IT departments should put pressure on suppliers to step
up the security of wireless access technology devices.
This will enable the technology to take off in the corporate
world, delegates at the
Infosecurity Europe
conference will hear next week.
John Meakin, group head of security at
Standard Chartered Bank, said that until
suppliers began offering wireless devices that were secure "out of
the box", businesses would remain cautious about rolling out the
technology.
"Wireless networking is so fundamental to the way we will use IT
in the future, it is a must-have. The wireless industry needs to go
through the same conversion on the road to Damascus with security
that Microsoft went through," he said.
Meakin said that it was "absolutely essential" for suppliers to
produce equipment that has security switched on by default. He said
it was also crucial that technologies be easy to configure even by
non-specialist staff.
Phil Cracknell, UK president of the
Information Systems Security Association and
director of technology assurance at Deloitte, said that large firms
with the technical skills to configure wireless networks securely
were frequently left exposed because they left some purchasing
decisions to be made locally.
"I have had two or three clients that have suffered from
problems. Where temporary offices need to be set up, non-experts
can often buy and install items like an access box," he said.
Equipment may also lose its secure configuration when there is a
problem and revert back to an insecure default state, he
warned.
Suppliers needed to be more helpful by delivering technology
that was secure by default so that if anything happened it would
automatically default to its secure status, he said.
Wireless networks were often the weakest point in an
organisation's IT systems, Cracknell said. "If I were attacking an
organisation, I would not try social engineering or paying a
cleaner to insert a memory stick. It is much easier to sit outside
the office in a car," he said.
www.infosec.co.uk
Related articles:
Meru links wireless security to QoS
Effective wireless security is available, but holes exist
Wireless security: IT pros warily watching mobile phone
threats
Comment on this article:
computer.weekly@rbi.co.uk
David Lacey’s security blog
The latest
ideas, best practices, and business issues associated with managing
security
Stuart King’s risk management blog
Dealing with
the operational challenges of information security and risk
management