» Apprion Web Site    » Resource Center    » Webinar Registration    » Upcoming Events    » Newsletters

Reality Check – Wireless Lessons from the Real-World

Wireless Myth: Our wireless infrastructure is the most vulnerable segment of our network.

Status: Most likely false

Details: In nearly every site I have worked on, the most vulnerable segment of the network has universally been the hard wired copper/fiber segment.

Physical Security
It is infinitely easier to plug a device into an unsecured switch than it is to break wireless encryption schemes, and in most sites, finding an unsecured switch is child's play. Any hacker worth his or her salt will be able to gain access to your hard wired network once given physical access to your network devices (Switches/Firewalls/Routers).

Outdated Firmware/Extraneous Services
An un-patched network appliance, server, or workstation with a connection to the Internet is a siren's call to malicious hackers. Most exploited devices that I have seen have been the result of system administrators not diligently patching their appliances (Servers/Switches/Firewalls/Routers) and/or leaving unnecessary services running in the background to be exploited.

Weak Passwords/Social Engineering
Many hackers prefer to attack what they consider the Achilles heel in most organizations directly either through brute force dictionary attacks, phishing and dumpster diving. Weak password policies allow users to keep easy-to-remember passwords for years for convenience sake resulting in easy access for hackers with the will and determination to methodically gather information via social engineering.

Remote Users VPN Connection To Network With Compromised Workstation
No matter how secure you make your network, it is only as secure as the least hardened segment; and for most organizations that segment resides in the homes of their off-site employees. An off-site employee's laptop or workstation may suffer from a lack of security patches, weak passwords, vulnerability to phishing and other social engineering attacks. As a result, a potentially compromised workstation may be allowed unfettered access to a secure network's resources whenever a VPN connection is established.

Solution: In conclusion, a wireless network can be effectively secured using either WPA, WPA2 Enterprise or WPA2 PSK with a randomly generated key of 20 characters.

Larry Allhands is a Senior Systems Architect at Apprion. Larry has over eight years experience designing and deploying high security wireless networks for municipal law enforcement and industrial environments. He was the primary design architect of the security model accepted by the California Department Of Justice for running highly sensitive Computer Aided Dispatch (CAD) data over wireless 802.11b and CDMA connections in 2002.

 
About Apprion
Apprion delivers wireless application networks and services for the process manufacturing industry. These wireless application networks are based on Apprion's ION System – the first and only open, scalable, and extensible foundation for managing and integrating multi-vendor wireless devices and applications.

Whether it is the need to address safety or security concerns, reduce maintenance or material costs, or improve productivity or asset utilization, a wireless application network from Apprion will assure that any wireless application is easier to deploy and manage while delivering value faster, more efficiently. For more information, visit www.apprion.com.

Apprion and all other Apprion Inc. product or service names are trademarks of Apprion Inc. in the USA and other countries. Other brand and product names are trademarks of their respective companies. Copyright 2009 Apprion Inc. All rights reserved.