If you think your wireless network is 100% secure, you should read this and re-consider whether you are a victim of the wireless security myth.
Myth 1: My network is secure, because I don’t use wireless access.
The reality is no network is truly 100% secure. The only way to be 100% secure is to disconnect your computer from all networks. Even if you have a closed network with only your company employees on it, an unhappy employee can compromise your network. Also, many laptop computers have wireless or Bluetooth modems that can be turned on by accident.
Myth 2: My wireless access is secure, because I use WPA2 (wireless protected access).
WPA2 provides strong encryption security, however, one or more computers on your network can easily be mis-configured creating huge security leaks.
Myth 3: My wireless network is secure, because I enabled 802.1X port control.
IEEE 802.1X port-based access control provides one-time authentication when devices attempt to communicate via a port. If authentication is successful, it allows communication. If it fails, however, further communication via that port is blocked. However, this authentication can be bypassed using a “hidden rogue AP”. You need continuous monitoring rather than one-time control.
Myth 4: Using network access control (NAC) protects my network from Wi-Fi threats.
NAC controlsaccess to networkswith policies. It includes pre-admission endpoint security policy checks (to control who accesses the network) and post-admission controls (to control what can be accessed). However, NAC is also susceptible to the “silent rogue AP”, since NAC solutions include some host-based checks (i.e., operating system, services running on host).
Myth 5: 802.11w prevents Wi-Fi denial-of-service (DoS) attacks.
The frequency band used for 802.11 is unlicensed and it uses a “keep-it-simple” MAC protocol which makes 802.11W susceptible to Denial Of Service attacks. All one has to do is transmit high levels of RF energy in the band (i.e., RF jamming).
Myth 6: Part-time security.
Your wireless network infrastructure may offer a mode where an access point can be programmed to perform as a wireless intrusion-detector. However, you should have wireless intrusion-prevention (not just detection). Such devices can spend a lot of CPU cycles on security therefore compromising voice and data performance. As a result, security will often take the hit rather than the quality of service for voice and data. This situation results in “part time security” scanning therefore leaving your network with vulnerabilities.
If wireless security is very important to you, which it should be, you need to employ all the techniques presented above including the best wireless detection and prevention systems. To further improve your security, periodically check every computer on the network to ensure it is properly connected with unsecured modems physically turned off. Finally, on the presumption that an intruder may still get into your network, you should employ a keyword/phrase-based encryption application at least on your most valuable data.
Don’t let yourself fall victim to the wireless security myths.