One wireless security risk that’s easy to overlook is the threat from unlicenced transmissions. Unlike wired networks, wireless LANs don’t have singular points through which all traffic flows.Traffic can travel in almost any location and on any channel, as they operate in unlicensed ISM & UNII bands.
This means that to keep your WLAN secure and protect it against all potential intrusions, you need to be able to monitor all channels and all the physical airspace of your environment 24×7, notify any suspicious activity and if required, automatically block certain activity.
The majority of wireless threats can’t be identified by simple threat signatures. You need a correlated analysis of multiple threats of intrusion and identify spoofing. Part time scanning typically sees less than 1% of the total traffic in the environment, making it almost impossible to detect attacking behaviour. No security solution will work if it doesn’t catch the traffic.
This is important when deciding whether you need a dedicated overlay WIPS or an integrated WIPS, where some of the APs are configured to run in sensor mode all or part of the time to collect information on security events.
APs are transmitters and so they’re governed by federal regulations around the world. They can only operate on the channel frequencies on which data transmission is allowed in that country – other channels are blocked. This means APs can only scan ‘legitimate’ channels and are ‘blind’ to activity on non-legal channels, although intrusions can of course occur on any channel.
A dedicated system, however, not only scans 24×7 but can scan all channels because it uses sensors, which listen passively and don’t transmit. This is key to ensuring any unusual activity is observed, whatever channel it uses.
Not every organisation will need a dedicated WIPS – for some, an integrated solution will be sufficient. Each option has its pros and cons, and the IT department has to understand the trade-offs in order to choose the most appropriate solution for their organisation’s risk profile, the depth of security needed and budget.
However, if Wi-Fi is critical to your organisation’s operations, you need to ensure you have dedicated sensors which can identify all potential threats in order to uncover and stop attacks on your network.
About the Author:
Stéphane Persyn | Fluke Networks | @Flukenetentemea
Stéphane Persyn is currently the Fluke Networks Field Marketing Manager for their wireless solutions and network performance solutions for the enterprise. He has over 10 years’ experience in the entire AirMagnet portfolio, from designing, surveying and modelling enterprise WLANs to security, BYOD, WIPS and the 802.11 protocol. He also manages network performance solutions including OptiView XG and OneTouch.
Stéphane joined Fluke Networks from HP where he was an engineer for HP Services for business bustomers.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.