporal Key Integrity Protocol to constantly change encryption keys and IEEE 802.1x for authentication
- The revised and standardised version of the WPA protocol, WPA2, is expected later this year.
The security measures a firm should deploy depend greatly on the data that needs securing and the service that will be provided. Wi-Fi is just a transport medium between end-stations and, in that sense, is no different to the internet.
Many businesses now have the security in place to provide employees with access to corporate resources over the internet via appropriate authentication, authorisation and encryption, so why not deploy these products in a Wi-Fi environment?
Wi-Fi can be implemented so that connectivity into the corporate infrastructure is through IPsec VPN concentrators, or SSL VPN gateways with strong authentication. In this way the user, whether using Wi-Fi at home, in the office or from one of the growing number of wireless internet service provider hotspots around the country, can access a corporate desktop with a common look and feel.
Before buying Wi-Fi products, make sure that current and future requirements are fully understood first. Do the products include seamless roaming between access points, buildings and subnets, between cable connections, Wi-Fi and GPRS?
All these options need to be considered before designing a Wi-Fi system and plans for security must be made at the start. Be aware of interoperability issues with cards, access points and authentication servers and plan these into the strategy.
As the market continues to mature and standards are ratified and adopted, the interoperability barriers will come down and the choice will increase. For now, however, it is probably advisable to buy from the market leader.
Wireless security still has too much of a general lack of focus to ensure a totally secure deployment, but the answer is to spend more time finding out what is available, rather than eagerly rushing to deploy new technology.
Andy Thompson is head of security services at Cap Gemini Ernst & Young. He will be speaking at the Infosecurity Europe 2004 show