Wireless Security for Business Uses – WiMAX

Wireless networking technology has set a foundation for vast changes and improvement to the way networked computers work together and communicate. However, this convenience is not without drawbacks and IT security issues. Security measures must be continuously updated as new technology rolls out in order to stay current and relevant to consumer needs and standards.

The following will discuss the technical and business status of wireless security, and how is it likely to evolve in the future both in the US and internationally.  Description and examples of technical issues and approaches, along with policy issues and solutions will be discussed in order to analyze the industry’s pros and cons. New and emerging technology will be identified in order to cover the subject of wireless security comprehensively. While wireless technology is a significant convenience to society, it must be continually modified and updated in order to provide consistent support and protection.

Wireless Security Technical Issues

Wireless security provides the conveniences of streamlined computer communication and immediate data transfer but is a target for hacking and security breaches. Clients within the access point service area may be able to access the data that is transferred between the computer networks and the access points. In addition, as walls or ceilings fail to stop radio wave emission, data transmitted using this process is vulnerable to interception by unintended recipients (Radack, n.d). Stringent security measures are necessary to avoid providing unintentional access to private or sensitive information. Stream ciphers may be used to provide a keystream that must be memorized like a password, however these ciphers are vulnerable to attacks and decryption. Interceptors may also be able to decode the ciphers and obtain sensitive data (ISS, 2001). Once one of these stream ciphers is decoded, the remainder is easy to hack, making this security measure relatively ineffective.

With increased innovation and information related to wireless security comes an increased library of resources to hack it. Published papers which expose the vulnerabilities of Wireless security issues help hackers access by providing attack tools. With the advent of the information age, it is much easier for a hacker to obtain instructions and tools to access networks illegally.

Business or Policy issues

Organizations should have a network policy in place as part of the overall company policy on security. The policy should bar the entrance of internal network access points from computers and systems which are not supported by company-sponsored information technologies. The policy should mandate that the internal Information Technology department perform regular scans to check for access points that are not approved (NIST, 2009). Wireless scans and physical searches should be mandated in order to provide a comprehensive policy standard to protect against outside interference. The policy should outline solutions to problems and provide a comprehensive overview of the organizations business and privacy standards and best practices. The policy should also provide mandates of employees and standards for managing in the network. Barring password sharing or manipulation of the system is absolutely necessary. By including this in business policy standards employees will be well aware of the expectations as well as the consequences for breaching them.

Problems and Technical Approaches to Solutions

The problem with Wired Equivalent Privacy (WEP) protocol is that it is not secure and does not provide a comprehensive and complete solution to security in the wireless context. The solution is not to rely on WEP for encryption but use it in supplement (Tyrell, 2003). It can be used in conjunction with separating wireless and wired networks and applying a firewall or screening router between networks. Authentication processes should also be distinct for each device on the separate network. This will supplement the WEP and bolster protection of sensitive data. Another solution is to refrain from using descriptive names for access points. Keeping the access point unassuming will make it more difficult for attackers to identify the signal source, helping to protect the network.

Changing encryption keys often will help to maintain wireless security for businesses. On a small network, the WEP keys must be changed every few minutes in order to effectively thwart a hacker (Hamid, 2003). Changing keys this often on a large business network is not always practical; however periodic adjustments will make sure that even a compromised network does not remain so.

Disabling beacon packets near the access point will prevent attackers from finding access points through scanning tools. In addition, designing the access points in a central location will keep the broadcasts centralized and offers a better chance of containing the signal. Other solutions include changing the default password and IP addresses.

Another essential solution is to guard against unapproved access points created by employees or internal customers. Larger organizations often have employees who set up independent wireless networks to avoid the evaluation of Information Technology staff. While they may be used to collaborate easier between teams, they also make the organization vulnerable to outside attacks. As mentioned in the policy section, addressing these policy standards will provide a written account for employees to refer to.

New and Evolving Technologies

It is predicted that wireless technology will continue to complement wired connectivity in business and enterprise environments. Wired networks are less expensive than wireless networking and offer greater bandwidth for future applications and tighter security (CITE). Despite this, evolving technologies are making wireless more secure. Additional IT cryptography services are being developed that can provide increased consistency and protection. The national institute of standards and technology are consistently working on validating cryptographic models and algorithms to provide additional technical support and training (CITE). Cryptographic models are emerging and achieving additional market penetration as a result.

Wireless Security in Wide Area Data

Wide area data services help consolidate file servers from remote sites to the central data center while maintaining performance. It also helps to increase the speed of the distribution of file system based applications (Yufei, Tan, Dantong, Shudong & Thomas, 2012). Wide area data must be additionally secured because it can lead hackers to the central functions of a business. As business in the U.S. expands and partners with suppliers and partners overseas, the international implications of evolving security measures will become apparent. It will need to continue to evolve in order to manage the information and data sharing between international partners in order to alleviate security vulnerabilities.

Wireless security in wide-area data is integral to managing business partnerships across the country and overseas. With the increased focus on digital conferences and online meetings, voice networks must be additionally secured. The information about the call as well as the voice data can be secured through encryption if discussed over WiFi and Wifimax (Intel, n.d). As Wifimax is so much faster, it is more essential to manage encryption and protection even more consistently.

Conclusion

Continued innovation in wireless technology is exciting. However, it keeps businesses struggling to maintain security measures against educated and skilled cyber attackers. In order to protect sensitive information and manage wireless security in a business setting, information technology managers are encouraged to layer and supplement security tools and safeguards. No one privacy application is enough to protect a business from motivated and committed hackers. Information technology department staff is not solely responsible for maintaining security. All employees must understand what is at stake and take precautions to do their part to manage security and protect sensitive data. The policy standards outlined will help employees understand expectations and provide a resource for best practices. Despite the ongoing security changes that need to take place to protect businesses, innovation through new and developing technologies help to support organizational security against determined cyber attackers.

As wireless security has consistently managed to stay updated with new technology, it is likely that security evolution will maintain protection for businesses who integrate wireless technologies into their enterprise structures. Especially with the increased globalization of the world economy and the expansion of companies in the U.S, these evolutions will be met with an eager market of purchasers. It is likely that the future of wireless security will increase the communication and business relationships between executives within the U.S. and internationally. This will allow wireless systems to be used frequently without exposing company information to hackers or cyber attackers. Continuous evolution is necessary in every aspect of technology in order to maintain a competitive advantage. As technology evolves, security must maintain an innovative standard in order to keep up with the needs of organizations in the U.S. as well as those operating on an international platform.

References

Hamid, R. (2003) Wireless LAN: Security issues and solutions. Sans Institute Infosec Reading Room. Retrieved from http://www.sans.org/reading-room/whitepapers/wireless/wireless-lan-security-issues-solutions-1009?show=wireless-lan-security-issues-solutions-1009&cat=wireless

Intel. (n.d)Wi-Fi and WiMAX solutions white paper. Understanding Wi-Fi and WiMAX as Metro-Access Solutions. Retrieved from http://www.rclient.com/PDFs/IntelPaper.pdf 

Internet Security System (ISS). (2001). Wireless LAN security. Retrieved from http://www.iss.net/documents/whitepapers/wireless_LAN_security.pdf

National Institute of Standards and Technology (NIST). (2009) Security management and assurance. Computer Security Division. Retrieved from http://csrc.nist.gov/groups/STM/index.html

Radack, S. (n.d.)Security for wireless networks and devices. Computer Security Division. Information Technology Laboratory.National Institute of Standards and Technology. Retrieved from http://www.itl.nist.gov/lab/bulletns/bltnmar03.htm

Tyrell, K. (2003). An overview of wireless security issues. Sans Institute Infosec Reading Room Retrieved from http://www.sans.org/reading-room/whitepapers/wireless/overview-wireless-security-issues-943?show=overview-wireless-security-issues-943&cat=wireless

Yufei R., Tan L., Dantong Y., Shudong J., Thomas R. (2012) Protocols for wide-area data-intensive applications: Design and Performance Issues. Retrieved from http://www.es.net/assets/pubs_presos/rftp-sc12-final.pdf