what is the security risk of Wireless (WAP) ?

Hi all,
what is the  security risk  of Wireless access point  (WAP)  next to Isolated network (no internet). ( The Risk for this lan).

& what is wireless threats comparing to Fiber Optic or utp?


Who is Participating?
btanConnect With a Mentor Exec ConsultantCommented:
"why  the company shouldn't  have WAP next to  its isolated LAN where no internet connection"

I will say that wireless is open and exposed access (even with security configurations done), there are many concerns (as below) and I see the best way out is not even to have it at the first place - preventive then reactive.

a) Locality leakage - Heard of war driving, people goes around and map out the wireless location. Check out http://www.wigle.net/ - Web site that maps data gathered by "wardrivers," geeks who enjoy cruising around with open laptops connected to global positioning system (GPS) devices in order to chart the distribution of wireless networks. They can be useful info for malicious attackers. Having said that, it is also easy for attacker to determine your network's vulnerability to an attacker with radio access to the wireless network space (no physical barrier - even there is wall, long range antenna can be used). It can determine the locations and ranges of the wireless networks, determine network configuration information, and probe points of entry for identifying system information or access parameters.

b) Unauthorised Intrusion - If the security settings are not properly configured or the wireless hardware has firmware exploits vulnerabilities - where before they are properly configured or patch, these are opportune time for launching attack. Cracking WEP key is easy and already well known. Even for Preshared keys in WPA, it can be cracked with rainbow table style.  

c) Spoofed network - Knowing the SSID of wifi lan (easily with open tool like kismet), rogue wireless device can be set up and user may unknowingly connect to it. There is need for proper authentication mechanism like RADIUS or EAL/TLS. It can even be brought further with Man in the Middle that take eavesdropping and manipulation of the information transacted. There are common attacks like ARP spoofing too to spoof the device identitiy - MAC

d) Bridging effect - Think of if unauthorised access is gained and wireless LAN and wired LAN is not properly segregated (by VLAN or physical filter and separation), attacker may bridged the access to internal LAN. By that time it may become nasty.  The attacker may determine which network segments and systems the wireless network infrastructure can access, the security controls that separate the wireless network from other network segments and if the wireless network can be used as a launching point to attack other systems.

I also see that wireless in proximity to isolated LAN (if building not properly shielded), there may be electrical interferences (imagine public user trying to connect to it or other trying something funny with the WAP). I will say consider additional considerations when deploying WAP :
#Constraint the RF signal penetration through the premises
#Robust operation in the presence of external noise or interference
#Secure communication protocol with interoperability to legacy systems

For the comparison between wireless and fibre, you may want to take a look at

- Wireless transmission is much more susceptible to environmental interferences as compared to fibre optic.
- Provided you have modular switches, al you need to do is replace the mB speed FO modules with gB speed ones to get better utilisation of your link. Setting up the wireless connection with comparable speeds and security would cost a lot more.

Fibre can be more secure than wireless:
a) I thought this site is interesting talking about Fibre secure network - watch that clip

b) Use of quantum cryptography - The security of the data is guaranteed by laws of nature, as photons generate completely random keys. The mathematical formulae used in the past, which could be decrypted with enough time and effort, will soon be a thing of the past... Any listening (or tapping) to message will be detected ..

Hope it helps
A wireless access point will always be less secure that a hard-wired network.  That said, you can still make it quite secure.  First make sure the AP is physically secure so someone can't reset the config on you.  Then be sure to use WPA2 (also known as WPA with AES) for security.

As for Fiber, it is considered very secure because transmissions can't be intercepted because if the cable is split it won't transmit.  utp can be tapped into but if your cable is physically secure then there shouldn't be an issue.

Let me know if you want to elaborate on your scenario or if you have any other questions.
osho929Author Commented:
I need to do IT risk assessment  and explain why  the company shouldn't  have WAP next to  its isolated LAN where no internet connection. and all that to have more security.
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Is the access point secured? Are they using WEP, WPA or WPA2?  If they're using anything less than WPA2 then they're wrong.

by the way, what do you mean by "next to" the isolated LAN? Is it attached to the LAN?
In your report you can say that everything transfered through the AP will be send over air. An eveasdropper can capture the data (which ofcourse should be encrypted).
From that point you depend on your encryption strenght.

As yous encryption is not broken (like WEP or first vulnerabilities of WPA) you should be safe.
Probably the strongest authentication method you can use for the wireless radio would be WPA2 Enterprise. This will use a RADIUS server to actually authenticate your wireless clients, and will then use AES (highest grade) encryption to secure the traffic. As the others have said it's not as secure as traditional LAN's but should theoretically get the job done. If you are not at a governmental site or a site that deals with critical confidential / proprietary information I do not see it as too big of a concern. Just ensure your encryption keys are strong and not subject to dictionary attacks (i.e. use strong keys with letters and numbers capital / lowercase combinations)

You can also limit the power of your access points, enable mac-filtering etc, to further refine the security and integrity of the network.

Hope this helps!

osho929Author Commented:
Thanks  to all of you
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.