Safeguarding Wireless Communications
Protecting wireless nets isn’t difficult, but it takes additional security steps.
Over the past few years, wireless communication systems have proven they can be reliable in harsh industrial environments, sparking solid growth. This popularity has unfortunately attracted the attention of hackers and other intruders, bringing the issue of wireless security to the forefront.
There are many reasons to add wireless to a facility’s networking scheme. One of the most important is the low cost of installation, particularly for the majority who use a variation of IEEE 802.11, commonly called Wi-Fi. Routing cables is a pricey undertaking, one that can cause significant disruption.
With wireless communications, nodes can be located almost anywhere without concern for where wires may run. Another benefit is that users can quickly set up temporary nodes when they need to closely monitor a specific machine, for example.
But when companies adopt wireless links, they need to take a fresh look at security issues. Using wireless standards brings a few more security concerns, though many of the steps used to safeguard wireless technologies are similar to those used for wired schemes.
“Wired and wireless networks can co-exist, but you need to separate wired networks from wireless, just as you separate plant floor networks from the enterprise,” says Marty Jansons, Networking Consultant for Siemens Industry Inc.
Companies can also segment networks, he added. Segmenting the network into zones or cells provides the ability to quarantine should unauthorized access or virus affect a targeted system.
First steps
One of the first steps any group needs to take is to perform a site survey to determine what wireless networks are already in place. Wireless networks in the company’s business offices should be examined to ensure that there aren’t any potential conflicts or unwanted openings. This survey will also detect any neighboring networks that could impact either performance or security. Potential signal dropouts and other communication problems are often detected in these site surveys.
Even when popular standards like Wi-Fi are used, plant managers can still isolate their networks by using ruggedized hardware that’s not compatible with mainstream consumer equipment. Many industrial networks use versions of Wi-Fi that aren’t the same as those used in home and office environments. Their industrial nodes transmit on different frequencies to provide security, blocking intruders who have conventional notebooks.
“Most notebooks use 802.11g, which broadcasts over a 2.4 GHz frequency. IEEE 802.11a is used a lot in plants. It can run at 54 Mbits/second on a 5 GHz frequency,” Jansons says.
While this sort of incompatibility brings a fair amount of protection, it’s not an indicator of any shift away from the trend to compatible standards. “Everyone wants to use IEEE standards. Not many customers want to get locked into a proprietary wireless network,” Jansons says.
Though this little-used frequency can prevent outsiders from getting in, plant managers can communicate with both 2.4 and 5 GHz devices if they want. Modern equipment can handle either multiple or single frequencies. “We have antenna that support all the current 802.11 standards. Clients can also get antenna that only talks on one channel,” Jansons says.
Workable strategies
Most managers will want to encrypt at least their most critical data. Many companies encrypt all communications, making it difficult for unauthorized people to monitor or pirate communications. “Once you create a secure wireless infrastructure, you’ll want to lock it down,” Jansons says.
There are a handful of viable encryption techniques. Some of the most common schemes use the Advanced Encryption Standard (AES) standard. It’s a symmetric-key scheme with various key sizes. Users will have to pick one protection level from the three current offerings, which use key sizes of 128, 192 and 256 bits. Larger key sizes provide more protection, but take a bit more computing power to run.
One of the alternatives is the Temporal Key Integrity Protocol. TKIP was developed for use with Wi-Fi. It is an upgrade over the popular WEP approach, providing more security than that earlier encryption scheme.
Users can also thwart intruders by frequently changing their encryption keys regularly. This is another basic decision that will be determined by the potential for problems. Some companies change keys daily, while others alter their encryption keys every week. Still others make changes only when key personnel leave.
Many of the factors in wireless security are similar to those used in wired networks. Passwords are an important tool. Only certain IP addresses can be allowed, all others will be blocked.
Limiting wireless access to certain IP and MAC addresses will block authorized personnel when they’re not logging in from remote sites such as trade show hotels. But there’s a secure way for them to gain remote access. Virtual private networks can provide secure access so maintenance personnel can log in remotely without compromising security.
While many technical aspects will help provide many layers of protection for wireless networks, experts around the globe note that the human side can be just as important. Employees need to go through some training so they understand the need for vigilance and know what steps they’re expected to take.
These steps range from basics like not pasting passwords on their monitors to more unusual defenses such as not plugging in USB memory sticks they find laying around. With wireless communications, there’s more of a need to ensure that any computer connected to the network is uninfected, showing no signs of malware or viruses. Addressing both human and technical aspects are necessary steps towards securing any type of network. A few extra steps are needed for wireless, but most users feel the additional steps are well worth the benefits they receive.
Have an Inquiry for Siemens about this article? Click Here >>
[...] has an article on Safeguarding Wireless Communications with a focus on 802.11. One of the highlights is to use 802.11a because it is rarely used any more. [...]