Solved

what is the  security risk  of Wireless  (WAP)  ?

Posted on 2009-04-13
7
833 Views
Last Modified: 2012-05-06
Hi all,
what is the  security risk  of Wireless access point  (WAP)  next to Isolated network (no internet). ( The Risk for this lan).

& what is wireless threats comparing to Fiber Optic or utp?

Thanks,
Osho


0
Comment
Question by:osho929
7 Comments
 
LVL 10

Expert Comment

by:sublifer
ID: 24130853
A wireless access point will always be less secure that a hard-wired network.  That said, you can still make it quite secure.  First make sure the AP is physically secure so someone can't reset the config on you.  Then be sure to use WPA2 (also known as WPA with AES) for security.

As for Fiber, it is considered very secure because transmissions can't be intercepted because if the cable is split it won't transmit.  utp can be tapped into but if your cable is physically secure then there shouldn't be an issue.

Let me know if you want to elaborate on your scenario or if you have any other questions.
0
 

Author Comment

by:osho929
ID: 24144799
I need to do IT risk assessment  and explain why  the company shouldn't  have WAP next to  its isolated LAN where no internet connection. and all that to have more security.
0
 
LVL 10

Expert Comment

by:sublifer
ID: 24148572
Is the access point secured? Are they using WEP, WPA or WPA2?  If they're using anything less than WPA2 then they're wrong.

by the way, what do you mean by "next to" the isolated LAN? Is it attached to the LAN?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 10

Expert Comment

by:ampranti
ID: 24155469
In your report you can say that everything transfered through the AP will be send over air. An eveasdropper can capture the data (which ofcourse should be encrypted).
From that point you depend on your encryption strenght.

As yous encryption is not broken (like WEP or first vulnerabilities of WPA) you should be safe.
0
 
LVL 3

Expert Comment

by:yegs2000
ID: 24174295
Probably the strongest authentication method you can use for the wireless radio would be WPA2 Enterprise. This will use a RADIUS server to actually authenticate your wireless clients, and will then use AES (highest grade) encryption to secure the traffic. As the others have said it's not as secure as traditional LAN's but should theoretically get the job done. If you are not at a governmental site or a site that deals with critical confidential / proprietary information I do not see it as too big of a concern. Just ensure your encryption keys are strong and not subject to dictionary attacks (i.e. use strong keys with letters and numbers capital / lowercase combinations)

You can also limit the power of your access points, enable mac-filtering etc, to further refine the security and integrity of the network.


Hope this helps!

Best,
yegs
0
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 24174476
"why  the company shouldn't  have WAP next to  its isolated LAN where no internet connection"

I will say that wireless is open and exposed access (even with security configurations done), there are many concerns (as below) and I see the best way out is not even to have it at the first place - preventive then reactive.

a) Locality leakage - Heard of war driving, people goes around and map out the wireless location. Check out http://www.wigle.net/ - Web site that maps data gathered by "wardrivers," geeks who enjoy cruising around with open laptops connected to global positioning system (GPS) devices in order to chart the distribution of wireless networks. They can be useful info for malicious attackers. Having said that, it is also easy for attacker to determine your network's vulnerability to an attacker with radio access to the wireless network space (no physical barrier - even there is wall, long range antenna can be used). It can determine the locations and ranges of the wireless networks, determine network configuration information, and probe points of entry for identifying system information or access parameters.

b) Unauthorised Intrusion - If the security settings are not properly configured or the wireless hardware has firmware exploits vulnerabilities - where before they are properly configured or patch, these are opportune time for launching attack. Cracking WEP key is easy and already well known. Even for Preshared keys in WPA, it can be cracked with rainbow table style.  

c) Spoofed network - Knowing the SSID of wifi lan (easily with open tool like kismet), rogue wireless device can be set up and user may unknowingly connect to it. There is need for proper authentication mechanism like RADIUS or EAL/TLS. It can even be brought further with Man in the Middle that take eavesdropping and manipulation of the information transacted. There are common attacks like ARP spoofing too to spoof the device identitiy - MAC

d) Bridging effect - Think of if unauthorised access is gained and wireless LAN and wired LAN is not properly segregated (by VLAN or physical filter and separation), attacker may bridged the access to internal LAN. By that time it may become nasty.  The attacker may determine which network segments and systems the wireless network infrastructure can access, the security controls that separate the wireless network from other network segments and if the wireless network can be used as a launching point to attack other systems.

I also see that wireless in proximity to isolated LAN (if building not properly shielded), there may be electrical interferences (imagine public user trying to connect to it or other trying something funny with the WAP). I will say consider additional considerations when deploying WAP :
#Constraint the RF signal penetration through the premises
#Robust operation in the presence of external noise or interference
#Secure communication protocol with interoperability to legacy systems

For the comparison between wireless and fibre, you may want to take a look at
http://www.experts-exchange.com/Hardware/Networking_Hardware/Q_23111849.html

Excerpts:
- Wireless transmission is much more susceptible to environmental interferences as compared to fibre optic.
- Provided you have modular switches, al you need to do is replace the mB speed FO modules with gB speed ones to get better utilisation of your link. Setting up the wireless connection with comparable speeds and security would cost a lot more.

Fibre can be more secure than wireless:
a) I thought this site is interesting talking about Fibre secure network - watch that clip
> http://www.fft.com.au/applications_data.php

b) Use of quantum cryptography - The security of the data is guaranteed by laws of nature, as photons generate completely random keys. The mathematical formulae used in the past, which could be decrypted with enough time and effort, will soon be a thing of the past... Any listening (or tapping) to message will be detected ..
> http://news.soft32.com/austrian-researchers-secure-electronic-communication_6751.html

Hope it helps
0
 

Author Comment

by:osho929
ID: 24177940
Thanks  to all of you
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Working settings for French ISP Orange "Prêt à Surfer" SIM cards for data connections only. Can't be found anywhere else !
Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now