Six ways to use wireless intrusion prevention systems in the enterprise
Expert George V. Hulme presents six real-world use cases for the deployment of WIPS to beef up wireless network security in the enterprise.
Business-orientated computing technology is going mobile. And while desktops are still an integral part of enterprise IT, the world is moving toward ubiquitous wireless access. This is due mainly to an ever-growing array of different types of connected gadgets such as tablets, smartphones, notebooks and others.
What does all of this mobility mean for enterprise security managers? It means they not only have more enterprise data that needs protecting, but that data is also being created and accessed on what seems like an exponentially rising number of devices. In addition, the majority of these mobile computers -- no matter the gadget, that's what these devices really are -- are on the move, accessing company information over an array of wireless connections in and out of the corporate network.
Enter wireless intrusion prevention systems (WIPS).
The previous feature in this series on wireless network security explained what WIPSes are, and outlined how they help to secure wireless networks within an enterprise. This feature will provide real-world use cases or scenarios for WIPSes that many organizations encounter in their wireless network deployments.
The scenarios outlined below offer six reasons why an enterprise should implement a WIPS. Taken as a whole, the article can help an organization decide if and/or when a WIPS is right for securing its wireless network. It can also help IT managers make the business case for this wireless security technology to executive management.
Scenario #1: Prevent network data theft
The most straightforward use for a WIPS is to keep wireless network traffic safe from snooping, data theft and traffic disruption from attacks.
If network traffic is left unprotected, it's relatively simple for an attacker to access the network and grab sensitive data right out of the air. That's because, for example, many of the tools that can be used by both network administrators and attackers to analyze network traffic, wireless network topology and access credentials are freely available for download.
In addition, there are many serious security weaknesses to standard wireless network technology. If -- or when -- attackers gain access to a wireless network, they can also capture wireless access keys, usernames and password credential combinations that can then be used to launch attacks deeper into the network.
These other attacks could include those on the integrity of network tracking, such as forging 802.11 frames or modifying 802.11 frames for replay. These types of attacks can be used to obtain the necessary responses from the network to try to crack encryption keys or "replay" valid session authentication tokens to attempt to break into systems.
WIPS products can go a long way toward protecting against these types of assaults. They do so by encrypting network traffic, identifying rogue access points, and looking for common attack patterns that are regularly levied at wireless networks.
Scenario #2: Managing rogue access points
In addition to keeping networks snug and secure, it's essential to keep access points that don't belong on the network off the network. Both security and network personnel need to be on the lookout for the installation of these so-called "rogue" access points by employees and others.
With access points being so cheap and easy to purchase, it's just a matter of time before some people think they need a better wireless connection and attach their own access point in or near the office. These unauthorized access points can create a wide-open network path straight into the trusted internal network.
Fortunately, most WIPSes and other wireless security apps include rogue access point identification capabilities. That way, whenever unauthorized access points are identified, security managers and IT admins can be notified, so those rogue access points can be (sometimes automatically) "contained" and endpoints blocked from being able to access the network through them.
Scenario #3: Guest networks
Most enterprises have a need for a wireless guest network. This is true whether it's a small doctor's office, a large manufacturing office campus, or a business that resides in the city or deep in the country. Any organization that has visitors will more often than not be expected to provide those guests access to a high-speed wireless network.
WIPSes and wireless network security provide ways to protect the office production network from guest networks. Guests can be segmented from the production network and be given a shared password. This helps to keep the primary network secure and still make for happy guests and visitors.
Scenario #4: Network monitoring and investigation
Attacks aimed at wireless networks come often and from everywhere. Fortunately, WIPSes detect and log both successful and attempted attacks, generating notifications for certain attack activity and logging other events for later investigation -- whether these were blocked or not.
Of course, network monitoring also helps network and security staff identify rogue devices as they arise, for a quick determination of whether these devices can be allowed to access the network or must be blocked permanently.
Additionally, while many WIPSes bundle event analysis tools, these all offer varying degrees of capability and ease of use, which is why many enterprises collect WIPS data and integrate those WIPS logs with existing (generally more powerful) analytics tools. Regardless, using either their own analysis tools or the log analysis tools provided by the WIPS vendor, organizations are going to need a way to uncover the security and network events that matter.
This is not only useful for identifying potential attacks or investigating successful attacks that have been underway, but also for improving the wireless network architecture.
Scenario #5: Network and device classification, identification
As devices attempt to gain wireless network access, a WIPS will try to determine who is actually authorized for that network access and who isn't. This is especially useful in organizations that have many guest visitors. Another helpful function of WIPSes is their ability to identify the network architecture, all wireless access points and their locations.
This helps organizations greatly improve network performance by optimizing the location of access points (for best network performance) and identifying the geographic location of attacks when they occur during a forensic investigation.
Scenario #6: Policy compliance
Nearly every IT regulation requires organizations to have the ability to report and demonstrate good access controls and maintain systems to a baseline level of security policy and proper configurations. A WIPS provides ways to identify wireless devices that may fall out of policy compliance.
Through WIPS toolsets, auditors (internal and external) can analyze the configuration of network systems to certify that they are set to established protocol. In addition, they can generate reports automatically, or ad hoc, to share with regulators, security analysts, investigators and others who need to know.
The rapid growth of wireless networks is straining the security teams at many enterprises as they work to ensure those wireless networks run as secured as their wired networks. While smaller networks with few guests may not need a dedicated WIPS, midsized and larger enterprises generally do -- especially those with a dispersed office campus and more access points and wireless network users than they can manage manually.
Learn how to monitor WLAN performance with WIPS
Read about the two different approaches to WIPS and how to choose between them