No WLAN? You still need wireless security

It was nearly impossible to traverse a significant part of the show floor at this year's Networld+Interop without encountering solutions that dealt with the thorny issue of wireless security.

Indeed, when it comes to the threat matrix associated with wireless security, there are many issues demanding attention: everything from keeping unauthorised wireless users off wireless local area networks (WLANs) to making sure that the traffic flowing through a WLAN is encrypted in a way that keeps the payloads safe from prying eyes.

Although most wireless security solutions target organisations that have deployed wireless networks, there is a class of solutions that target all companies -- even those that haven't deployed wireless networks. These solutions detect the existence of rogue access points. (An access point is a transceiver that connects devices on a wireless LAN to the wired infrastructure. A rogue access point is not authorised by an organisation's IT department for operation.) Setting up an access point is child's play. In addition to plugging the access point into a power source, all one has to do is connect one end of an Ethernet cable to an available Ethernet port, connect the other end to an access point and voila! A new Wi-Fi WLAN is born.

Not all rogue access points are malicious. Until my IT department found out about it and asked me to shut it down, I ran a rogue access point for almost two years (long before Wi-Fi was popular). So early was it in the history of Wi-Fi, that the software for setting up, managing, and securing my Lucent-based 802.11b WLAN was both proprietary and not very user friendly. Knowing that hardly anyone was using Wi-Fi at the time, I didn't bother securing it. Eventually, the company standardised on a single vendor's technology for deploying and securing WLANs and, knowing about my access point through the grapevine, the IT department saw my rogue WLAN for what it was: a back door that bypassed all of the hard work and planning that went into building a secure Wi-Fi network.

Nick Miller, CEO of wireless management solution provider Cirond, put the problem in simple terms. "Companies spend thousands upon thousands of dollars and man-hours on network security," said Miller, "and all it takes is a $30 access point to render that investment useless."

Why set up a rogue access point in the first place? I can imagine at least three scenarios that could result in rogue access points. The first of these is where people with wireless networks at home and at work are having difficulty with home-work interoperability. Though software is making it easier to move back and forth between the two, I've had this problem and I also know that the easiest solution is to have the same kind of access point in both locations.

In the second scenario, people have a wireless network at home, but none at work. Once people catch wireless fever at home, they want it at work, too. If, for security or budgetary reasons, their company's IT department is unwilling to provide it, many overzealous workers are willing to install one for themselves.

In the third scenario, someone outside the organisation -- usually someone with malicious intent -- gains access to a physical Ethernet port on the company's network and surreptitiously connects an access point to it. Depending on where that port is (for example, underneath a desk in an unused cubicle), such "deployments" can easily escape physical detection.

The last two scenarios are particularly noteworthy since they could introduce wireless security problems to companies that have, for whatever reasons, no deployments of wireless technology.

So high on the radar is the rogue access point problem that a demonstration involving the surreptitious installation and subsequent detection of one was included in Cisco CEO John Chambers' Networld+Interop keynote speech. Cisco is one company of many that offer methods and products for detecting rogue access points. In fact, finding a solution isn't the challenge. The challenge is in finding a solution where you don't pay for functionality that you already have.

At Networld+Interop, I spent time with executives from Cirond and Lockdown Networks, both of which offer hardware-based solutions for locating rogue access points. Whereas Lockdown Networks sees rogue access point detection as a part of the larger problem of vulnerability management (wired or wireless), Cirond sees it as a part of the larger problem of wireless network management. Both companies' offers demonstrate how it's impossible to get everything you might need -- vulnerability management, rogue access point detection, and wireless network management -- in a la carte fashion from best-of-breed vendors.

Even the vendors are somewhat challenged when it comes to the positioning of the product. Cirond's Miller explained how the company's flagship product, WiNc Manager (which includes rogue access point detection), is having its name changed to AirPatrol -- the name also used for the company's mobile (as opposed to stationary) rogue access point detection solution.

Prior to the change, the company mostly emphasised WiNc's ability to demystify the management of Wi-Fi security. One of WiNc's strengths is in its ability to roll out uniform security settings (WEP keys, key rotation schemes, SSIDs, channel assignments, etc.) to heterogeneous Wi-Fi infrastructures that involve access points from multiple vendors. Whereas the evolving 802.11 specifications include standards for such settings as encryption and network identification, there are no standards when it comes to the user interface on the management software used to change those settings. As a result, deployment of access points from multiple vendors can easily result in the usage of just as many applications to manage them. WiNc can manage them all from one console.

But, as rogue access point detection became equally if not more important than WiNc's other functions, Miller was compelled to change the product's name.

Unfortunately, if you want rogue access point detection from Cirond, the only way to get it a la carte is by buying the mobile product. Otherwise, for the stationary, more industrial strength version, you must take it with the rest of the management product, which may include functionality you already have covered (especially if you've standardised on a single vendor for access points).

Like Cirond, LockDown sells a piece of hardware for detecting rogue access points. It costs US$5,000. But to get it to work, you need to own LockDown's $10,000 vulnerability assessment solution called LockDown Auditor (or, its bigger sister LockDown DataSafe). Vulnerability management, an important part of layered security, involves constant testing all systems for known weaknesses or improper security settings. Like LockDown, most of the numerous solutions for automating the vulnerability assessment process feature a central collection point for vulnerability assessment results. In as much as the discovery of a rogue access point is one of those results, a central collection point like LockDown Auditor or LockDown DataSafe is necessary for collecting data from the detection sensor (a.k.a. LockDown Wireless).

When a network management product overlaps a wireless management product, which overlap a rogue access point detection product, which overlaps a vulnerability assessment product, which overlaps an intrusion detection system and so on, an IT manager's selection process becomes more complicated. While the solutions themselves looked great, I lament the buyer's dilemma. These days, it's getting harder and harder to find extremely focused, best-of-breed products that do one thing and do it extremely well.

biography
David Berlind is an editor with ZDNet.com.