Broadband wireless networking has become a technically feasible alternative for enterprise-wide IT systems. Compared to traditional wide-area networking, it offers an increasingly flexible and cost-effective approach. Plus, the costs for the deployment of broadband wireless systems are on the decrease. Meanwhile, speeds are rising to near-gigabit performance. Now, broadband wireless stands toe to toe with wireline networking. This technology is capable of making today's enterprises swifter and more agile.

Wireless networking, like its wired cousin, isn't without its challenges. The "air" that's traversed by wireless-network data is inherently unsecured. Network managers and their security-management peers therefore face important enterprise issues that must be addressed. Such issues include information protection, confidentiality, and authenticity between trusted networks.

The advantages of wireless wide networking include quicker installation cycles, operation in geographically troubling areas, reduced operating cost, and—typically—better overall performance. These strengths create the flexibility that's needed to make networking changes while avoiding the logistical and costly roadblocks that prevent traditional wired networking. This point is especially valid in cases that involve older or leased buildings as well as areas where laying cable is neither cost effective nor feasible. Aside from flexibility, a wireless-networking solution boasts a much faster implementation time. It can run days instead of months.

These advantages bestow a number of direct business benefits upon today's enterprises. They provide lower labor and implementation costs along with increased workforce productivity. In addition, consider the agility and flexibility that wireless networking offers. In many ways, it begins to look like a first-choice networking option.

Yet even though wireless enables significant productivity-enhancing and cost-cutting potential, the issue of security still looms. In general, network and security managers must keep unauthorized individuals from gaining access to confidential or critical business information. Wireless networking adds another wrinkle: the physical space in which unauthorized activity can affect the network.

For wired networks, that space is restricted to the physical office space. That's where the network sits and the data traverses wired lines. For wireless networks, that space expands geometrically to anywhere that the wireless signal can be intercepted. A significant additional risk is placed on those network and security managers who manage wireless wide-area networks for their enterprises.

Each year, billions of dollars are spent on storing mission-critical data, managing disaster-recovery scenarios, securing intranets, and restricting access to important IT assets. In spite of this vast expenditure, relatively little thought is given to what happens to the network data that's in motion between enterprise offices. Such data is on its way to a client, partner, or another trusted network. Whether the "line" is wired or wireless, data passing unencrypted across a network is neither secure nor protected.

Increasing this risk are some fundamental misconceptions in today's network-security market. These misconceptions involve a variety of questions, such as: Is a wireless wide-network system protected from eavesdropping or data manipulation? Are virtual private networks protected from unauthorized access? Do firewalls and intrusion-detection systems do anything to protect network data in transit? The answers to these questions offer a peek into the soft underbelly of virtually all current, unencrypted wireless-network systems.

WIRELESS MISCONCEPTIONS
Three major misconceptions about wireless-network security are listed below. See if any of these situations rings true in your enterprise:

• Misconception #1: "Our point-to-point wireless system is safe. Only our enterprise is aware of the network connections." While most wireless-networking systems have basic proprietary security protocols, no sophisticated standard exists to enforce the overall protection of the payload and headers while the data is in motion. Additionally, the wireless-network architecture influences the probability of theft. The size of the spectrum varies according to distance and location. As a result, transmission paths are vulnerable to unscrupulous individuals. Such thieves often employ sensitive "listening" equipment to intercept the data.
• Misconception #2: "Our VPNs are secure." No network is truly secure if data can be interpreted by anyone who manages to intercept it. VPNs do provide logical traffic-separation techniques while ensuring quality of service. But they fail to protect the data once it's actually in transit. Truly secure private networks require the use of data encryption, such as the Internet Protocol Security (IPSec) protocol. This protocol makes data useless to those who don't have the key to decode it.
• Misconception #3: "Our system has a firewall. We're already protected." Firewalls are excellent for their purpose, which is to keep unauthorized users and hackers out of an organization's secure intranet. But they don't protect wireless data once an intruder has gained entry. Firewalls and intrusion-detection systems can prevent a threat to a network. But they cannot protect the data once it has entered the trusted environment. Broadband wireless networks exist behind the firewall. By supplementing an existing firewall with an encryption appliance, one can improve both the performance and the security of any intranet.

ENCRYPT EVERYTHING
The security gap that's created by these misconceptions makes it necessary to look at wireless-network security from a new point of view. No one can be certain that unencrypted wireless data is secure. Billions can be spent in time, effort, and money to achieve "secure" wireless systems. Yet network and security managers may be overlooking another option at their disposal: They can make the data on their lines useless to anyone outside the organization. It's one thing to know that your data is safe behind your enterprise doors. But it's quite another to transmit that data back and forth unsecured.

IPSec encryption eliminates the need to trust standard network components for complete security. Basically, IPSec is the encryption of traffic on an Internet-protocol (IP) network. It provides a simple and cost-effective solution for many of the security deficits that are found in today's broadband-wireless-network traffic. IPSec encryption promises to bestow the essential elements of confidentiality, authentication, and integrity upon secure network data traffic.

Encryption isn't new. Numeric encryption has been around since the ancient Greeks. Modern encryption systems had their beginnings when the telegraph and radio brought electronic data transmission into play. The transmissions created the need to keep that data secret from those who might listen in.

In the 1970s, the Data Encryption Standard (DES) algorithm was introduced. This standard broke data into pieces and then encrypted and decrypted each piece. It used a 56-b key to perform mathematical transformations on those pieces. DES was widely used until computers became powerful enough that a brute-force method became possible. Then, people simply applied all of the possible keys to decrypt the data.