Assess and Audit Your Enterprise Wireless LAN (WLAN)

The growth of wireless in today’s corporate environment marches hand in hand with the entry of millennials into the job market.  They are plugged in, connected and looking for the same thing in their work area.  Access to wireless in today’s network environment is a basic requirement if you want to attract the next generation of employees.  Assessing and managing the security of that wireless network becomes absolute and not optional.

You may have heard about the Pringles can antenna aka “cantenna”. Used to pick-up the broadcast area of wireless networks.  There’s also software that runs on smart devices and laptops that can sniff out open and available wireless networks.

Not only do we need to assess the current state of our wireless environments regularly, we need to maintain it. Many, if not most organizations think that once deployed a secure wireless infrastructure will stay that way.  Humans, the administrators of these systems make mistakes. Maybe we replaced a faulty unit and forgot to secure it properly. Employees or even consultants bring wireless access points (AP) into a company so they can work as a group in a conference room or to get access where there is no wired access by plugging an AP into the corporate network.

The primary reason for the increased scrutiny of the state of your WLAN is not a change in purpose but rather a change in user behavior – the growing trend of using Wi-Fi equipped personal devices in the workplace known as Bring Your Own Device (BYOD). With the wide scale adoption of smart phones and tablets for accessing content anywhere and at any time, employees are using their personal devices in the workplace not only for personal use but also for accessing corporate resources.

Mobile Malware is an Exponential Threat, it crosses platforms (Mac, Android, Windows) and is limited only by existing technologies. An infected device means that malicious code may have the ability to bypass the traditional security defenses of the company because it enters via a trusted resource. Users, who do not adhere to company guidelines for using BYOD expose vulnerabilities in your company infrastructure that can lead to disaster in the face of trojans, worms and viruses.

While on the surface BYOD might seem to promote productivity, there are many challenges with the use of personal devices in the workplace. User’s either accidently or purposely become bandwidth hogs (streaming hi-def video, downloading files) perhaps impacting a major financial services update.  Employees setting up personal file sharing sites open your company up to copyright lawsuits if they share or park someone else’s data on your network.  Your company now may have unintentionally assumed the risk of having proprietary or customer data on personal devices.

Users accessing their favorite applications from their own devices while at work, can lead to lost productivity. The problem is not limited to personal devices, company supplied devices are equally at risk. Trying to limit or outright forbid the use of mobile devices, whether personal or corporate, is ineffective. With that in mind there is an urgent need for a wireless strategy that can address the security problems posed by BYOD, while being affordable for the small and medium enterprise and yet still meet the security requirements of the large enterprise.

Start with the mindset that there is ONE company network, regardless of how users are connecting, i.e., wired, wireless or remote access.  Governing that ONE network is a single, comprehensive security structure with a common set of rules and policies that determine user access. Use processes and tools to assess, monitor and alert to any suspicious wireless activity.  There are many companies that offer solutions for proactive wireless security management.  These solutions can be installed and deployed far cheaper than an incident and cleanup will cost you.

The concept is to deploy sensors or intelligent access points in various areas of your company so that you have full coverage of the location not just where you have wireless deployed, but even the parking lots. The reason for this is to cover anywhere someone can install a rogue AP. By monitoring the total space, you know not only all the legal access points, you will see any rogues and all clients that might be attempting access, by accident or on purpose.

This allows you to define what is “normal” and then watch for unapproved hardware and software. Scanning the wireless space within range of the sensors causes an alert and even allows you to roughly identify where the alert occurred.


Even if you have a proactive wireless security management solution in place. Knowing how you look from a hacker perspective can be beneficial.  Many free hacker tools used responsibly allow you to look at the network in the same way a hacker would.  Performing such a manual wireless site assessment can act as backup and validation that your automated checks and balances are doing their job. Security becomes part of the solution and not an add-on or after thought.

There are two types of assessment techniques used to assess a wireless network.

  1. Manual
  2. Automated Assessment

These two assessment techniques have far different approaches and results. A manual assessment is a moment in time. An automated assessment is ongoing, monitoring the environment for any changes, additions or suspicious activity and alerting when detected.  The risks associated with having an insecure wireless network in your environment require that both methods be used to monitor the security of your wireless environment and ensure it stays that way.

Manual Assessment

A manual assessment uses typical tools like NetStumbler, MiniStmbler, WiFiFoFum, AirSnort, and commercial tools like AirMagnet. Manual assessments are used to check the status of a wireless environment and to verify that an automated process is working. These assessments are tactical in nature as they are performed infrequently and are only good for the moment they are used. After all a rogue AP could be installed the next day and no one would know until the next manual assessment.)

A manual assessment is best used to validate the current state and/or verify that an automated process is working. The findings from the initial manual assessment can go a long way to providing the ammunition you need to convince your CEO or Board that a total strategy is needed.

Automated Assessment

An automated assessment as the name implies is an assessment that is working all the time, watching the wireless environment for any changes or suspicious activity. The goal of the automated assessment is to ensure that once you deploy a secure wireless solution, it stays that way. Anything outside the norm will alert the appropriate personnel that suspicious activity is occurring.  This helps protect your company from accidental exposures or focused attacks on its wireless environment.

With the growth of BYOD, it is in the best interests of every enterprise large or small to ensure that it has a comprehensive security strategy that incorporates the entire network. This begins with the detection of rogue access points, and other kinds of wireless intrusions. It must then provide a secure and robust mechanism for legitimate wireless usage.  That mechanism should employ policy, training, hardware and/or software solutions which work together. Beginning with the concepts of detection, and policy enforcement and ending with that awesome new office bingo phrase “Continuous Monitoring”.

Wireless infrastructure is a lot like a plant, it requires care and feeding and occasionally some pruning to become robust and practical. It is the reality in today’s workplace, employees want it, vendors may need it, if you want to be competitive you need to provide it.

Gene Erbacher, CISSP

Wright State Research Institute
4035 Col Glenn Hwy
Beavercreek, OH 45431

(937) 705-1059


  1. NIST, Special Publication 800-48, “Wireless Network Security – 802.11, Bluetooth, and Handheld Devices”, 2002
  2. Center for Internet Security, “Wireless Networking Benchmark (version 1.0)”, April 2005
  3. SANS Institute, “Enterprise Wireless Security Audit Checklist”
  4. US Cert, “Using Wireless Technology Securely”