Towards an Effective Wireless Security Policy for Sensitive Organizations

Abstract

Wireless networks are becoming increasingly popular with organizations and corporations around the world. With the prospect of increased productivity and convenience at a reduced cost through the use of wireless, many organizations have introduced wireless networks into their infrastructures in a hope to reap its benefits. However, the adoption of wireless technologies brings with it new security concerns. The possibility that the signals from a wireless local area network (WLAN) being transmitted beyond the physical boundaries of an office make it easier for cyber criminals to monitor network traffic, disrupt data flows, and break into networks. The prospect of a breach of security becomes even more dangerous given that 70 percent of the data transmitted through wireless access points is unencrypted. These risks have elevated the importance of wireless security. With this increased concern for wireless security issues, a well thought-out and implemented wireless security policy is paramount. The goal of this work is to make the reader aware of the weakness in current wireless security models and to lay a framework of a reliable wireless security policy for sensitive organizations. We also examine a case study, the Department of Defense, of real world implementation of wireless security policies, analyzing their deficiencies based on our proposed framework.

This work was a final team project of IST623 (Introduction to Information Security), taught by Prof. Joon S. Park, at Syracuse University in Fall 2004. We would like to thank our fellow students for their valuable feedback, insight and encouragement as we researched and developed this project during the semester.