The escalating use of wireless technology demands formal
corporate security policies governing that use, according to users
and analysts at a Gartner security conference in Washington
DC.
According to Gartner, this included putting in place dedicated
intrusion-detection systems for wireless networks, locking down
wireless-enabled systems or installing personal firewalls, and
keeping all wireless Lans outside the corporate firewall.
Companies need to think beyond simply securing WLan access
points when looking at the potential problems created by wireless
use, said Gartner analyst John Pescatore.
Instead, the individual client devices inside a WLan will pose
the biggest security risks to corporations for the next several
years.
Unprotected wireless client devices such as notebooks and
handheld devices can be exploited as peers or access points to
break into corporate WLans where they can remain undetected
indefinitely, he said.
So far, there has been little evidence of attacks targeting such
devices. But with 85% of laptops and 60% of handhelds expected to
be wireless-enabled by 2006, users should expect to see attacks
crafted against those devices in the not-too-distant future. Yet
less than 10% of corporations are likely to have formal wireless
security policies, Pescatore added.
"There definitely is a need for it," said a user at a large
consumer products company. The company is crafting a formal policy
regarding wireless use in its conference rooms.
"Rogue access points are not the biggest concern," the user
said, but the company is setting up intrusion-detection sensors to
detect break-ins. The company will also use an extended Transport
Layer Security framework to authenticate wireless users and their
equipment to the network.
There are other measures that companies can take to secure
wireless use, Pescatore said.
Regular monitoring for rogue access points remains important.
Scoping the threat and knowing where users want WLan support and
turning down power to service only those areas are other measures,
he said.
Jaikumar Vijayan writes for IDG News Service