Previous Table of Contents Next


Circuit Availability

Circuit availability usually depends on cochannel interference and adjacent channel interference. Cochannel interference occurs when two transmissions on the same carrier frequency reach a single receiver. (The ratio of the carrier to interference is called the carrier-to-interference ratio.) Adjacent channel interference occurs when energy from the modulated carrier spreads into the adjacent channels. The Motorola Frequency Management Center maintains a central database that tracks the location and frequency of each Altair module in the U.S. to lessen the possibility of interference.

One tactic of intruders is to locate the carrier frequency and purposely jam the receiver to prevent other transmissions from accessing the receiver. Wireless networks are particularly susceptible to this form of attack.

Equipment Availability

Equipment availability refers to the availability of appropriate equipment for a particular network. In the case of wireless LANs, special equipment and connectors may be required to access the network. For example, equipment proprietary to Altair is needed to access an Altair network. Therefore, an intruder cannot use a typical scanner to access and compromise the network. In addition, this equipment must be connected to the Altair LAN by means of ThinNet T connectors with terminators, which are also unique to Altair.

WIRELESS NETWORK CONTROLS

Security of a wireless LAN depends on two factors: protective security mechanisms and audit mechanisms. These controls are discussed in the following paragraphs.

Protective Security Mechanisms

As identified by the ISO in its ISO-OSI Reference Model Security Guidelines, several mechanisms can be used to provide security services in a network: encryption, cryptographic error checks, source authentication, peer-to-peer authentication, and access control. In wireless LANs, encryption and access controls are the two most widely used methods of security.

Encryption. The three most common techniques of encryption are link, end-to-end, and application encryption. Link encryption encrypts and decrypts information at each physical link, whereas end-to-end encrypts the information throughout the network and decrypts it at the receiving location. Link encryption is more secure if the information is being transmitted by means of several physical links because multiple keys are required to decipher the information. Application encryption encrypts information at the application level. Among wireless LAN products that offer encryption, Altair uses end-to-end encryption to scramble data sent between the control module and the user module.

Access Controls. Access controls are used to identify network users and authorize or deny access according to prescribed guidelines. Some LAN operating systems use the workstation ID stored in NIC, which the LAN operating system checks at log-on time. Any workstation attempting to access the network without the correct ID is disconnected from the network. Another way of providing access control is by means of a user registration table. For example, Altair requires that the 12-digit Ethernet addresses of all authorized users be entered into the control module’s registration table. Any user whose code has not been so entered is denied access to the network. This feature is effective in restricting potential perpetrators from gaining network access.

Audit Mechanisms

To maintain a secure wireless LAN, a security audit should be performed in addition to ongoing monitoring activities. The security audit of a wireless LAN requires the examination of security policy, security protection mechanisms, and security administration. These areas are described in the following paragraphs.

Security Policy. Security policy governs the overall activities of the network. Without an effective policy, it is difficult to enforce protection. A security policy should specifically address the policy for accessing the wireless LAN. The policy should be as specific as possible. At a minimum, it should specify who is authorized to access the network, under what circumstances and what capacity, and when access is permitted. The policy should also establish the rules for moving workstations to ensure proper monitoring of each physical access point. The security manager should ensure that this policy is communicated to all network users and that it is adopted by them.

Security Protection. Securing a wireless LAN requires constant physical and logical protection. Physical protection involves securing the physical devices from unauthorized access. This usually requires such normal security housekeeping as providing a secure room to house the computer devices. Logical protection usually requires access controls and data encryption. It is crucial that all built-in security features be fully implemented; add-on security products (e.g., end-to-end encryption devices) should be considered as necessary.

Security Administration. Without proper enforcement, security policy and protective devices provide false assurance about the organization’s level of information security. Therefore, it is important that one or more individuals be designated to act as a security administrator. The security administrator is responsible for ensuring that the organization’s security policy is implemented and that all applicable security features are fully and correctly used. Strict enforcement of security policy and procedures is particularly important in a wireless LAN environment because of the relative ease with which users can change the composition of the network.

CONCLUSION

To take full advantage of the benefits of wireless networks, appropriate security measures should be instituted. With the constant development of new technologies, security exposures need to be controlled in a cost-effective manner. Although customer demands influence the development of new products, they typically do not drive the development of security features for these products. It is management’s responsibility to ensure that newly acquired wireless technologies are implemented in a controlled way.

In the purchase of a wireless LAN product, the quality of its security features should be carefully reviewed and tested. Because wireless LAN technology is relatively new, it is recommended that products be considered on the basis of the security mechanisms they incorporate and on the reputation of the vendor for its research and ongoing development of products. Before a wireless LAN product is purchased, the quality of its security features should be thoroughly evaluated and tested.

Reference

1.  Betts, M., “Do Laws Protect Wireless Nets?” Computerworld 25, No. 24, 1991, p. 47.


Previous Table of Contents Next

Copyright © CRC Press LLC