grandeduc - Fotolia
Waiting too long for Wi-Fi upgrade puts security at risk
To the average end user, wireless gear tends to be out of sight and out of mind. But experts warn: Put off an overdue Wi-Fi upgrade and you put your network's security at risk.
Ed Hayes wants networking pros to spend a little more time staring at the ceiling, saying they might notice outdated wireless access points staring back.
To Hayes, director of IT security for the Michiana Health Information Network -- a nonprofit, Indiana-based health information exchange -- an aging Wi-Fi device looks like an open invitation to hackers. He sees them all too often in the hospitals and other healthcare facilities where his team consults.
"Most of the facilities we work with have access points that are easily over five years old," he said. "They're up there way too long. I think that's my biggest concern with wireless."
Healthcare companies, in particular, tend to have long Wi-Fi upgrade cycles, according to analyst Craig Mathias, principal at Farpoint Group.
"The medical equipment they buy is very expensive, requires FDA approval and really can't be upgraded," he said, adding that you typically can't install a new wireless radio in an infusion pump, for example. Rather, a Wi-Fi upgrade typically requires a hospital to invest in new medical and networking gear.
Hayes added that a new wireless standard can also conflict with legacy, mission-critical applications, causing headaches for network managers.
"We've run into issues where sometimes a GUI won't display right because it's asking for an old protocol the new wireless network isn't capable of," he said. "Then you have to patch the access point."
Ed Hayesdirector of IT security, Michiana Health Information Network
Real budgetary and operational constraints notwithstanding, Mathias said no organization should be using wireless technology older than the 802.11n standard.
"802.11g, 11b, 11a -- those technologies are not secure or reliable, and they're a real waste of capacity," he said. And while healthcare groups often have no choice but to use outdated technology, doing so is still a security risk -- potentially leaving private medical data vulnerable to hackers.
Hayes agrees about the risk, and while the Michiana Health Information Network's own 802.11n access points (APs) appear youthful next to some of its partner organizations' gear, they weigh heavy on his mind. While the nonprofit has historically followed a five-year Wi-Fi upgrade cycle, he said he's pushing to upgrade the network every two years.
For now, however, his team is holding off and waiting for products based on the new 802.11ax wireless standard, also known as Wi-Fi 6.
"I'm always about early adoption when it comes to wireless gear," Hayes said, adding that extra speed and efficiency -- while nice -- isn't as important as security. "If you've got the latest and greatest security protocols, at least you're minimizing your risk compared to what it would be on something older -- even 11ac."
The Michiana IT team plans to start its 11ax Wi-Fi upgrade by the third quarter of 2019, depending on when Cisco -- the nonprofit's preferred vendor -- debuts its new Wi-Fi 6 APs. In the meantime, Hayes said they've completed a thorough site survey, identifying coverage weak spots and high-traffic areas ahead of the deployment.
"We've already done our due diligence," he said.
Hayes had a final word of caution for any organization putting off a Wi-Fi upgrade.
"If your vendor says your devices are end of life, you're required to upgrade," he said, since aging technology makes networks vulnerable to attackers. "No question -- you have to make room in your budget."