Down to the wire

As Wireless Local Area Network (WLAN) implementations increase, Dr. Amit Sinha examines the risks associated with a more mobile financial sector.

As mobility has proven to play a vital role in improving productivity, WLAN deployments in financial institutions have accelerated. However, the introduction of wireless technologies has also created a new avenue for data breaches, circumventing traditional security architectures. The cost of a data breach for organisations can vary from US$200 to US$300 per compromised record according to studies done by the Ponemon Institute, Gartner and Forrester.

The Motorola AirDefense solution, currently deployed by several large financial institutions, is designed to secure the institution’s wireless airspace by eliminating rogue wireless devices, preventing wireless intrusions and facilitating compliance with requirements such as Sarbanes Oxley.

However, WLANs introduce certain vulnerabilities in a financial institution’s data network that traditional security solutions cannot mitigate. A rogue wireless Access Point (AP), for example, is an unauthorized AP physically connected to the wired network. These provide attackers with unrestricted access, bypassing firewalls and VPNs to internal servers, just as if they were connected to an internal wired port.

In addition, hackers can masquerade as an authorized wireless device and connect to an authorized AP. MAC address-based filters are useless since wireless MAC addresses are broadcast and hackers can easily change the MAC address. And while WEP encryption can be cracked in a few minutes, WPA-PSK is easy to implement and does not have the vulnerabilities of WEP. However, one common key is used between many devices and once a key is stolen or a password compromised, hackers can easily gain access without breaching a security perimeter.

Hackers can also easily perform wireless denial of service (DoS) attacks preventing devices from operating properly and disrupting network access. Wireless DoS attacks can cripple a wireless network despite the use of sophisticated wireless security protocols like WPA2 and hackers can insert malicious multicast or broadcast frames via wireless APs that can wreak havoc on a financial institution’s network.

Furthermore, wireless APs and client devices are frequently misconfigured and the majority of all wireless security incidents happen as the result of misconfiguration. These happen for a variety of reasons – including human error – and a misconfiguration at a bank or remote office can be detected and exploited to gain access, allowing hackers to attack internal servers and applications.

The AirDefense solution addresses three key areas of network security and management. The first is Comprehensive Wireless Intrusion Detection/Preventio, which provides the industry leading solution for rogue wireless detection and containment, with 24/7 wireless intrusion prevention. AirDefense Enterprise can accurately distinguish neighbouring devices from rogue devices that are connected to the wired network and can be setup to automatically terminate a rogue device over the air.

Wireless Policy Compliance provides financial institutions the ability to define granular wireless policies for how WLAN devices should be configured and operated and then monitors all devices to identify when any deviates from that policy. AirDefense can understand and monitor all WLAN authentication and encryption policies and allows network managers the ability to define WLAN device and roaming policies, channel policies for approved channels of operation and usage policies such as approved hours of operation. By rigorously monitoring WLAN activity, AirDefense offers a historical database that powers robust forensic analysis and historic trending, as well as incident investigation.

Advanced Troubleshooting can provide the administrator with a live streaming view of all devices, channels, bands and networks to identify hardware failure, RF interference, network misconfigurations and usage and performance problems. With Advanced Troubleshooting, IT managers can remotely analyze and perform network testing from a central location, as well as take advantage of next-generation self-healing features for hassle-free network management and optimal wireless LAN performance. This new solution can help significantly reduce wireless network helpdesk support costs and related onsite troubleshooting expenses by providing IT departments with the ability to identify and fix network configuration issues remotely.

Dr. Amit Sinha serves as Fellow & Chief Technologist of Motorola’s Enterprise Wireless LAN division. He was the Chief Technology Officer of AirDefense, prior to its acquisition by Motorola and he specializes in both wireless communications and security. He has authored over 25 journal/conference papers, contributed chapters to three books, and is the inventor of 16 US patents.