With surveys showing that more than 80% of UK businesses
now have a
wireless policy or a statement regarding the use of wireless
equipment in place, you would think that it was a case of "job
done." It would appear that we need panic no more, as UK business
has grasped the message.
On closer scrutiny, however, it is clear that even among the
80%, corporate wireless users have only scratched the surface.
Little, if any, provision is present for the important and
increasing issues of
wireless scanning,
rogue hotspots, evil twins and drifting clients.
Perhaps the ever-shifting landscape of new threats, coupled with
enhanced security features, bemuses those who are expected to keep
both their systems and policies up to date. But could existing
practices fall foul of current popular exploits?
Most businesses do not scan their perimeters regularly. This is,
of course, essential to ensuring that a no wireless policy is
policed effectively.
It is equally important to scan for
new devices, rogue access points and drifting client cards who
might choose to connect to networks nearby for a variety of
reasons. Another major growing concern is the provision of visitor
or guest access to wireless.
Corporate social responsibility arises when we consider the
consequences of allowing users to be able to anonymously consume
our corporate wireless networks. While this may feel "good and
green" it is potentially open to extreme abuse.
Who is liable for misuse? Do you as a corporate wireless
provider have a duty of care to ensure your network is not misused?
With the exception of one or two high-profile cases containing
obvious and unequivocal misuses of a system, there are not
sufficient cases to provide a legal precedent in this area -
especially when concerning the "accidental browser".
Evil twins have been publicised for more than a year, but even
coverage on TV's "Real Hustle" has failed to penetrate the
mainstream market, and so most public hotspots are vulnerable.
Technology is lagging here, with few solutions to counter such
an attack. Most people have used a hotspot and many have supplied
credit card details to purchase access time, but were we sure it
was a real hotspot or could it have been someone's laptop nearby
emulating one?
Later this year will see Wimax (802.16) spring into our lives on
trial across a number of UK cities. This operates using different
hardware and a variety of separate frequencies through Europe, and
can generally be seen as wireless DSL to connect the many Wi-Fi
access points into a wireless backbone.
Offering up to 70Mbits and up to 70 miles coverage (though this
will vary wildly), Wimax is certainly set to introduce new
challenges for our network communities.
One thing is certain: the last six years of
wireless development have brought massive change to the way we
use computers and the way in which they can be exploited. Experts
have said that we could use the same principles to secure the
technology, but I am not sure that this is true.
We have seen attacks the likes of which cannot be paralleled.
The same principles would have to be of such a high level that they
would not be relevant. The truth is we have to innovate and adapt
to counter the new wireless threats.
Wireless special report: Remote revolution >>
Effective wireless security is available, but holes
exist >>
Wireless widens its corporate appeal >>
Computer Weekly: security >>
Comment on this article:
computer.weekly@rbi.co.uk