Safeguards Over Wireless Networks
Joel G. Siegel, Marc H. Levine, and Roberta M. Siegel
business with a wireless network must make certain that
the integrity of data transmission and data files on it
is assured. A detailed analysis of the security features
of the wireless network is crucial in the evaluation and
audit of any company and in an assessment of controls in
the accumulation, processing, and reporting of financial
fidelity (Wi-Fi) uses a radio signal to connect to an access
point (AP or “hot spot”) that is linked to the
Internet. An AP is a device that serves as a bridge between
a wired and a wireless network. The term may apply to either
a stand-alone AP or a router with a built-in AP.
throughput of a wireless network depends on numerous factors,
such as how a building is constructed and how far the wireless
client (e.g., a notebook PC) is from the router (e.g., the
base station) or the wireless AP. Attaching an antenna will
extend the wireless range (coverage area) and improve the
quality of the signal.
are several options for connecting desktops to a wireless
network. An expansion card with an external antenna is commonly
added to a PC. An external USB device may be better, however,
because it can more easily be moved for improved reception.
Many users prefer to purchase the router, access point,
and wireless cards from the same manufacturer.
are currently three types of wireless standards: 802.11a,
802.11b, and 802.11g. 802.11a operates in the 5 GHz radio
spectrum; 802.11b and 802.11g operate in the 2.4 GHz band.
802.11a allows more channels (12) than does 802.11g (three).
As a result, 802.11a is more suitable for large-scale company
installations. As the number of channels increases, there
is a higher density of users per AP in a given space. 802.11a
supports data rates up to 54 Mbps; 802.11b supports data
rates of 1, 2, 5.5, and 11 Mbps; and 802.11g supports data
rates up to 54 Mbps.
and 802.11g products share the same signal modulation approach,
referred to as orthogonal frequency division multiplexing
(OFDM). 802.11b products use a less efficient technique
called direct-sequence spread spectrum (DSSS), giving it
a lower throughput.
was approved on June 12, 2003, by the Institute of Electrical
and Electronics Engineers (IEEE), an organization that establishes
computing and communications standards. This standard enables
the connection of more computers to an AP and makes it easier
to transfer larger files. 802.11g has data rates higher
than 802.11b, but similar to 802.11a.
is about five times faster than 802.11b and has a much better
throughput. Typically, an 802.11g product can accomplish
a throughput of 15 to 20 Mbps within 60 feet of the AP.
On the other hand, 802.11b products can achieve only 6 Mbps
at this distance. Note that the throughput of 802.11a is
similar to that of 802.11g, but at significantly reduced
advantage of 802.11g is that it is compatible with 802.11b,
allowing both clients to share the same wireless network.
802.11g performance declines, however, when 802.11b clients
are part of the same network. Some products have a “g-only”
mode that enables maximum throughput by excluding 802.11b
clients from the network.
(also referred to as WPA2) is a proposed IEEE standard that
would provide greater security features—including
stronger hardware-based encryption technology—to wireless
local area networks. It will, however, require significantly
more processing power. The standard is expected to be finalized
and ratified by mid-2004.
is another proposed standard expected to be approved in
the short term by the IEEE. 802.11e defines quality of service
levels for data, voice, and video transmitted over a wireless
network, considered important for providing services such
as telephony and videoconferencing.
over wireless networks can be intercepted by any suitable
device within the transmission radius. If a network intruder
is able to attach to an unsecured AP, she can get access
to the wireless network and the Internet connection.
control (MAC) address filtering can be used to limit access
to only identifiable network cards with approved MAC addresses.
A MAC address is a hardware code unique to each PC and network
device. This system is not foolproof, however, because MAC
addresses are broadcast in the clear, so an intruder may
be able to spoof them.
is used to ensure that only authorized receivers can understand
transmitted data. Typically, a key is required to encrypt
and decrypt information. WPA is an encryption security standard
for wireless networks. WPA addresses many wireless LAN vulnerabilities
and significantly enhances security in a mixed-vendor environment.
TKIP is an open protocol designed as an element of the 802.11i
standard. TKIP includes a rekeying feature, a message integrity
check, and packet key mixing. WPA is an industry-supported
subset of the proposed 802.11i specification using TKIP
and 802.11x authentication. It is designed to be forward-compatible
works as follows: When a client card attempts to access
the AP, the authentication server checks the user’s
credentials before permitting access. After approval, the
server generates a 128-bit master session key so the user
can join the wireless LAN. A key management mechanism is
established by WPA to automatically produce a different
key for every transmitted packet.
examining LANs, one should determine the existence and strength
of important security features, such as 802.11x authentication,
proprietary encryption/authentication, access control lists
based on MAC addresses, WPA encryption, and options for
closed (hidden) networks (nonpublic SSID). In the event
that a company already has a virtual private network (VPN),
APs should be placed outside the firewall, and VPN software
on client stations should be used to tunnel into the network.
Even if the network has implemented WPA, VPNs are an important
complement that can achieve security when workers access
the company’s network from less-secure public access
the future, there will be advanced standard-based wireless
technologies beyond 802.11, such as the 802.16a standard,
which will apply to metropolitan wireless networking in
the 2- to 11-GHz spectrum (see the Worldwide Interoperability
for Microwave Access trade alliance at www.wimaxforum.org/home).The
next generation of Wi-Fi wireless networking—expected
in 2005–2006—is the 802.11n standard, which
will have speeds between 108 Mbps and 320 Mbps.
G. Siegel, PhD, CPA, and Marc H. Levine,
PhD, CPA, are computer consultants and professors
of accounting and information systems at Queens College. Roberta
M. Siegel is a computer consultant.