Are Wireless Networks A Security Threat?

THE FUTURE
Cellular data service is going to be the next generation for wireless access when working outside the office. Its ease of use, increasing data speeds and better reliability will make this solution the option of choice in the immediate future. As this solution becomes less expensive and more reliable (see Cellular Data Cards box at right for my personal experience), this will prove to be a very beneficial service for most accounting firms. The shareable nature of this type of connection and the ease of configuration make it much easier for users to utilize this technology. Instead of having to spend time connecting to a client or Wi-Fi network, the cellular data connection can be quickly established and enable employees to work faster.

WiMAX is an emerging technology and is actually being adopted in the third world faster than it is in the United States because an existing infrastructure does not exist in the third world. Pakistan is currently the leader in adoption of WiMAX technology with 17 cities currently using the system and plans to get it set up in all 71 cities in Pakistan. It will come here in the United States eventually as our existing copper-based wired network ages and needs to have significant replacements. WiMAX is the future, and cellular is the bridge technology.

Definitions & Processes

Access Point (AP) – The central control point to which other wireless devices such as computers and printers authenticate to gain access to the corporate network.

Wired Equivalent Privacy (WEP) – This protocol was introduced in 1997 to secure wireless communication between devices and access points by encrypting the broadcast traffic. The protocol has been replaced by other protocols because its encryption algorithms have been compromised. Unfortunately, even with the protocol being compromised, it is still in widespread use today.

Wi-Fi Protected Access (WPA and WPA2) – These protocols were released as interim standards while the IEEE, the Internet standard setting body, worked on fixing the WEP protocol standard. This protocol has remained, been expanded and is becoming the standard for wireless encryption between the device and the access point. All wireless devices sold since September 2003 with the designation Wi-Fi Certified support this standard. This standard does have some interoperability issues with some devices, and as a result not all equipment will work with WPA encryption, especially older equipment built before 2001. The weakness in this protocol is with short, easy-to-break passwords used in establishing a Pre-Shared Key. A brute force attack can be used to crack this password. Passwords of more than 13 characters reduce this possible vulnerability to almost zero.

Cellular Data Cards – These devices attach to a computer, most often a laptop, to provide an always-on connection to the Internet via the cellular system. While this technology has been around for several years, the recent upgrade to the 3G standard has made this type of access much more stable and beneficial. Most of these cards run at a speed equivalent to a DSL connection.

Worldwide Interoperability for Microwave Access (WiMAX) – This protocol provides wireless transmission of data using a variety of transmission modes such as point-to-point or cellular-like access. Speeds are much higher than other types of access such as Cellular or standard wireless. WiMAX is not currently a heavily adopted technology in the United States. Some believe it will replace other connection technologies in the future because of its higher speeds, cellular-like access, and because it can serve as a last mile connection to people currently underserved by other technology in rural or remote areas. It is a competitor to DSL and cable.

Virtual Private Network (VPN) – This is generally a software package that creates an encrypted connection, commonly called a tunnel, through the Internet to the office network from wherever the remote computer is located and connected to the Internet. This encrypted connection passes data from the remote computer to the corporate network without using the open and more public Internet to transmit the communication. The remote computer acts as if it is directly connected to the corporate network even if it is located hundreds of miles away and connected via a non-corporate controlled connection, such as cellular or a Wi-Fi hotspot.