what is the  security risk  of Wireless  (WAP)  ?

Posted on 2009-04-13
Medium Priority
Last Modified: 2012-05-06
Hi all,
what is the  security risk  of Wireless access point  (WAP)  next to Isolated network (no internet). ( The Risk for this lan).

& what is wireless threats comparing to Fiber Optic or utp?


Question by:osho929
LVL 10

Expert Comment

ID: 24130853
A wireless access point will always be less secure that a hard-wired network.  That said, you can still make it quite secure.  First make sure the AP is physically secure so someone can't reset the config on you.  Then be sure to use WPA2 (also known as WPA with AES) for security.

As for Fiber, it is considered very secure because transmissions can't be intercepted because if the cable is split it won't transmit.  utp can be tapped into but if your cable is physically secure then there shouldn't be an issue.

Let me know if you want to elaborate on your scenario or if you have any other questions.

Author Comment

ID: 24144799
I need to do IT risk assessment  and explain why  the company shouldn't  have WAP next to  its isolated LAN where no internet connection. and all that to have more security.
LVL 10

Expert Comment

ID: 24148572
Is the access point secured? Are they using WEP, WPA or WPA2?  If they're using anything less than WPA2 then they're wrong.

by the way, what do you mean by "next to" the isolated LAN? Is it attached to the LAN?
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 10

Expert Comment

ID: 24155469
In your report you can say that everything transfered through the AP will be send over air. An eveasdropper can capture the data (which ofcourse should be encrypted).
From that point you depend on your encryption strenght.

As yous encryption is not broken (like WEP or first vulnerabilities of WPA) you should be safe.

Expert Comment

ID: 24174295
Probably the strongest authentication method you can use for the wireless radio would be WPA2 Enterprise. This will use a RADIUS server to actually authenticate your wireless clients, and will then use AES (highest grade) encryption to secure the traffic. As the others have said it's not as secure as traditional LAN's but should theoretically get the job done. If you are not at a governmental site or a site that deals with critical confidential / proprietary information I do not see it as too big of a concern. Just ensure your encryption keys are strong and not subject to dictionary attacks (i.e. use strong keys with letters and numbers capital / lowercase combinations)

You can also limit the power of your access points, enable mac-filtering etc, to further refine the security and integrity of the network.

Hope this helps!

LVL 65

Accepted Solution

btan earned 2000 total points
ID: 24174476
"why  the company shouldn't  have WAP next to  its isolated LAN where no internet connection"

I will say that wireless is open and exposed access (even with security configurations done), there are many concerns (as below) and I see the best way out is not even to have it at the first place - preventive then reactive.

a) Locality leakage - Heard of war driving, people goes around and map out the wireless location. Check out http://www.wigle.net/ - Web site that maps data gathered by "wardrivers," geeks who enjoy cruising around with open laptops connected to global positioning system (GPS) devices in order to chart the distribution of wireless networks. They can be useful info for malicious attackers. Having said that, it is also easy for attacker to determine your network's vulnerability to an attacker with radio access to the wireless network space (no physical barrier - even there is wall, long range antenna can be used). It can determine the locations and ranges of the wireless networks, determine network configuration information, and probe points of entry for identifying system information or access parameters.

b) Unauthorised Intrusion - If the security settings are not properly configured or the wireless hardware has firmware exploits vulnerabilities - where before they are properly configured or patch, these are opportune time for launching attack. Cracking WEP key is easy and already well known. Even for Preshared keys in WPA, it can be cracked with rainbow table style.  

c) Spoofed network - Knowing the SSID of wifi lan (easily with open tool like kismet), rogue wireless device can be set up and user may unknowingly connect to it. There is need for proper authentication mechanism like RADIUS or EAL/TLS. It can even be brought further with Man in the Middle that take eavesdropping and manipulation of the information transacted. There are common attacks like ARP spoofing too to spoof the device identitiy - MAC

d) Bridging effect - Think of if unauthorised access is gained and wireless LAN and wired LAN is not properly segregated (by VLAN or physical filter and separation), attacker may bridged the access to internal LAN. By that time it may become nasty.  The attacker may determine which network segments and systems the wireless network infrastructure can access, the security controls that separate the wireless network from other network segments and if the wireless network can be used as a launching point to attack other systems.

I also see that wireless in proximity to isolated LAN (if building not properly shielded), there may be electrical interferences (imagine public user trying to connect to it or other trying something funny with the WAP). I will say consider additional considerations when deploying WAP :
#Constraint the RF signal penetration through the premises
#Robust operation in the presence of external noise or interference
#Secure communication protocol with interoperability to legacy systems

For the comparison between wireless and fibre, you may want to take a look at

- Wireless transmission is much more susceptible to environmental interferences as compared to fibre optic.
- Provided you have modular switches, al you need to do is replace the mB speed FO modules with gB speed ones to get better utilisation of your link. Setting up the wireless connection with comparable speeds and security would cost a lot more.

Fibre can be more secure than wireless:
a) I thought this site is interesting talking about Fibre secure network - watch that clip

b) Use of quantum cryptography - The security of the data is guaranteed by laws of nature, as photons generate completely random keys. The mathematical formulae used in the past, which could be decrypted with enough time and effort, will soon be a thing of the past... Any listening (or tapping) to message will be detected ..

Hope it helps

Author Comment

ID: 24177940
Thanks  to all of you

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How does someone stay on the right and legal side of the hacking world?
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses
Course of the Month14 days, 12 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question