offer organizations and users many benefits such as portability and
flexibility, increased productivity, and lower installation costs.
Wireless technologies cover a broad range of differing capabilities
oriented toward different uses and needs. Wireless local area network
(WLAN) devices, for instance, allow users to move their laptops from
place to place within their offices without the need for wires and
without losing network connectivity. Less wiring means greater
flexibility, increased efficiency, and reduced wiring costs. Ad hoc
networks, such as those enabled by Bluetooth, allow data
synchronization with network systems and application sharing between
devices. Bluetooth functionality also eliminates cables for printer and
other peripheral device connections. Handheld devices such as personal
digital assistants (PDA) and cell phones allow remote users to
synchronize personal databases and provide access to network services
such as wireless e-mail, Web browsing, and Internet access. Moreover,
these technologies can offer dramatic cost savings and new capabilities
to diverse applications ranging from retail settings to manufacturing
shop floors to first responders.
However, risks are inherent in any wireless technology. Some of these risks are similar to those of wired networks; some are exacerbated by wireless connectivity; some are new. Perhaps the most significant source of risks in wireless networks is that the technology’s underlying communications medium, the airwave, is open to intruders, making it the logical equivalent of an Ethernet port in the parking lot. The loss of confidentiality and integrity and the threat of denial of service (DoS) attacks are risks
typically associated with wireless communications. Unauthorized users may gain access to agency systems and information, corrupt the agency’s data, consume network bandwidth, degrade network performance, launch attacks that prevent authorized users from accessing the network, or use agency resources to launch attacks on other networks.
Specific threats and vulnerabilities to wireless networks and handheld devices include the following:
All the vulnerabilities that exist in a conventional wired network apply to wireless technologies.
Malicious entities may gain unauthorized access to an agency’s computer network through wireless connections, bypassing any firewall protections.
Sensitive information that is not encrypted (or that is encrypted with poor cryptographic techniques) and that is transmitted between two wireless devices may be intercepted and disclosed.
DoS attacks may be directed at wireless connections or devices.
Malicious entities may steal the identity of legitimate users and masquerade as them on internal or external corporate networks.
Sensitive data may be corrupted during improper synchronization.
Malicious entities may be able to violate the privacy of legitimate users and be able to track their movements.
Malicious entities may deploy unauthorized equipment (e.g., client devices and access points) to surreptitiously gain access to sensitive information.
Handheld devices are easily stolen and can reveal sensitive information.
Data may be extracted without detection from improperly configured devices.
Viruses or other malicious code may corrupt data on a wireless device and subsequently be introduced to a wired network connection.
Malicious entities may, through wireless connections, connect to other agencies or organizations for the purposes of launching attacks and concealing their activities.
Interlopers, from inside or out, may be able to gain connectivity to network management controls and thereby disable or disrupt operations.
Malicious entities may use third-party, untrusted wireless network services to gain access to an agency’s or other organization’s network resources.
Internal attacks may be possible via ad hoc transmissions.
The National Institute of Standards and Technology (NIST) recommends the following actions:
Agencies should be aware that maintaining a secure wireless network is an ongoing process that requires greater effort than that required for other networks and systems. Moreover, it is important that agencies assess risks more frequently and test and evaluate system security controls when wireless technologies are deployed.
Maintaining a secure wireless network and associated devices requires significant effort, resources, and vigilance and involves the following steps:
Maintaining a full understanding of the topology of the wireless network.
Labeling and keeping inventories of the fielded wireless and handheld devices.
Creating backups of data frequently.
Performing periodic security testing and assessment of the wireless network.
Performing ongoing, randomly timed security audits to monitor and track wireless and handheld devices.
Applying patches and security enhancements.
Monitoring the wireless industry for changes to standards that enhance security features and for the release of new products.
wireless technology for new threats and vulnerabilities.
Agencies should not undertake wireless deployment for essential operations until they have examined and can acceptably manage and mitigate the risks to their information, system operations, and continuity of essential operations. Agencies should perform a risk assessment and develop a security policy before purchasing wireless technologies, because their unique security requirements will determine which products should be considered for purchase.
For more info on the topic read the source here: Wireless Network Security: Bluetooth, 802.11, handhelds (pdf)
Wireless Security Resources: