security blanket

will enterprises find a comfort level with wi-fi voip?

WHEN COMPANIES DEPLOY WI-FI networks, even now, eyebrows go up and industry analysts mutter about security risks for corporate data. When companies add VoIP to the wireless network, the muttering becomes a din.

With wireless still not shed of its insecure image, the idea of adding voice to the mix appears to many to be dangerous, even preposterous. The security question is not simple, and equipment is evolving quickly to meet the dangers. Not only has the Wi-Fi community added new security to the 802.11 standards, but also vendors of Wi-Fi equipment have implemented other security features in their products to alleviate the situation.

In fact, VoIP over Wi-Fi already has been adopted widely in verticals, such as medicine. Major hospital complexes in Los Angeles, like UCLA Hospital and USC University Hospital, use voice over Wi-Fi to keep their far-flung staff connected and able to respond to emergencies. Sports teams, such as the Detroit Lions and the Dallas Cowboys, have also deployed wireless VoIP as part of systems for their offices in stadiums.

Major consumer retailer Best Buy has deployed a Wi-Fi network, not just in its stores but across its distributed corporate campus in the Minneapolis, Minn., area, and it is looking at putting voice on the network.

However, Jerry Brady, chief security advisor, Secure Software Inc., a developer of products to find vulnerabilities in software code, cautions there are still strong risks for large businesses that choose to go wireless, with voice or not. “Wireless gives pause, because you expose infrastructure that most firewalls are not ready to protect, exposing somewhat fragile components [of the network] to the public network, more so than with a wired network.”

Medicine “is a vertical where the usage of wireless voice makes sense,” says Brady. However, many other clients that he works with are giving a thumbs-down to using wireless networking at all, let alone putting voice on it.

Nevertheless, security for wireless VoIP will be an issue “as it has been for data, and there will be the same rules for wireless,” says Anshu Dua, senior analyst, who covers wireless technologies for Pyramid Research Inc. “You have to secure the data, so it’s not too much different from voice or data, because it is all packet-based.”

Among the issues involved in wireless networking is that it is difficult to know the physical location of an intruder, even a local one. “With wireless, the network is physically spread out, and you can’t do as much good monitoring,” says Brady.

Another issue is how to do operational monitoring, says Brady. “Wireless is not treated the same as the other borders of the network. The others have intrusion protection and good hygiene in general.”

A further danger to Wi-Fi deployments of voice is that they may not be as reliable as the wired networks are now becoming. “It is possible to bring down a wireless network with RF techniques,” Brady points out. RF interference is difficult to control because it can come from some distance and is not based on data. For example, wireless ISPs sometimes experience outages thanks to rogue FM stations.

Technology to monitor wireless access points “can cost more than the system itself,” says Brady. “Look at a product like Air Defense Inc. It requires its own hardware.” In general, wireless security equipment is “a lot heavier and harder and more expensive” than the systems themselves, says Brady.

Enterprises are unlikely to adopt wireless networks “if security costs more than network infrastructure, and an unauthorized access point can introduce a lot of cost,” say Brady. “On large campuses you might have to roll out a large number of security hardware systems.”

Several vendors have been taking steps to improve the security of WLANs in general and LANs carrying voice in particular.

“Almost all of the Wi-Fi vendors now support the security aspects of Wi-Fi,” says Dua. Further, “almost all Wi-Fi vendors now have intrusion detection of rogue access points that employees may put in.” The issue of rogue access points is common for enterprises. Often, if there is a corner of the office that is not reached by the wireless network, an enterprising employee will go out and buy a $50 access point and wire it into the LAN. However, that access point will not have the security features of those deployed by the company.

To combat that, vendors now offer access points especially for detection of rogue access points. Or vendors will build two radios into an access point, one that does transmission of data and another just to detect rogue access points.

Share this article: Email, Slashdot, Digg, Del.icio.us, Yahoo!MyWeb, Windows Live Favorites, Furl
Add this article feed to: RSS, My Yahoo, Newsgator, Bloglines