Computerworld - During the past few weeks, I've dedicated a significant amount of time to creating wireless LAN (WLAN) policies and standards. A WLAN site survey I conducted a few weeks ago convinced me to accelerate my work in this area. I uncovered numerous misconfigured WLAN hubs, or access points (AP), that provided access to our network from the parking lot - and in some cases from the street.
To test for rogue hubs, I parked my car along the street in an inconspicuous spot beside our corporate headquarters, booted my laptop and inserted my WLAN card. Within seconds, my Yahoo Instant Messenger program woke up - a sure sign that I was on the network. From there, I was able to execute port scans, access our intranet and browse the employee list. I was also able to query our internal Domain Name System and discover the IP addresses of critical systems, such as databases and payroll systems.
Given some time, even a moderately skilled hacker could have drilled deeper.
Cutting the Signal
In response, I immediately began writing up a wireless security policy to get these unauthorized APs off the network. I then started work on developing a wireless standard to address the technology aspects of the policy.
Our new policy will allow wireless access so long as the employee's manager authorizes it and the user follows approved standards and procedures. The policy will also determine acceptable use to protect the company from any potential unauthorized activity that might compromise our network.
The CIO hasn't signed off on the policy but did authorize me to send an e-mail mandating the immediate removal of unauthorized APs. A few days later, I fired up Mountain View, Calif.-based AirMagnet Inc.'s AirMagnet Handheld PC card and detection software on my Pocket PC to check for compliance. Sure enough, some APs were still online. Using the device's signal strength meter, I pinpointed two of them and got them pulled off the network, but I'm having a hard time locating one last rogue AP. I'm trying to get a directional antenna to assist with that task. That last rogue AP appears to be configured properly, with encryption enabled, but it still needs to be removed from the network.
The standards document is the most time-consuming aspect of this project. We've already decided to use Aironet WLAN APs from Cisco Systems Inc. We felt Cisco's Lightweight Extensible Authentication Protocol (LEAP) was the most secure, if you implement it properly. When used with the Cisco Secure Access Control Server
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
