Previous Table of Contents Next


Chapter 57
Security of Wireless Local Area Networks

Amin Leiman and Martin Miller

Wireless networks have grown in popularity because they can be installed in hard-to-wire locations and are able to support mobile work forces. However, the increased flexibility of these systems does not come without a price. Wireless LANs are exposed to an array of security threats that differ from those that confront conventional wired LANs. This chapter focuses on the critical factors that should be considered when evaluating the security of wireless LANs, including their physical configuration, type of transmission, and service availability.

INTRODUCTION

Wireless LANs use a NIC with a FM transceiver to link multiple workstations. External antennas can be used to provide omnidirectional transmission between workstations. Wireless LANs are implemented using any of three types of communications technology: infrared, radio frequency, and microwave. A typical wireless LAN can be connected without any cabling; in some configurations, the wireless LAN may also be connected to a wired network.

Wireless technology allows users the freedom to move (within certain boundaries) without the restrictions imposed by trailing cables. Networks can be set up without having to lay cable, which makes it much easier to implement changes in the network configuration. Indeed, the primary reason for the growth of wireless LANs has been their configuration flexibility in hard-to-wire locations and their ability to support mobile work forces. These benefits must be weighed against the fact that wireless systems can cost as much as two-and-a-half times the amount per workstation of conventional cabled networks.

This chapter examines the strengths and weaknesses of various forms of wireless networking, with special emphasis given to potential security exposures. Three critical factors must be considered in evaluating the security of wireless LANs: their physical configurations, type of transmission, and service availability. The chapter discusses each of these factors and concludes by reviewing the controls best suited for securing wireless transmissions.

AN OVERVIEW OF COSTS AND BENEFITS

Infrared LANs require no FCC license and are relatively secure because disruption of their required line-of-sight operation (e.g., that caused by electronic eavesdropping) will bring the LAN down. However, they use limited bandwidth, are easily disrupted (e.g., they cannot transmit through walls), and they are more expensive than conventional cabled LANs.

The radio frequency LAN does not require line-of-sight transmission, but it is easily intercepted. However, some products do provide encryption capability. Radio frequency wireless LANs require an FCC license.

The microwave transmission LAN is a technology used to bridge LANs between buildings or greater distances as an alternative to using commercial telephone lines. It is less expensive than using leased lines and is not subject to phone company rate fluctuations. However, it does require microwave and satellite dishes at both ends, which are subject to city zoning laws. As with radio frequency transmission, microwave transmission methods are subject to interception.

Wireless network technologies also share some general limitations as described in the following sections.

INTEROPERABILITY

Interoperability is a problem with current wireless LANs. Different LANs use different technologies that are not highly compatible. For example, some vendors use the infrared part of the spectrum while others use the radio-wave band. Those that use the radio-wave band may operate at different frequencies which accounts for their different speeds. FCC regulations vary for different vendors’ products. As a response to this situation, the IEEE’s. The IEEE 802.11 committee is developing a standard radio frequency protocol.

Given the diversity of interests and protocols currently being developed, it is possible that no one standard will emerge. Instead, industry-specific standards may arise, such as one for retail and another for manufacturing.

PERFORMANCE

Performance of wireless LANs has generally lagged behind that of cabled LANs. Infrared LANs operate at or below 1 Mbps. Radio frequency LANs typically run between 2M bps and 3.5M bps, well below Ethernet’s published rate of 10M bps. (The actual Ethernet throughput is lower than this stated rate; the variance is therefore not as great.) Despite the difference, it is expected that wireless LANs will move to a frequency capable of boosting speeds to 16M bps, a pace highly comparable with the capacity of current cabled networks.

CONFIGURATION

Configuration limitations restrict the use of wireless LANs. For example, infrared LANs require line-of-sight operation. Although radio LANs can transmit through walls, to be most effective they are typically kept on the same floor within a fixed area (depending on the requirements of the specific vendor equipment used). The wireless LAN may work well in one location but may not be recognized on a network in another office. The challenge is to route a microcomputer’s data to the appropriate file server when the computer is continually moving.

INDUSTRY APPLICATIONS

Wireless computing is slowly gaining broader acceptance as portables become more prominent in business settings. In addition, the development of cellular technology has led to increased interest in wireless LANs. With the growing acceptance of cellular technology, organizations have become more comfortable with the concept of processing without cables.

Often such new technologies as wireless LANs experience dynamic growth only after a unique application is introduced that is well suited to the technology. E-mail may be that application. Wireless messaging fits well with a growing work force that must be able to communicate in real time. Wireless mail networks allow mobile users to communicate wherever they are without plugging into a data port. This includes participation in mail-enabled applications specifically adapted for portable computers. Electronic wireless messaging is typically accomplished by sending a message from a network through a gateway to a local switch, transmitting by satellite, from which it is downlinked to a relay station, which in turn transmits to a stationary or mobile receiver. From here, the user can download the message to microcomputers running such mail-enabled applications as dispatch and sales systems. Although wireless E-mail is a WAN application, it is certain to influence attitudes about the use of wireless LAN processing within the office environment.

Recent developments may help spur the growth of wireless LANs. These developments include:

  Hardware and software for notebook and laptop computers that allow access to host systems over wireless networks.
  External wireless adapters that attach to a computer’s parallel port, allowing even those computers with no available slots to gain wireless access.
  Cellular technology that allows the user to carry a computer from one cell to another while the software automatically seeks and finds the next adjacent cell and makes the connection to the new server, forging a link to the first server and maintaining the logical link at all times.
  The development of a wireless LAN with transmission rates of 5.7M bps, which is comparable to the speeds of many wired Ethernet LANs.
  The recent plan by the FCC to allocate 20 MHz of radio spectrum — which would not require a license — for use in wireless networks.
  Motorola’s announcement that it would move to the next stage of financing Eridium, a $3.37 billion wireless global telecommunications network scheduled to begin operation in 1998. Eridium will use 66 low-earth-orbit satellites to provide subscribers wireless voice, paging, facsimile, data, and “radio-determination” satellite-locating services.

Wireless technology is being applied in such diverse settings as the airline, banking, and health-care industries. For example, a major European air carrier is using a palmtop product to check passengers remotely from the curbside and parking lot at an East Coast airport, which has resulted in shorter check-in lines. A major Midwestern commercial bank transmits customer information to its branches using spread-spectrum radio frequency LANs, which has improved customer service. And a Florida hospital is considering implementing cellular technology that would allow doctors to travel throughout the hospital with palmtop computers without losing connection to the network.


Previous Table of Contents Next

Copyright © CRC Press LLC