Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Survey on Current Practices

Survey on Current Practices

Ratings: (0)|Views: 19|Likes:
Published by rajunair

More info:

Published by: rajunair on Mar 26, 2009
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Volume VIII, No. 2, 2007 379 Issues in Information Systems 
Ruidong Zhang, University of Wisconsin – Eau Claire, zhangr@uwec.edu
Julia Welch, Sentry Insurance, Wisconsin
Wireless networks, based on IEEE802.11x family of standards, have been deployed asan extension to the wired networks in manyenterprises. It has been seen the widespread use of wireless networks in hospitals,universities, airport, hotels, restaurants,libraries, warehouses, factory floors, and convention centers. However, it is unclear what applications are run over wirelessnetworks, and whether these wirelessnetworks are being used for mission criticalapplications or just for casual convenient  Internet access; most importantly, how thewireless networks are secured, what security protocols or technologies are used to protect information transmitted across wirelessnetworks. The purpose of this study is toconduct a survey to understand the current industry practices in using wirelessnetworks and wireless security management.
WLAN security; WLAN industrypractice; Enterprise WLAN security
Wireless networks have been deployed as anextension to the wired networks in manyenterprises. It has been seen the widespread useof wireless networks in hospitals, universities,airport, hotels, restaurants, libraries, warehouses,factory floors, and convention centers. Forexample, Cisco provided WiFi coverage acrossthe 46 floors of the Hearst Midtown Manhattantower -- a gross area of 856,000 square feet intotal -- with over 288 thin access points installed,covering 2000 employees [2]. In this study, wedefine wireless networks as networks built withIEEE802.11a, IEEE802.11b, IEEE802.11g, orIEEE802.11n access point technologies. Thesewireless networks may cover from a spot (hotspot) to a campus (hot zone).There are still a lot issues that hinder theenterprise use of wireless technologies, such assecurity issues, appropriate applications,connection stability and transmission capacity. Astudy by Internet Security Systems (ISS)identified the following security problems relatedto WLAN implementations [1]:
Insertion attacks
Interception and unauthorized monitoring of wireless traffic
Client-to-Client attacks
Brute force attacks against access pointpasswords
Encryption attacks
MisconfigurationsAnother study has demonstrated that a 104-bitWEP key used by WLAN WEP protocol can becracked using less than 40.000 frames with asuccess probability of 50%, and in order tosucceed in 95% of all cases, 85,000 packets areneeded [3]. With a free network Sniffer such asEthereal, it is easy to capture thousands of packets in minutes.These security concerns effectively limit the useof WLAN technologies in mission-criticalbusiness applications. For example, ISSsuggested in the same study that wirelesstechnology will complement wired connectivityin enterprise environments for a foreseeablefuture [1]The purpose of this study is to understandcurrent business practices with respect to WLANdeployment and security management. Theoverall research methodology will be aquestionnaire survey of companies that mighthave a wireless network deployed. Fivehypotheses were made to be tested by the datacollected. At the time this paper is written, somepreliminary data have been collected. It isexpected that the conclusions drawn in this studycan help us understand how wireless networksare being deployed, managed and used in whatareas, meanwhile offer perspectives that willhelp the design and development of wireless
A survey on current practices in enterprise Wireless networking and security management Volume VIII, No. 2, 2007 380 Issues in Information Systems 
networks in more organizations,
The research methodology was a questionnairesurvey mailed to about 200 organizationsnationwide. The followings describe the researchmethodology in detail.
Creating a database of companies.
Currently, adatabase of over 400 corporate contact addressesand information have been collected, includingsome Fortune 500 companies and someuniversities. This database is expected to beexpanded to include 1000 more organizations.
Hypotheses Development.
Research hypotheseswere developed based on our understandings onindustry practices
These hypotheses arepresented in the next section.
Survey instrument development.
A samplesurvey form has been developed for this study.See the survey form enclosed. The surveyinstrument has been pilot tested and will befurther revised.
About 100 companies were randomlyselected from the database. The questionnairethen was mailed to these companies ororganizations.
The following hypotheses have been developedbased on above discussions:H1: IT-related businesses are more likely to havewireless networks than other types of businesses.H1a: Financial Services would be least likely.H2: The main concern in deploying wirelessnetworks would be security concerns.H2a: Those wireless networks that have APself-broadcasting feature enabled would beless likely to have encryption implemented.H3: An important consideration in enterprise useof wireless networks is whether the wirelessnetwork is used for business or for non-businessactivities.H3a: Many companies will prefer to deploy awireless network for non-critical or non-business applications.H4: If an organization wants to restrict network access, it would be more likely to have one ormore authentication methods implemented.H5: If a business was monitoring its wirelessusage, it would be more likely to track thewireless users.H5a: A wireless network should have securityequivalent to wired networks to be consideredfor critical business applications.
The survey were mailed to about 100organizations and 18 valid responses received.The following tables are preliminary analysis of data collected.
Company size vs. response rate
# of employees # of respondentsLess than 100 0100 500 2500 1000 11000 5000 5Over 5000 9
A survey on current practices in enterprise Wireless networking and security management Volume VIII, No. 2, 2007 381 Issues in Information Systems 
Company size vs. WiFi deployed 
# of employees WiFi No WiFi100-500 1 1500-1000 0 11000-5000 3 2over 5000 9 0
Type of industry vs. Wireless Deployment
Type of industry
have WiFi no WiFi avg # APsfinancial services 1 2 33higher education 2 1 44oil and gas 1 1 10manufacturing 7 0 64wholesale/retail 2 0 12
Type of industry vs. Wireless Use for Business Applications
Type of industry
Business non-bus bothfinancial services 0 0 1higher education 1 1 0oil and gas 1 0 0manufacturing 7 0 0wholesale/retail 1 0 1
Self-broadcasting off vs. encryption implemented 
AP Broadcasting Encryption no encryptionon 1 0off 12 1
 Access Restriction vs. Authentication Implemented 
Use Authentication use restriction no restrictionYes 7 3No 2 2
WLAN monitoring vs. User Tracking
WLAN monitoring
user tracking user tracking don't knowYES 6 1NO 2 3From the above data collected, the followingObservations can be made:
Out of 18 respondents, 14 had WLANdeployed.
Most of responses came from manufacturingcompanies.
Financial Services businesses indeed seemedto be under-involved with Wireless – out of 3 responses, only 1 had Wireless deployed.
It appears that there is no strong correlationbetween the business type and the type of wireless usage, aside from Higher Educationentities which deploy Wireless primarily forstudent’s use.
Most of respondents have AP self-broadcasting feature disabled,.
Companies that restrict Wireless access aremore likely to use authentication.
Businesses that monitor their Wirelessnetwork are more likely to track individualwireless users.
It was unexpected that most manufacturingcompanies have wireless networks deployed.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->