Previous Table of Contents Next


SECURITY CONCERNS

Wireless LANs differ from hard-wired LANs in the physical and data link layers of the OSI reference model. In attacking hard-wired LANs, a perpetrator would need physical access to the communication medium either through the cables that connect the network or through the telephone closet. A wireless LAN communicates through the air; intercepting emanated signals in the air requires more sophisticated techniques.

The belief that airborne transmissions can be easily intercepted with readily available radio equipment is simplistic and misleading. Intercepting is one thing, understanding the intercepted data another. This is especially true if the data is sent in digital form. Many wireless LAN products have built-in security features specifically designed to prevent unauthorized access to signals in transit. Decrypting an encrypted signal requires vendor-supplied decryption devices and decryption keys as well as the technical expertise to use them effectively.

According to a U.S. Senate subcommittee report, the ECPA of 1986, which prohibits the interception of electronic messages, does not cover wireless data communications. The Senate Privacy and Technology Task Force report says that the ECPA “failed to anticipate” how the variety of private communications available to users would expand and how data would be carried by radio links. It recommends that the law be updated to protect most radio-based communications technology.1

The absence of laws protecting wireless communications has encouraged perpetrators to attempt unauthorized access to company data. As a consequence, businesses and other organizations have been wary of using this technology for sensitive applications. Currently, the use of wireless LANs in industry has been limited to nonsensitive applications. However, as users learn more about wireless LAN technology and methods for securing wireless communications, organizations should become more interested in using this technology for processing sensitive applications.

This chapter focuses on the three critical factors that should be considered when evaluating the security of a wireless LAN: physical configuration, type of transmission, and service availability. Each of these factors is related; therefore, the security specialist must have a clear understanding of all of them to fully appreciate the relevant security issues.

Physical Configuration

From an operational point of view, use of wireless LANs gives the user more flexibility in changing the configuration of terminals. However, from the security perspective, this flexibility provides more avenues of potential attack. Intruders can intercept wireless transmissions without having to physically access the office in which the network is located. However, the ease of such access depends, in part, on how the wireless LAN is configured. For example, if designed correctly, an in-office wireless LAN should limit the range of access to the office area. On the other hand, a network designed to communicate between buildings is more susceptible to potential intruders because the range of possible interception is much wider.

But even then, the intruder’s task is not a simple one. It requires being able to distinguish the target data from other data being transmitted at the same time. The intruder must also be able to decipher the signal. Although computers can be used to sort out the signal, this process requires significant effort and expense.

It is important to recognize that the coverage area in a wireless network is not defined by distance alone but by signal levels and cochannel interference as well. A wireless LAN may also be used to extend an existing hard-wired LAN rather than to replace it; this may add further complexity to the overall architecture.

Types of Transmission

As stated earlier, there are three types of wireless LAN technologies: infrared (e.g., light and laser beam), radio frequency (e.g., spread spectrum), and microwave. Each of these technologies has its own security exposures. Currently, there are three popular wireless LAN products on the market utilizing these different technologies. The BICC Communications InfraLAN uses infrared, the NCR Corp. WaveLAN uses spread spectrum, and the Motorola Altair uses microwave technology. The following sections describe the security exposures common to each technology.


Previous Table of Contents Next

Copyright © CRC Press LLC