Slashdot Mirror


Risk Management of Wireless Networks

An anonymous reader writes "As wireless becomes a bigger part of our networks, those of us charged with maintaining them find ourselves also responsible for keeping drive-by script kiddies with a Pringles can out. BankInfoSecurity.com is running an excellent article on identifying and mitigating risks on wireless networks. The article was written by members of the Office of the Comptroller of the Currency (OCC) for banks, but it's applicable to any network environment and clearly lays out all the key steps to protecting wireless systems." There's nothing new here, really, but it's a good overview of issues to keep in mind when building a wireless net, as well as a good security plan starting point.

4 of 109 comments (clear)

  1. Athiests by Anonymous Coward · · Score: -1, Troll

    You can't have a civil discussion with an atheist. Atheists like to think of themselves as rational, but if you observe their behavior you'll find they
    are anything but. They are full of anger and bitterness, and react with frightful outrage whenever they encounter someone with different views from
    their own. Even people who think that atheism is a reasonable philosophy must admit that most atheists did not arrive at their point of view through
    anything resembling a rational process. Rather, they are poorly socialized individuals who are lashing out angrily at anything which they perceive to be
    valued by "mainstream" society. You really shouldn't take it personally. It is the result of an angry and profoundly unhappy psychological condition on
    their part, not due to you or your Christian beliefs.

  2. Site is Slashdotted! by Anonymous Coward · · Score: -1, Troll

    RISK MANAGEMENT OF WIRELESS NETWORKS PURPOSE This advisory letter highlights risks associated with wireless networks and provides guidance for managing those risks. National banks can use this guidance to help in protecting company assets and confidential customer information, achieving service level requirements, maintaining safe and sound practices, and ensuring compliance with regulatory security expectations. BACKGROUND The emergence of wireless networking standards and products that rely upon unlicensed radio frequencies is causing an increasing number of national banks to consider how they might benefit from the technology advancements. National banks can use wireless technologies to build local-area-networks and personal-area-networks with low-cost devices and easy installations. The basic technology components include: -Systems and devices sharing information (e.g., computers, workstations, networks); -Access points and network interface cards sending and receiving data; -Radio waves providing the conduit for data transmissions between access points; and -Authentication techniques establishing wireless connections. The Institute of Electrical and Electronics Engineers, Inc. (IEEE) has been instrumental in expanding wireless network capabilities by developing standards that rely on unlicensed radio frequencies. The IEEE standards address varying capacity levels, transmission speeds, and functionality. In addition, the Wi-Fi Alliance, originally known as the Wireless Ethernet Compatibility Alliance (WECA), was formed to promote wireless devices interoperability through a formal certification process. Certified devices are considered to have certain minimum interoperability and performance standards that may reduce the user?s need to test product performance individually. Potential Risks Associated with Wireless Networks Wireless networks can affect a bank?s risk profile in a variety of ways, depending upon how the technology is used. Because wireless network standards continue to emerge and evolve, potential users face the challenging questions of how to obtain the necessary technical expertise and whether to be an early adopter or wait for proven standards. Failure to keep abreast of changing standards can expose a bank to strategic and reputation risks. A bank?s ability to mitigate these risks will depend upon: -Effectiveness of board and management oversight; -Effectiveness of management?s policies and procedures to implement and manage wireless networking projects; -Ability to keep up with technological changes; -Network reliability and capacity; -Adequacy of business continuity plans; -Effectiveness of the bank?s security program; and, -Actions to monitor adverse events and take additional risk reduction steps. There are two particular security challenges worth mentioning: the broadcast nature of wireless networks and an initial weak encryption standard. Wireless networks transmit data to anyone in the broadcast area that has the right equipment to tune-in reception. This is a unique difference from wired networks and poses security challenges that can expose a bank to significant transaction and reputation risks. Managing the broadcast area involves controlling radio transmissions that can travel through walls, windows, and doors. In addition, the initial encryption standard to protect data transmissions, named ?Wired Equivalent Privacy? (WEP), has well-known weaknesses and vulnerabilities. Experts have cracked the WEP security standard, and tools are available to exploit WEP vulnerabilities. The combination of uncontrolled broadcast areas and use of a weak encryption standard creates an environment in which unauthorized access to systems and information can occur. This combination increases the importance of an effective security program and the quality of risk management. RISK MANAGEMENT CONSIDERATIONS The OCC wants to ensure that board and management oversight of wireless networks is effective and that the level of risk taken by using such networks is responsibly managed and con

  3. Warning : Troll in parent. by MooKore+2004 · · Score: 0, Troll

    The text has been modified. Search for "pig" in the text.

  4. Wep isn't bad to begin with. by MooKore+2004 · · Score: 2, Troll

    If you're smart when you set up your access point, and turn on WEP, 99.9% of people that might hack your network are going to go find an easier target. The typical figure I've heard is 24 hours or more to get enough traffic to break the encryption. Unless someone knows you have something they want, they're not going to bother.

    Home users are going to generate less traffic than businesses, and so it will take even longer to get enough traffic. Unless you happen to notice a van parked outside your house for a couple days, or find yourself staring down the barrel of a pringles can, you can relax.

    Turn off SSID broadcasting

    use a unique SSID

    For God's sake, change the admin password

    Turn on WEP

    Use MAC address filtering

    Congratulations, you're now more trouble than you're worth.