what is the  security risk  of Wireless  (WAP)  ?

Posted on 2009-04-13
Last Modified: 2012-05-06
Hi all,
what is the  security risk  of Wireless access point  (WAP)  next to Isolated network (no internet). ( The Risk for this lan).

& what is wireless threats comparing to Fiber Optic or utp?


Question by:osho929
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 10

Expert Comment

ID: 24130853
A wireless access point will always be less secure that a hard-wired network.  That said, you can still make it quite secure.  First make sure the AP is physically secure so someone can't reset the config on you.  Then be sure to use WPA2 (also known as WPA with AES) for security.

As for Fiber, it is considered very secure because transmissions can't be intercepted because if the cable is split it won't transmit.  utp can be tapped into but if your cable is physically secure then there shouldn't be an issue.

Let me know if you want to elaborate on your scenario or if you have any other questions.

Author Comment

ID: 24144799
I need to do IT risk assessment  and explain why  the company shouldn't  have WAP next to  its isolated LAN where no internet connection. and all that to have more security.
LVL 10

Expert Comment

ID: 24148572
Is the access point secured? Are they using WEP, WPA or WPA2?  If they're using anything less than WPA2 then they're wrong.

by the way, what do you mean by "next to" the isolated LAN? Is it attached to the LAN?
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

LVL 10

Expert Comment

ID: 24155469
In your report you can say that everything transfered through the AP will be send over air. An eveasdropper can capture the data (which ofcourse should be encrypted).
From that point you depend on your encryption strenght.

As yous encryption is not broken (like WEP or first vulnerabilities of WPA) you should be safe.

Expert Comment

ID: 24174295
Probably the strongest authentication method you can use for the wireless radio would be WPA2 Enterprise. This will use a RADIUS server to actually authenticate your wireless clients, and will then use AES (highest grade) encryption to secure the traffic. As the others have said it's not as secure as traditional LAN's but should theoretically get the job done. If you are not at a governmental site or a site that deals with critical confidential / proprietary information I do not see it as too big of a concern. Just ensure your encryption keys are strong and not subject to dictionary attacks (i.e. use strong keys with letters and numbers capital / lowercase combinations)

You can also limit the power of your access points, enable mac-filtering etc, to further refine the security and integrity of the network.

Hope this helps!

LVL 63

Accepted Solution

btan earned 500 total points
ID: 24174476
"why  the company shouldn't  have WAP next to  its isolated LAN where no internet connection"

I will say that wireless is open and exposed access (even with security configurations done), there are many concerns (as below) and I see the best way out is not even to have it at the first place - preventive then reactive.

a) Locality leakage - Heard of war driving, people goes around and map out the wireless location. Check out - Web site that maps data gathered by "wardrivers," geeks who enjoy cruising around with open laptops connected to global positioning system (GPS) devices in order to chart the distribution of wireless networks. They can be useful info for malicious attackers. Having said that, it is also easy for attacker to determine your network's vulnerability to an attacker with radio access to the wireless network space (no physical barrier - even there is wall, long range antenna can be used). It can determine the locations and ranges of the wireless networks, determine network configuration information, and probe points of entry for identifying system information or access parameters.

b) Unauthorised Intrusion - If the security settings are not properly configured or the wireless hardware has firmware exploits vulnerabilities - where before they are properly configured or patch, these are opportune time for launching attack. Cracking WEP key is easy and already well known. Even for Preshared keys in WPA, it can be cracked with rainbow table style.  

c) Spoofed network - Knowing the SSID of wifi lan (easily with open tool like kismet), rogue wireless device can be set up and user may unknowingly connect to it. There is need for proper authentication mechanism like RADIUS or EAL/TLS. It can even be brought further with Man in the Middle that take eavesdropping and manipulation of the information transacted. There are common attacks like ARP spoofing too to spoof the device identitiy - MAC

d) Bridging effect - Think of if unauthorised access is gained and wireless LAN and wired LAN is not properly segregated (by VLAN or physical filter and separation), attacker may bridged the access to internal LAN. By that time it may become nasty.  The attacker may determine which network segments and systems the wireless network infrastructure can access, the security controls that separate the wireless network from other network segments and if the wireless network can be used as a launching point to attack other systems.

I also see that wireless in proximity to isolated LAN (if building not properly shielded), there may be electrical interferences (imagine public user trying to connect to it or other trying something funny with the WAP). I will say consider additional considerations when deploying WAP :
#Constraint the RF signal penetration through the premises
#Robust operation in the presence of external noise or interference
#Secure communication protocol with interoperability to legacy systems

For the comparison between wireless and fibre, you may want to take a look at

- Wireless transmission is much more susceptible to environmental interferences as compared to fibre optic.
- Provided you have modular switches, al you need to do is replace the mB speed FO modules with gB speed ones to get better utilisation of your link. Setting up the wireless connection with comparable speeds and security would cost a lot more.

Fibre can be more secure than wireless:
a) I thought this site is interesting talking about Fibre secure network - watch that clip

b) Use of quantum cryptography - The security of the data is guaranteed by laws of nature, as photons generate completely random keys. The mathematical formulae used in the past, which could be decrypted with enough time and effort, will soon be a thing of the past... Any listening (or tapping) to message will be detected ..

Hope it helps

Author Comment

ID: 24177940
Thanks  to all of you

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question