Keeping wireless networks secure
Security is a growing concern on all industrial networks, whether wired or wireless, but because wireless data travels over the air, it leads to special concerns. There is always the question of, "Is my information really secure?" or "Is this as safe as a wire?" A wireless network can be just as secure as wired networks by taking the right considerations in the planning stages of the system to make it as secure as possible.
Build a secure wireless network
When considering a wireless platform, it is important to look at all aspects of the product, not only for security reasons, but also for the flexibility, the function, and the future expandability of the product. The accessibility to a wireless network changes, depending on if the system is based on a public or proprietary standard. Public wireless standards, such as Wi-Fi or Bluetooth, operate on open standards that are publically available. A simple Google search on hacking a Wi-Fi network can turn up millions of results.
Proprietary wireless systems, which only communicate with other devices from the same manufacturer, have a built-in layer of security. It is more difficult for an intruder to learn the technology behind these devices because third-party devices do not connect to that particular network.
In many applications, however, a public wireless network is a better fit, due to backward-compatibility or interoperability. Because these technologies are public, they are widely understood and easy to install. One Wi-Fi network can have multiple devices from different manufacturers that can communicate with each other. However, the "widely understood" part can be a disadvantage if somebody has bad intentions. Still, by choosing the proper technology and applying smart installation practices, threat of unwanted network traffic can be minimized.
Improve wireless security
1. Encryption—Encryption takes network data and uses a key to make the data unreadable as it travels the network. If somebody is "eavesdropping" on the network, the intruder will not be able to make sense of the information. There are several different levels of encryption, including wired equivalent privacy (WEP), wireless protected access (WPA), and WPA2.
WEP and WPA are easy to hack. WPA2 uses an Advanced Encryption Standard (AES) for encryption, providing the highest level of protection for a wireless network. Even WPA2 has the potential for intrusion today, but combining it with other best practices can lower the risk.
2. Authentication—Authentication defines all of the people on my network and what level of access they have. It asks, "Are you supposed to be on this network? If so, at what level are you permitted to communicate?"
Access levels can range from allowing users to have full access to a network, to allowing them to only have access to one specific device. An example of this is setting up a guest and a production network. The production network would be where all the confidential information is stored, and only certain users have access to it. The guest network would be open to all users who want to access it.
3. Common sense best practices—Even if a wireless network has the highest levels of encryption and authentication, it can still be unsecure. Taking a defense-in-depth approach to an entire network-the wired and wireless sides-means implementing steps such as:
- Limiting transmit power: Consider the environment and application where the wireless system is being used. Most wireless devices allow the configuration of transmission power. If the application is short-range, consider turning down this setting so the network identification (ID) is not visible past the areas required.
- Installing firewalls where necessary and taking other steps to limit network access: Most wireless devices are strictly a conduit for data. Although some do have some firewall and routing functions, many just provide an avenue to pass data. Securing a network via a hardware firewall device on the wired side of the main wireless device will allow another layer of security if someone can access the wireless or wired network at a "remote" location.
- Strong policies about passwords and thumb drives: The integrity of any wireless system is only as strong as the policies implemented to protect it. Implementing requirements for strong passwords (not using "password," the system’s default, or your dog’s name as your password), requiring periodic password changes, and restricting access to physical ports on networked devices are a few things to consider.
- Good communication between IT staff and plant staff: As devices become connected, so too, do the plant floor and the information technology (IT) groups. Constant communication between the two, so that both groups know what is going on in the respective areas, will make a more smooth integration between groups. For example, if the plant staff wants to install a Wi-Fi system in a warehouse, IT can let them know what channels may be free so that communication is as reliable as possible. It’s also important to communicate when personnel changes, so the policies for that user change as well. If an employee leaves the company, it is critical to change the network passwords as soon as possible to avoid unwanted access from outside the company.
Consequences of an industrial network breach can include downtime, loss of production, environmental problems, and damage to corporate image. Taking the time to consider options and make decisions that make the network as secure as possible are important. Most manufacturers provide training, technical support, and white papers on wireless products to review available security options. Now is the time to ensure industrial networks are prepared for the next threat.
- Encrypt wireless communications
- Authenticate who is on the network and their levels of access
- Use common sense.
The integrity of any wireless system is only as strong as the policies implemented to protect it.
See related stories on wireless security linked below.