Previous | Table of Contents | Next |
Amin Leiman and Martin Miller
Wireless networks have grown in popularity because they can be installed in hard-to-wire locations and are able to support mobile work forces. However, the increased flexibility of these systems does not come without a price. Wireless LANs are exposed to an array of security threats that differ from those that confront conventional wired LANs. This chapter focuses on the critical factors that should be considered when evaluating the security of wireless LANs, including their physical configuration, type of transmission, and service availability.
Wireless LANs use a NIC with a FM transceiver to link multiple workstations. External antennas can be used to provide omnidirectional transmission between workstations. Wireless LANs are implemented using any of three types of communications technology: infrared, radio frequency, and microwave. A typical wireless LAN can be connected without any cabling; in some configurations, the wireless LAN may also be connected to a wired network.
Wireless technology allows users the freedom to move (within certain boundaries) without the restrictions imposed by trailing cables. Networks can be set up without having to lay cable, which makes it much easier to implement changes in the network configuration. Indeed, the primary reason for the growth of wireless LANs has been their configuration flexibility in hard-to-wire locations and their ability to support mobile work forces. These benefits must be weighed against the fact that wireless systems can cost as much as two-and-a-half times the amount per workstation of conventional cabled networks.
This chapter examines the strengths and weaknesses of various forms of wireless networking, with special emphasis given to potential security exposures. Three critical factors must be considered in evaluating the security of wireless LANs: their physical configurations, type of transmission, and service availability. The chapter discusses each of these factors and concludes by reviewing the controls best suited for securing wireless transmissions.
Infrared LANs require no FCC license and are relatively secure because disruption of their required line-of-sight operation (e.g., that caused by electronic eavesdropping) will bring the LAN down. However, they use limited bandwidth, are easily disrupted (e.g., they cannot transmit through walls), and they are more expensive than conventional cabled LANs.
The radio frequency LAN does not require line-of-sight transmission, but it is easily intercepted. However, some products do provide encryption capability. Radio frequency wireless LANs require an FCC license.
The microwave transmission LAN is a technology used to bridge LANs between buildings or greater distances as an alternative to using commercial telephone lines. It is less expensive than using leased lines and is not subject to phone company rate fluctuations. However, it does require microwave and satellite dishes at both ends, which are subject to city zoning laws. As with radio frequency transmission, microwave transmission methods are subject to interception.
Wireless network technologies also share some general limitations as described in the following sections.
Interoperability is a problem with current wireless LANs. Different LANs use different technologies that are not highly compatible. For example, some vendors use the infrared part of the spectrum while others use the radio-wave band. Those that use the radio-wave band may operate at different frequencies which accounts for their different speeds. FCC regulations vary for different vendors products. As a response to this situation, the IEEEs. The IEEE 802.11 committee is developing a standard radio frequency protocol.
Given the diversity of interests and protocols currently being developed, it is possible that no one standard will emerge. Instead, industry-specific standards may arise, such as one for retail and another for manufacturing.
Performance of wireless LANs has generally lagged behind that of cabled LANs. Infrared LANs operate at or below 1 Mbps. Radio frequency LANs typically run between 2M bps and 3.5M bps, well below Ethernets published rate of 10M bps. (The actual Ethernet throughput is lower than this stated rate; the variance is therefore not as great.) Despite the difference, it is expected that wireless LANs will move to a frequency capable of boosting speeds to 16M bps, a pace highly comparable with the capacity of current cabled networks.
Configuration limitations restrict the use of wireless LANs. For example, infrared LANs require line-of-sight operation. Although radio LANs can transmit through walls, to be most effective they are typically kept on the same floor within a fixed area (depending on the requirements of the specific vendor equipment used). The wireless LAN may work well in one location but may not be recognized on a network in another office. The challenge is to route a microcomputers data to the appropriate file server when the computer is continually moving.
Wireless computing is slowly gaining broader acceptance as portables become more prominent in business settings. In addition, the development of cellular technology has led to increased interest in wireless LANs. With the growing acceptance of cellular technology, organizations have become more comfortable with the concept of processing without cables.
Often such new technologies as wireless LANs experience dynamic growth only after a unique application is introduced that is well suited to the technology. E-mail may be that application. Wireless messaging fits well with a growing work force that must be able to communicate in real time. Wireless mail networks allow mobile users to communicate wherever they are without plugging into a data port. This includes participation in mail-enabled applications specifically adapted for portable computers. Electronic wireless messaging is typically accomplished by sending a message from a network through a gateway to a local switch, transmitting by satellite, from which it is downlinked to a relay station, which in turn transmits to a stationary or mobile receiver. From here, the user can download the message to microcomputers running such mail-enabled applications as dispatch and sales systems. Although wireless E-mail is a WAN application, it is certain to influence attitudes about the use of wireless LAN processing within the office environment.
Recent developments may help spur the growth of wireless LANs. These developments include:
Wireless technology is being applied in such diverse settings as the airline, banking, and health-care industries. For example, a major European air carrier is using a palmtop product to check passengers remotely from the curbside and parking lot at an East Coast airport, which has resulted in shorter check-in lines. A major Midwestern commercial bank transmits customer information to its branches using spread-spectrum radio frequency LANs, which has improved customer service. And a Florida hospital is considering implementing cellular technology that would allow doctors to travel throughout the hospital with palmtop computers without losing connection to the network.
Previous | Table of Contents | Next |