Wireless security

[aakerman]

Hi.

I am currently interning for a company that values security VERY VERY highly. They have some wired ethernet connections, used for transferring data off the production floor.

I suggested using a wireless connection, as that would increase productivity greatly. But the floor manager promtply replied, that wireless ethernet could never be secure enough - and he wasn't open to discussion at all.

Can anyone help me convince the managing director that wireless connections indeed can be just as secure as wired connections? I don't need conjecture, I would very much like some links to solid studies/conclusions by reputable sources, that can back up my argument

 

[fire400]

wireless N with WPA2 is very good stuff.

 

[zodder]

WPA2 would be the only agrument you could use. The other encryption/security protocols are too vulnerable if security is that important.

 

[aakerman]

But that's only conjecture until I have some kind of test/review/study to back it up.

 

[SuperNaruto]

http://www.wi-fi.org/knowledge_center/wpa2/

WPA2 provides government grade security by implementing the National Institute of Standards and Technology (NIST)

 

[43st]

Not going to happen... We did some installs for some defense contractors a while ago... if you're in a similar sector and you're pushing wireless you're just going to look like a fool.

 

[Mark R]

Yup - WPA2 is pretty good. Just need to make sure that your RADIUS server and certificates are kept secure. The great thing about WPA2 is that you can revoke an individual user's authorization, or provide certificates that automatically timeout on a specific date (e.g. end of contract).

WPA2-PSK isn't bad - but is potentially weak due to the fact that it has to renegotiates the encryption keys on every connection - and therefore is potentially sensitive to a known plaintext attack, especially when combined with malicious software that can force disconnections. However, it is much, much more resistant than WEP. The other problem with PSK, is that there is only 1 key to the whole network - anyone can copy it, or distribute it - making it generally unsuitable for use in a commercial setting.

The problem with using WPA2 - is that you need to be sure that all your client computers are running suitably up-to-date networking hardware, firmware and drivers. Some older laptops won't be able to connect using WPA2 and AES encryption, until fully updated, with the appropriate windows hotfixes.

The fact remains, that wireless is never going to be as secure as wired - although WPA2 is pretty decent. If your company is genuinely concerned over information theft, then they probably are right to be sceptical of wireless.

Afterall, it wasn't that long since WEP was announced offering 'wired equivalent privacy'. Only a few years on, and it's well known that WEP offers virtually zero security.