Wireless Security Risks at an Integrated Academic Health System

May 16, 2005 (Computerworld) Wireless networking is increasingly popular in academic health system and university institutions, but this communal environment presents security issues. The institution's goal of securing wireless networking is attainable, but it's often difficult and time-intensive.

Technology has dramatically improved the ability for academics to share research and search for the truth they are seeking. However, the integration of a school of medicine, a health system and a university presents special security challenges. Corporate and government funding rules, federal regulations, academic freedoms and contentious missions complicate logical security and increase the responsibility of the institution to protect sensitive data.

Security risks are inherent in the integrated academic health system world for a variety of reasons:

• Resources and monies are limited, and research dollars don't necessarily allow for building and supporting secure computing environments.


• Patient data, with express permission of the patient, is provided from health system sources to researchers. Communication channels between a university and a hospital may not conform to standardized security protocols.


• Sharing information and collaborating with fellow researchers can extend beyond the researcher's own institution.


• Multiple networks may exist. The network perimeter is often difficult to secure because it's physically broad and not necessarily contiguous within these complex environments.


• Provider offices are often physically distant from the core institution's network infrastructure.


• Standard platforms frequently don't exist. Therefore, a wide range of operating systems, each with its own security vulnerabilities and communication issues, must be integrated.


• Biomedical devices (i.e. microscopes) may not have the ability to be patched with latest security patches available from the operating system vendors.

Mitigating Controls

Wireless networking is more vulnerable to security breaches because the hardware is inexpensive, readily available, easy to install and insecure by default. The average user could purchase an access point (AP) from any computer retailer, connect it to an open port on the network, and gain instant network access -- conceivably circumventing any security measures implemented on the network.

The following are best practices to attain a more secure wireless network:

Security Policies:

1. Develop wireless networking security policies. Lack of sufficient policies to govern wireless networks and their use leaves a number of configuration features and settings unaddressed for the end user to determine independently. Institutions often fail to guide their employees on their use of wireless networks and the risks associated with not using a wireless network in accordance with the policies.

Access Point Configuration:

1. Change the default settings. Default Service Set Identifiers (SSID) are set according to the manufacturer. Not changing the default SSID makes it easier and faster for an unauthorized user to gain access to your AP.


2. Define a complex SSID naming convention. Don't change the SSID to reflect identifiable information as this too could make it easier for an unauthorized user to gain access to your AP. Instead, use long non-meaningful strings of characters including letter, numbers and symbols.


3. Encrypt all traffic over the wireless LAN (WLAN). Despite its weaknesses, turn on the Wired Equivalent Privacy (WEP) security that is built in to WLANs to delay an unauthorized user's intrusion attempts and will likely prevent a novice hacker's attackers entirely. (Note: the WEP factory default is OFF)


4. Disable Dynamic Host Configuration Protocol (DHCP) and use static IP addresses instead. Using DHCP automatically provides an IP address to anyone, authorized or not, attempting to gain access to your wireless network, again making it just that much easier for unauthorized penetration.


5. Move or encrypt the SSID password and the WEP key that are typically stored in the Windows registry file. Moving these privileged files makes it more difficult for a hacker to acquire privileged information. This step could either prevent an unauthorized intrusion or delay the intrusion until detection occurs.


6. Use a closed network instead of an open network so the SSID is not broadcast. End-users type the SSID into the client application instead of selecting the SSID from a listing when they click the Scan button. This feature makes it slightly more difficult for the end user to gain access, but education on this risk mitigation strategy can reduce potential resistance. To gain maximum advantage of a closed network, change the SSID with some regularity to account for employees who have terminated and no longer are authorized access to your network.


7. Require the use of virtual private network (VPN) to encrypt all traffic, not only the ID and password. Segment all wireless network traffic behind a firewall and configure each client with a VPN client to tunnel over the wireless network to a VPN concentrator on the wired network. Configure so users communicate only with the VPN concentration point.


8. Implement two-factor authentication scheme using access tokens for users accessing critical infrastructure.


9. Purchase only access points that have "flashable" firmware to allow users to install security patches and upgrades in future releases.

Monitoring:

1. Conduct extensive site surveys regularly to determine the location of all access points.


2. Track employees who have WLANs in their home or at a remote site. Require within the institutional policy that wireless networks are placed behind its own routed interface so the institution can shut it off if necessary. If WLANs are being utilized at home, policy should require specific security configurations including encryption and VPN tunneling.


3. Deploy a network-based intrusion detection system on the wireless network. Review logs weekly.


4. Utilize and maintain antivirus software. Push out antivirus software upgrades to clients from servers.


5. Create frequent backups of data and perform periodic restorations. Store critical data backups off-site

Physical Security:

1. Plan for AP coverage to radiate out to the windows, but not beyond, to limit the ability for unauthorized users to gain access to your network while not being physically allowed on the premises.


2. Provide directional antennas for wireless devices to better contain and control the radio frequency array and thus unauthorized access.


3. Implement strong physical security controls particularly at APs including barriers and guards to prevent the theft of equipment and unauthorized access.


4. Label and maintain inventories of all fielded wireless and handheld devices.


5. Require registration of every piece of hardware upon network connection.

Authentication:

1. Use Remote Authentication Dial-In User Service (RADIUS) that can be built into an AP or can be provided via a separate server. This service is an additional authentication step. Interface this authentication server to a user database to ensure that the requesting user is authorized.


2. Force 30-minute periodic re-authentication for all users.


3. Use device-independent authentication so that lost/stolen devices cannot gain access to the WLAN.

Training:

1. Provide training and technical support for end-users.

Conclusion

To moderate these risks, managers and system administrators alike have a fundamental responsibility to perform ongoing risk assessments to ensure they not only understand the risks that they face, but take appropriate steps to mitigate the risks.

This is an especially difficult task because the computing environment is fluid and flexible. Overall, the greatest weakness with wireless security is not the technical shortcomings, but out-of-the-box insecure installations. This risk can be overcome with appropriate policy and procedures and diligent administration.