Securing the Air: Recognizing Risk in Wireless

Computerworld - The benefits of wireless LANs are undeniable, but the risks introduced by them are increasing exponentially. According to In-Stat/MDR, more than 75 million Wi-Fi devices have been deployed worldwide, and another 4 million new WLAN devices are being shipped per month.
Some organizations think their investments in firewalls and virtual private networks will protect them from the risks of WLANs. However, they don't realize that the WLAN signal bypasses all wired-side security and opens a back door for an intruder. Simply banning WLANs isn't an option, either, because most laptops are shipped with built-in wireless cards. If companies were to ban wireless networks, they would need to ban the use of laptops, which is an impractical solution.
The fact is, any wireless device connected to a wired network essentially broadcasts an Ethernet connection and an on-ramp to the entire enterprise network. Unless properly secured and monitored across the global enterprise, these self-deploying, transient wireless devices and networks are dangerous to all organizations. Intruders and hackers will use an unsecured WLAN to break into corporate networks and compromise the integrity of financial data, customer information or even trade secrets. No longer should the security of wireless networks be a peripheral thought.

The difficulties of securing the air
To understand the risk of WLANs, one must first understand the security vulnerabilities of all WLANs. WLANs face all of the security challenges of any wired network. In addition, risks are introduced by the nature of wireless technology.
First, the medium in which a WLAN operates is the air, an uncontrollable space. In addition, wireless devices self-deploy and have the capability to connect to strangers. Due to the growth of WLAN-enabled laptops and the increasingly wireless-friendly Windows XP operating system, laptops in the default setting automatically search for an access point (AP) to connect with. Lastly, wireless devices are transient in the way they connect. If a wireless device picks up a strong signal, it may connect with the new AP even if the AP is the laptop of an intruder in the parking lot.
There are many ways in which WLANs can be compromised.
More than rogue access points
A rogue WLAN has traditionally been thought of as a physical AP unsanctioned by network administrators. Today, rogue WLANs are further defined as laptops, handhelds with wireless cards, bar code scanners, printers, copiers or any WLAN device. These devices have little to no security built in, making it easy for intruders to find an entry point. Rogue APs could be maliciously placed by intruders