Building A Secure Wireless Solution

Wireless networking is rapidly becoming a victim of its own success.

Wi-Fi devices are approaching commodity status, and with easy-to-use setup and configuration wizards, Wi-Fi is quickly becoming the standard infrastructure for small businesses. Therein lies the problem—wireless is so easy to deploy, set up and configure that solution providers are getting elbowed out of potential profit opportunities. However, many of these “home-grown” installations neglect important security features. The lack of end-user concern for security can be chalked up to either ignorance or laziness, but that is not the point. The gaping security hole still leaves room for solution providers to offer security assessments and services.

By leveraging security knowledge and experience, integrators can sell wireless security solutions, which protect customer networks and lead to recurring service revenue for solution providers.

Enterprise personnel are often better educated about security threats to their business and their data. Small businesses, on the other hand, often have very limited understanding of potential security threats, the process of securing their networks and associated best practices.

There are several ways for integrators to quickly build a professional-strength, secure wireless solution for small businesses. These options range from simple common-sense approaches to complex, multilayered security schemes. Most typical security schemes require a bit of manual configuration on both the access point and on the client systems.

One of the most basic methods for securing a wireless network is MAC address filtering. Devices without preauthorized MAC addresses are prevented from connecting to a wireless router or access point to prevent malicious intrusions. While this method is a good security starting point, determined individuals can still use wireless packet capture software to intercept MAC addresses and then spoof (or falsify) them and gain access to the network.

Another option is encryption. Wi-Fi’s basic encryption scheme is Wired Equivalency Protocol (WEP) and employs either a 64-bit or 128-bit encryption key set on both a client system and an access point. While in theory WEP sounds like a good solution, keys can be quickly discovered, negating the point of encryption. Many times, WEP alone can give users a false sense of security.

Wi-Fi Protected Access (WPA) is an enhanced encryption technology that promises security by encryption. WPA uses temporal keys—keys that change over time—combined with other technologies. Solution providers can also add RADIUS server support to fully integrate wireless networking with network-based security schemes or directories.

The problem with WPA is complexity. The technology is often beyond the average user’s understanding and can be time-consuming to implement for even technology professionals. As with everything service-related, time is money. WPA solutions can cost more for a solution provider to implement than they bring in in revenue.

So what is the solution? Third-party configuration tools can increase revenue by speeding up and simplifying the security process for solution providers. Integrators with more time can implement more secure systems for a greater number of customers.

SingleClick Systems’ Wireless Network Ignition is a client-side product that offers wizard-based simplicity to securing wireless networks. The product works by replacing Microsoft’s Windows Wireless Zero Config (WZC) with SingleClick’s own wireless management utility. Wireless Network Ignition adds several key features to a typical wireless network client, including enhanced features such as wireless network auto detect, encryption wizards, automatic self-healing and diagnostic capabilities and wireless profiles.

The product enables solution providers to quickly set up secure wireless clients while simplifying the management and troubleshooting process. This can reduce tech support calls down the road. In theory, the product makes wireless work the way it should: securely, simply and reliably. In practice, Wireless Network Ignition does live up to its claims, but CRN Test Center engineers did run into some complications. After several attempts, the product would not work on an IBM T42 notebook computer. The SingleClick software refused to recognize the built-in wireless card. Test Center engineers experienced no such problems with Fujitsu and Toshiba notebook systems with integrated wireless, or with several PC card-based Wi-Fi cards. Engineers felt that the problems with the IBM T42 were the exception and not the rule.