Tip

Wireless corporate access can spawn security problems

There has been a culture change in corporate America due in no small part to new technology. But in a world of wireless access, which way should you turn?

There are myriad gadgets and gizmos on the market that can provide your company with wireless, remote access to your corporate network to support enterprise applications like Customer Relationship Management, Enterprise Resource Planning, and Sales Force Automation.

Laptop users have a variety of 802.11b or 802.11a PC cards to choose from. Companies typically purchase wireless LAN PC cards and access points from the same vendor, but it is often possible to mix and match standards-compliant 802.11b products, according to Lisa Phifer, vice president of Core Competence, Inc., a consulting firm specializing in network security and management technology.

Phifer said Palm and Handspring PDA users can connect using Intel's 802.11b "sled" technology, while Compaq iPaq, HP Jornada, and other Pocket PCs can be outfitted with 802.11b PC cards or CompactFlash cards that support WinCE. Toshiba's new e740 Pocket PC includes integrated 802.11b support.

"In the future, I expect to see many laptops and PDAs shipping with built-in interfaces for wireless LAN access," she said.

All these bits and bytes flying through the air begs the question: What about security?

Many of the risks associated with wireless LANs are the same security risks that companies face when providing wired remote access to travelers

    Requires Free Membership to View

and teleworkers, Phifer said. Laptops and PDAs can be lost or stolen. Users connecting from the outside must be properly authenticated, and traffic must be protected against eavesdropping and forgery.

Wireless LANs pose increased risk because they are broadcast radio networks and anyone within range can transmit to your wireless access point or capture traffic sent by others. This inherent challenge is compounded by users that improperly deploy wireless access points inside the corporate firewall, without adequate security measures.

PanAmSat Corp., Wilton, Conn., a video satellite company that provides video broadcasts for customers like AOL-Time Warner, HBO, Disney and Viacom, uses its Cisco and LinkSys wireless technologies on a limited basis.

"We don't widely use it as far as great numbers of people," said Chris Voigt, LAN administrator. "It depends on applications and even events."

Voigt's arsenal of wireless devices includes iPaq PDAs, and laptops with wireless access.

"The biggest concern is that you don't have a physical hold on the security," said Voigt.

PanAmSat is constantly updating its security software with vendor-supplied patches and it shields its internal wireless network with lead-lined windows.

Voigt said that as long as you keep a good security model, use a good encryption protocol and know who's connecting to you, your wireless network should be secure.

The risk of security intrusions by hackers is also a concern when using wireless devices. Ed Skoudis, vice president of Security Strategy for Predictive Systems' Global Integrity consulting practice, said hackers are finding new ways into wireless networks every day.

"We're seeing a major increase in the amount of attacks that happen over wireless local area networks," said Skoudis.

Every wireless LAN has a Services Set Identifier (SSID), which is often sent in clear text and broadcast from network access points.

"I can drive down the street and collect access I.D.s from wireless LANs. This is a process known as war driving. You get a laptop, you get a wireless card, and you drive down the street and look for wireless LANs," said Skoudis.

On his most recent war driving outing, Skoudis and a colleague rode around in a Manhattan cab for an hour. In that time, they discovered 455 access points.

"All 455 wireless LANs could have been penetrated by us in just that short period of time," said Skoudis.

Wireless access to corporate LANs is, no doubt, a convenient option.

They offer reduced cost, flexibility for change and less expensive installation. However, buyers should beware. Users who do not take the proper security precautions could leave their corporate data blowing in the wind.


Sponsored by: EMC

New White Paper Details How to Avoid Inconsistent Databases after Restart
Few people are aware that many critical large-scale applications cannot be restarted reliably-with a correct and current database-after failure. Because often, remote mirroring alone does not insure a restartable copy. When your application comes up at a remote site, will it be running against an inconsistent, potentially unusable database? Find out how to ensure against it.

>>Download the free white paper by the Winter Corporation.

This was first published in July 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.