Wireless Security: Keeping The Network Under Wraps

Cyber-intruders can access sensitive data with simple, off-the-shelf technology. But common building materials and strategies can help foil would-be eavesdroppers.

By Stormy Friday  

There is a new and important security threat looming. With a trusty laptop and publicly available electronic devices, anyone can eavesdrop on a vulnerable building. Sound far-fetched? Not really.

A 2005 U.S. General Accounting Office (GAO) study group gained access to more than 1,000 public and private wireless area networks (WLANS) with a common network scanner simply by driving around a 15 block distance in Washington, D.C. The report says that the two biggest reasons for their success with this type of eavesdropping are signal leakage and insecure configurations. The risk is significantly greater in major metropolitan areas where large corporate headquarters buildings often are located.

A WLAN is basically a radio frequency (RF) transmitter or access point that services a number of client terminals (computers). Generally, a WLAN can broadcast as far as 1,500 feet. IT departments usually want to make sure the farthest client terminals have strong signal reception. Depending upon placement of the WLAN access point, a client 1,500 feet away may receive the signal, but the signal itself also may be broadcasting 1,500 feet outside the building, making the signal available to the public. Managing the signal strength really involves maintaining the signal for minimum leakage outside the organization’s premise and ensuring signal strength is unavailable to unauthorized users.

Additional Threats

RF signal leakage isn’t the only threat to electronic information security. Consider this scenario: a tenant’s IT department is experiencing an inordinately large failure rate on the servers that process critical business functions. The only reason the facility executive knows about it is because of a conversation with a colleague in the IT department. Interestingly enough, the facility executive then finds out the tenant’s insurance company will not cover any losses to business associated with these IT failures because of an exclusionary clause that bars coverage of events resulting from electromagnetic interference (EMI).

The issue here involves a high level of electromagnetic energy (measured in volts/meter, or v/m) in the building environment, induced from an external source. The problem is exacerbated because there is no standard requirement for “hardening” IT equipment from EMI. Most commercial approaches to hardening IT equipment involve 3 v/m to 10 v/m, depending on the equipment. Recent lab testing, however, has shown that a commercially available computer can fail at 17 v/m.

How can a facility executive address these risks? The simple answer is to first assess the situation and then select building materials or improvements that can provide an RF barrier as a skin on the structure itself to minimize WLAN signal leakage and EMI effects. It might come as a surprise to learn that many common building materials provide a level of RF-barrier functionality. For example, foil-back drywall, certain window films, low-e glass and pane-poured flooring all contribute to building an RF barrier. The course of action might include:

  • Understanding and documenting the local surrounding environment (transmission towers, loading and usage, etc.)
  • Understanding and documenting the customer’s requirements (WLAN, all IT equipment and criticality)
  • Using a qualified firm to perform an assessment to look at existing RF barriers in addition to field EM testing or theoretical calculations
  • Identifying and deploying materials to ensure the building has an RF barrier
  • Taking measures to counteract the problem and verifying the effectiveness.

On both the domestic and global fronts, momentum is growing to safeguard the confidentiality of critical information by way of architectural RF shielding techniques. There are several reasons for this development:

  • IT administrators need to supply strong signals to all clients without the fear of broadcasting excessively into the public domain.
  • Companies are interested in monitoring and reducing insurance premiums relative to e-risk insurance by taking preventive measures.
  • Electromagnetic pulse (EMP) devices used for eavesdropping are portable and less expensive, thus becoming increasingly available. Building or modifying buildings to withstand EMI can be a very attractive selling or leasing point for prospective owners or tenants who have mission critical information that can’t be leaked to the public domain.
  • Both public institutions and corporations can decrease their susceptibility to attack by using eavesdropping countermeasures to manage signal leakage. The latest Department of Defense reports state that more than 200 countries have the capability to eavesdrop using spurious RF transmission from the target. Providing an RF barrier or skin is one way to help prevent this from happening.

Stormy Friday is president of The Friday Group, a facility management consulting firm specializing in organization development and re-engineering, strategic sourcing alternatives, and customer service and marketing strategies.

Contact FacilitiesNet Editorial Staff »

  posted on 1/1/2006   Article Use Policy

Related Topics: