Wireless Local Area Networks (WLANs) are wonderful things. They allow easy repositioning of fixed equipment, enable workers on lift trucks and on foot to communicate with the host, and extend the enterprise to the four walls of the facility ... and beyond.
Beyond? Like, out into the street where the suspicious-looking guy in a van is sitting?
Yup. That kind of “beyond.”
WLAN should not stand for “We Let Anyone Network.” But many companies might be doing just that by having inadequate WLAN security.
Many IT directors feel that they’re protected because the wireless devices must navigate the same security and access restrictions as their hard-wired counterparts — once they hit the Ethernet.
Enterprise-level security is essential, of course, but just as you wouldn’t allow people you don’t know to plug into an unused Ethernet connection within your facility, you don’t want them tapping in from outside either. WLAN devices, because they do broadcast outside your walls (but are within some of your firewalls), need more security than their hard-wired counterparts. Security must be provided to transmissions that are in the ether itself, before they hit the Ethernet. This is where they’re vulnerable to interception.
Vendors will insist that the standard encryption used in communications is adequate. But concerns over WLAN security have been voiced ever since the adoption, and wide deployment, of 802.11-compliant devices. The level of concern over WLAN security is evidenced by the fact that there were a number of WLAN security solutions vendors at Frontline Solutions this year, whereas they had been absent or nearly invisible the year before.
Admittedly, it’s not that anyone is going to gain any useful intelligence by “watching” someone scan case codes on the receiving dock. And you might even think that if someone did manage to get into the system via a wireless device in the warehouse maybe all they would be able to do would be gain access to inventory (and that might be a minimal threat and hardly worth the effort).
It’s important to recognize, however, that every WLAN access point is just that: an access point into your system from outside. Login procedures, device IDs and passwords might be vulnerable to snooping (and forgery) unless the transmissions are securely encrypted and device authentication is equally rigorous. These few data strings are all a hacker needs to become a serious threat.
And, with systems becoming more “enabled” and “flexible,” the same wireless terminal used to do receiving has the potential to gain access to virtually any point in the network. Once someone’s inside your system, he can hack through security procedures to get at information a bit more critical than the UPC numbers of what’s on the dock.
And before you say, “Oh, our system’s secure,” consider that Department of Defense systems have been hacked more than 9,000 times in recent years. And one would hope that those people know a thing or two about security.
But, OK, let’s assume that you have initiated extremely rigorous device authentication and communications protocols within the facility so that the man in the van outside can’t break in. Are you safe yet?
No.
The more frequently overlooked lapse in WLAN security is in the home. There are growing numbers of 802.11-compliant home networks — many supplied by broadband ISPs to allow multiple computers to share the same cable or DSL connection — and these systems employ only minimal levels of security. That means there are potentially more access points into your network than you might even want to imagine.
Employees who bring home wireless-enabled laptops or use an 802.11-connected PC to dial into the company network from home may well be leaking critical information to anyone with the will and skill to eavesdrop. The entire login procedure may be far more vulnerable in these home networks than within your facility. And this could provide hackers with everything they need to joyride through your system.
Feeling paranoid yet? Hopefully you are. Remember, “Even if you are paranoid, that doesn’t mean they aren’t out to get you.”
Bert Moore, contributing editor, [email protected]