Computersight -

Microcomputers and networks have become the foundation of business life (Kaplan and Clyde, 1993). According to the National Computer Security Association, more than half of the sixty million microcomputers used by U.S. businesses are connected to networks. Network resources allow worldwide access to information, no matter where it resides, or where the users are located. Unfortunately, the physical and logical controls used by an organization to secure its information offer no protection when that information is being electronically transmitted. In a survey, which included responses from 538 computer security practitioners in various institutions, contained some sobering figures that 85% of respondents detected computer security breaches in the last 12 months while 64% acknowledged financial losses due to the breaches (McClure, S., Scambray, J. & Kurtz G. 2001).

This paper is about the emerging technology of Wireless LANs that are being used in many businesses today.

Wireless LAN

A wireless local area network (WLAN) is said to be a set of network components. These network components are connected by electromagnetic (radio) waves instead of the more commonly used wires (Wikipedia, 2007). WLANs are used as a substitute for wired computer networks. It adds freedom of movement and flexibility within the workplace. Oftentimes, it is also used in combination with wired computer networks. Clients who use WLANs enjoy the easy access on their respective company networks and even the Internet from almost anywhere within and throughout the boardroom, campus or store. They do this without relying on any wired cables and connections available.

There are two modes that the proposed standard 802.11 works on: (1) in the absence of base station and, (2) in the presence of base station. In the first case, computers that communicate with each other through this mode is called ad hoc networking. The latter case on the other hand is called the infrastructure mode. All communication goes through the base station, which is the access point in 802.11 terminologies (Wikipedia, 2007).

IEEE (working committee) 802.11 indicates set of wireless WLAN/LAN standards. Some challenges that they met as they developed these standards were: “dealing with the fact that radio signals have a finite range; building a system with enough bandwidth to be economically feasible; ensuring users privacy and security; finding a suitable frequency band that was available, preferably worldwide; and finally, worrying about human safety” (Wikipedia, 2007).

During the standardization process, 802.11 was decided to be made compatible with Ethernet above data link layer. Inherent differences existed eventually which had to be taken care of by the standard.

Foremost, before transmitting, a computer on Ethernet always listens to the ether. This is not possible in case of WLANs. Collision may take place as the range of a station may not be able to detect transmission that is taking place between two other stations.

Another problem that were to be solved was the interference resulting in what we call Multipath fading. This was a result of radio signals being received a multiple times because they can be reflected off solid objects (Wikipedia, 2007).

The last dilemma was is a notebook computer were to be moved away from the base station to another, a way of handing it off must be done (Andress, 2003).

Eventually, the committee came up with a standard to finally address these concerns. The amendment 802.11i also enhanced the security. Among the most popular of amendments are 802.11a, 802.11b and 802.11g to original standard. Service enhancements and extensions are in other specifications from (c-f, h, j) (Andress, 2003).

Application/Technology

Wireless networks include several technologies, each with its own optimal use. Wireless LAN technology, mainly the 802.11 set of standards, helps create wireless networks similar to organization-wired Ethernet networks.

Wireless LANs also can provide a cost benefit. Installing and configuring wired communications can be costly, especially in those hard-to-reach areas. Ladders, drop ceilings, heavy furniture, kneepads, and a lot of time are often necessary to get all components installed and connected properly. By comparison, wireless LAN installations are a breeze. Plug in the access point, install a wireless network interface card (NIC), and you are all set.

An access point is the device that acts as a gateway for wireless devices (Andress, 2003). Through this gateway, wireless devices access the network, as shown in Figure 1.

Stations – are referred to as all components that can connect into wireless medium in a network. All stations have wireless network interface cards (WNICS). Wireless stations fall into one of two categories: access points and clients.

Clients – can be mobile devices such as personal digital assistants (PDAs), laptops, fixed devices such as desktops and workstations, or IP phones. All which are equipped with WNICs.

Basic service set – or BSS is a set of all stations who communicate with each other. Two types of BSS are: infrastructure BSS and independent BSS. BSS has an identification called the BSID. The BSID is the MAC address of the access point in service of BSS.

Extended service set – or ESS is a set of all connected BSSes. ESS also has an identification called the SSID. The SSID is a 32-byte (maximum) character string. All access points in an ESS are connected by a distribution system.

Distribution system – as mentioned above, the distribution system connects all access points in an ESS. Usually, a distribution system is a wired LAN but can also be a wireless LAN.

Who Does/Might Use It

Basically almost every establishment and organization that is spread over an area uses WLAN. WLAN however are more for the persons on the go.

Case Studies

The business risk for a company engaged in technologically dependent business is normally greater than for one that is not. Business operations present a unique set of risks, including an increased reliance on technology and increased vulnerability to the rapid changes in technology (Niederhoffer, M 2002). In addition, industry structures can erode rapidly because Internet shopping facilitates price competition and transforms core business structures to promote distribution by mail and remote customer service. To address such challenges, a company, be it large scale or small, needs to develop an effective business strategy. An effective business strategy requires operational efficiency; within a business’s information systems, this means an emphasis on information security and controls. Issues pertaining to security of LAN or WLAN must be observed. A cost-effective business internal control system should be designed and implemented toward the goal of reduced operating expenses and therefore increased profits. Reducing operating expenses and increasing profits are critical to the success, even the continued survival, of companies heavily engaged in business.

With respect to LAN/WLAN application, this following portion of the paper shall be discussing the attributes of a large firm and a small firm particularly their network security of their data transmission. The first company is Cisco while the other is a small company in Memphis named Team Estate Sales and Appraisal

Cisco: Large firm

In this firm, they use the term identity. They use it in context of the identification of network users, hosts, applications, services, and resources. Examples of technologies that enable identification include Remote Authentication Dial-In User Service (RADIUS), Kerberos, one-time passwords, digital certificates, smart cards, and directory services (Della Maggiora and Doherty, 2003). Apparently, Cisco also uses perimeter security to control access to critical network applications, data, and services so that only legitimate users and information can access these assets. Examples include access lists on routers and switches, firewalls, virus scanners, and content filters (Della Maggiora and Doherty, 2003). Moreover, Cisco assumes that the ability to provide secure communication is crucial when they protect information from eavesdropping. Digital encryption technologies and protocols such as Internet Protocol Security (IPSec) are the primary means for protecting data, especially when implementing virtual private networks (VPNs). Furthermore, regardless of how security is implemented, Cisco posits that it is still imperative to monitor a network and its components to ensure that the network remains secure. Network-security monitoring tools and intrusion detection systems (IDSs) provide visibility to the security status of the network (Della Maggiora and Doherty, 2003).

The company also presupposes that the company’s network is like any other corporate asset: It is valuable to the success and revenue of that company. More than ever, the corporate computer network is the most valuable asset of many companies. Therefore, it must be protected. Generally, middle- to large-size companies appoint a chief security officer, whose job is to develop and enforce corporate security policies. Similarly, Internet security is a big concern given the exposure of corporate data resources to the publicly accessible Internet. Traditionally, the company could achieve security by physically separating corporate networks from public networks. However, with corporate web servers and databases-and the desire to provide access to corporate resources to employees over the Internet-companies must be especially diligent in protecting their networks.

Similarly, Cisco uses both the process of authentication and authorization. A computer or computer user identifies itself to the network or network resources. Consequently authorization occurs after authentication. After the computer or user successfully identifies itself, the network or server authorizes the individual or computer to perform certain things with a certain level of access. Similarly, an 802.1x is considered as a link layer protocol used for transporting higher-level authentication protocols defined by the Institute of Electrical and Electronic Engineers (IEEE) (Parker, D.B. 1984). One form of authentication occurs through the exchange of passwords. This form is generally a one-way transaction in which a user or computer identifies itself to a network or server. A popular method for securely identifying a machine or individual uses digital signatures. For example, if one sends e-mail to someone, the receiver might want to verify that the sender was indeed the originator of the e-mail. Algorithms such as Secure Hash Algorithm (SHA), Message Digest 5 (MD5) (similar to checksum), and triple Digital Encryption Standard (3DES) encrypt and securely “sign” the message are utilized by Cisco. Then, the sender and receiver match public and private keys. The combination of these methods allows both parties to trust (or not trust) each other when exchanging information.

Team Estate Sales and Appraisal: Small Firm

Increasingly, companies are using the Internet to expand their markets such as the Team Estate Sales and Appraisal (TESA), which is based in Memphis. Recent media reports demonstrate the importance of effective corporate computer network security in today’s interconnected and networked business environment (Mathias, C. J. 2003). While these connections make information and computer resources readily available for enhanced business activities, they also potentially expose a company’s computers and business information to sabotage and misuse.

Based on the profile of the company and correspondence from the managers of the small firms, they stated that they designed their computer network for security (Team Estate Sales and Appraisals, 2007). Proper design of the network’s security ensures the confidentiality of data. Network security exists when only authorized users are provided access to data and everyone else is denied access. One of the biggest dangers for many small businesses is the absence of appropriate security measures and enforced policies. The lack of well-designed, applied and enforced security measures may result in the undetected loss of sensitive, business-critical information. TESA also asserted that they identify potential security threats. There are three common security threats to a computer network such as unauthorized reading and copying of information from the network, adding unauthorized data or destroying existing data on the network and invasion of their network resulting in all of your network resources being used by an outside agent (Team Estate Sales and Appraisals, 2007). According to them, results of these security breaches range from minor inconvenience to loss of sensitive business information to destruction of the network infrastructure. To implement a sound security procedure and policy, their first analysis focused on identifying the vulnerability of your network security to either intentional or unintentional external/internal interference (Ewer, S., Nichols, R., Willis, H. 1993).

They added that they monitor and audit network events that may compromise the security. In general, any service that runs on servers such as e-mail server, file server, print server, database server or Web server, and engages in network dialogue with a client computer can be a potential security breach. To reduce this threat, TESA ensured that it monitors the network interactions of its server with other computers. Additionally, the server is logged every incident of access to sensitive data. TESA’s network administrator apparently routinely reviews the security logs to identify possible attempts to break network security. These electronic monitoring and auditing functions are readily available in most network operating systems like Windows NT, Windows 2000, Novell and Unix.

They have also installed a firewall or packet filters. As discussed earlier, a firewall is a system or group of systems that enforces an access control or communication policy between two networks. In principle, the firewall can be thought of as a security guard at the gateway to the network. This guard inspects the contents of every network packet that appears at their network’s gateway. A packet is a “container” holding information passing from computer to computer throughout the Internet or an individual network. Any packets that do not meet the predetermined requirements of the access control policy are rejected. Thus, their network is protected from unauthorized data.

Similarly, they have also controlled a dial-in access to their network. A frequently ignored security risk is dial-in access via phone lines. According to them a first step is to carefully determine who may dial in and what they may access. For increased security, you may configure your server to disconnect all incoming calls but to make return calls to pre-defined telephone numbers; this allows the server to control telephone connections. TESA also manages its internal network security (Team Estate Sales and Appraisals, 2007). They have realized that the share-level security supported by Windows 95/98 is generally inadequate for a business environment. User-level security implemented in Windows NT, Windows 2000, Novell and Unix offers much better security, because permission to access data and other network resources is granted on a user-by-user basis. The network administrator, in compliance with corporate policy, controlled what user groups (determined by function or need-to-know) have access to what information (Team Estate Sales and Appraisals, 2007). By associating each user name and its private password, attempts at improper access to network resources can be traced to specific users. With these operating systems, the network administrator also can enforce higher levels of security. As expected, they also utilize data encryption methods. The company while in transmission encrypts sensitive data over the network. Encryption works by encoding the text of a message with a key. Keys come in pairs, a public key and a private key (Team Estate Sales and Appraisals, 2007). The public key is widely distributed and used for encoding messages. The private key is held under the user’s control. When a person from the company needs to send a message to another person outside the company, they use the public key of the recipient to encode a message. The message can be decrypted only by the recipient’s private key. This prevents anybody from reading the company’s data even if intercepted during transmission. Any Web server that handles online transactions should implement encryption via use of Secure Socket Layer (Team Estate Sales and Appraisals, 2007).

Outline of Development/Uptake Challenges

Before we move on, let us discuss the standards that are the basis for communication. In June 1997, the IEEE (Institute of Electrical and Electronics Engineers) finalized IEEE 802.11, the initial standard for wireless LANs. This standard specifies a 2.4GHz operating frequency with data rates of 1Mbps to 2Mbps and the capability to choose between using frequency hopping or using direct sequence, two incompatible forms of spread-spectrum modulation. In late 1999, the IEEE published two supplements to the initial 802.11 standard: 802.11a and 802.11b (Electronic Frontier Foundation, 1999).

Like the initial standard, 802.11b operates in the 2.4GHz band, but data rates can be as high as 11Mbps, and only direct-sequence modulation is specified. The 802.1 la standard specifies operation in the 5GHz band using orthogonal frequency division multiplexing (OFDM) with data rates up to 54Mbps. The advantages of this standard include higher capacity and less radio frequency (RF) interference than with other types of devices (Electronic Frontier Foundation, 1999).

802.1 la and 802.11b operate in different frequencies, so they are not interoperable. They can coexist on one network, though, because no signal overlap exists. Some vendors provide a dual-radio system with 802.11a and 802.11b (Electronic Frontier Foundation, 1999).

The latest wireless standard is 802.11g, and (like 802.1 la) it provides data rates of 54Mbps, but (like 802.11b) it operates in the 2.4GHz range. The 802.11g standard is also backward compatible with 802.11b networks, providing a more cost-effective upgrade and rollout plan for organizations (Electronic Frontier Foundation, 1999).

To complicate issues, Europe has developed the HiperLAN/2 standard, led by the European Telecommunications Standards Institute (ETSI). HiperLAN/2 and 802.1 la share some similarities: both use OFDM technology to achieve their data rates in the 5GHz range, but they are not interoperable (Electronic Frontier Foundation, 1999).

Anyway, before the discussion goes further, the approval of the initial IEEE 802.11 standard back in 1997 spurred rapid growth in WLANs beyond the traditional, low-bandwidth vertical applications and into mission-critical general-office applications. In September 1999, however, 11-Mbps 802.11b standard was approved and the horizontal WLAN market achieved some impression of legitimacy, followed by rapid acceleration(Electronic Frontier Foundation, 1999).

Analysts have long anticipated the fever that surrounded WLAN. Yet with the success, according to Mathias (2003), WLANs are still not immune to the rip currents that pervade essentially ever high-technology market. He states the following observations:

(a) There is a constant demand in price and performance. (b) There is a need to deal with rapid technological change and continuing 802.11 evolutions. (c) Security. And, (d) there is a requirement to lower operational and other recurring expenses.

It comes as no surprise, then, that wireless-LAN vendors have been sparing little effort in building additional tools and now entirely new architectures to address the above needs. The primary goals today are to improve manageability, security and the costs of both equipment and operations. In short, what we are seeing is the result of a very natural evolutionary process, which is endemic to high technology.

Current Technical/Business Status (where relevant)

Wexler (2006) observed that the subject of 802.11 has created a controversy during the past year. Choices of controversy from whether municipalities which organize mesh networks have advantage over competing service providers, which are to them is unfair, to whether strangers who take undue credit on unsecured networks at home are assisting terrorists.

However, although WiFi has been phenomenal, market analysts feel a recognizable stillness before the storm. Wexler states the following reasons:

1. The current Wi-Fi base installed includes the older Aironet equipment of Cisco Systems. This equipment has individually managed, intelligent access points (APs) which are also called “traditional” or “thick” APs. A majority of the customers using these systems are just starting to learn the newer, centrally run (”thin” or “dependent”) APs, and the supplementary changed Wi-Fi architecture.
2. Dual-mode handsets that support both Wi-Fi and cellular voice calls before they make commitments to deploying voice over IP (VOIP) over Wi-Fi networks have been waited by mainstream enterprises
3. Recognized enterprise WLAN services are still catching up to technology advances of Wi-Fi, mainly in the security area

Wexler (2006) explains that despite the continuous development in the standards and product features, especially in the area ofdetecting intruders and prevention, that the WiFi industry makes, projects “can only move so fast”. She says that the mobility in wireless services have always been a must. This need for wireless mobility have set up trends in accordance to the voice over Wi-Fi. On the contrary, there has been sprouting security measures with regards to this uprising technology. Thereby, it makes it difficult for some to even avail of the said services. This is most accordingly hard for client with small handheld devices. All because of 802.11. There are no supplicants available for them yet.

She explains further that time will tell before masses who currently use Cisco customary dispersed APs go along with the trends, although the direction of Wi-Fi provisioning, administration and RF management is toward centralization. Also, she sees that not until devices that are converged supporting both cellular voice capabilities and Wi-Fi are available widely, mainstream enterprises will seem to be putting off huge promises to voice over Wi-Fi.

Moreover, Wexler (2006) says the general enterprise WLAN is in a bit being held until full 802.11e QOS-enabled implementations are available and Wi-Fi-certified, dual-mode phones are available in the market, deployment issues and interoperability associated with 802.11i security components get cleared up. It also becomes obvious if 802.11a is going to be a real network player ever, or will just be leapfrogged by 802.11n.

Any Other Relevant Topics

Korostoff (2004) seems to agree that WLANs still needs improvement. She states that:

“WLAN adopters are clearly committed to the technology, as evidenced by their plans to deploy to more end users and to add functionality. But what about the suppliers? Will the areas that need improvement be addressed?

There is plenty of reason to conclude that the answer is yes. Products from wireless specialist companies like Reefedge and Trapeze Networks are aimed at helping enterprises design and manage increasingly complex WLAN deployments, while industry leaders like Cisco and 3Com continue to introduce enhancements to their products. Since so many industry players see wireless as one of the few shining spots in the industry, you can be certain that R & D investments will continue.”

Conclusions

Although much of the publicity about network security has focused on the potential risks to consumers who use credit cards to make purchases electronically, payment fraud is also a major threat to Internet-based merchants (Murphy, 1998). Security threats not only consist of break-ins and technology disturbance, but also stalking, impersonation, and identity theft are serious issues that everyone should be concerned about (Janal, 1998). According to Udo (2001), computer hacking is another serious problem; it can be either a benign or a malicious activity. Moreover, fraudulent or non-creditworthy orders account for as much as one-sixth of all attempted purchases on the Internet (Udo, 2001).

The computer’s ability to gather and sort vast amounts of data and the Internet’ s ability to distribute it globally has magnified the concern of privacy and anonymity on the Web (Janal, 1998). Once an individual has ventured into cyberspace, it is hard to remain anonymous (Udo, 2001). According to the Electronic Frontier Foundation (1999), maintaining privacy is partly the responsibility of the user. EFF (1999) also provides ways to protect the user’s privacy online: do not reveal personal information inadvertently; turn on cookie notices in the Web browser; keep a “clean” e-mail address; do not reveal personal details to strangers or just-met “friends”; realise one may be monitored at work, avoid sending highly personal e-mail to mailing lists, and keep sensitive files on the home computer; do not reply to spammers, for anything; be conscious of Web security; be conscious of home computer security; examine privacy policies and seals; remember that you decide what information about yourself to reveal, when, why, and to whom; and use encryption.