New attacks demand new defences

Despite many organisations introducing a wireless policy, businesses are still failing to recognise or guard against the threats posed by wireless technologies

With surveys showing that more than 80% of UK businesses now have a wireless policy or a statement regarding the use of wireless equipment in place, you would think that it was a case of "job done." It would appear that we need panic no more, as UK business has grasped the message.

On closer scrutiny, however, it is clear that even among the 80%, corporate wireless users have only scratched the surface. Little, if any, provision is present for the important and increasing issues of wireless scanning, rogue hotspots, evil twins and drifting clients.

Perhaps the ever-shifting landscape of new threats, coupled with enhanced security features, bemuses those who are expected to keep both their systems and policies up to date. But could existing practices fall foul of current popular exploits?

Most businesses do not scan their perimeters regularly. This is, of course, essential to ensuring that a no wireless policy is policed effectively.

It is equally important to scan for new devices, rogue access points and drifting client cards who might choose to connect to networks nearby for a variety of reasons. Another major growing concern is the provision of visitor or guest access to wireless.

Corporate social responsibility arises when we consider the consequences of allowing users to be able to anonymously consume our corporate wireless networks. While this may feel "good and green" it is potentially open to extreme abuse.

Who is liable for misuse? Do you as a corporate wireless provider have a duty of care to ensure your network is not misused? With the exception of one or two high-profile cases containing obvious and unequivocal misuses of a system, there are not sufficient cases to provide a legal precedent in this area - especially when concerning the "accidental browser".

Evil twins have been publicised for more than a year, but even coverage on TV's "Real Hustle" has failed to penetrate the mainstream market, and so most public hotspots are vulnerable.

Technology is lagging here, with few solutions to counter such an attack. Most people have used a hotspot and many have supplied credit card details to purchase access time, but were we sure it was a real hotspot or could it have been someone's laptop nearby emulating one?

Later this year will see Wimax (802.16) spring into our lives on trial across a number of UK cities. This operates using different hardware and a variety of separate frequencies through Europe, and can generally be seen as wireless DSL to connect the many Wi-Fi access points into a wireless backbone.

Offering up to 70Mbits and up to 70 miles coverage (though this will vary wildly), Wimax is certainly set to introduce new challenges for our network communities.

One thing is certain: the last six years of wireless development have brought massive change to the way we use computers and the way in which they can be exploited. Experts have said that we could use the same principles to secure the technology, but I am not sure that this is true.

We have seen attacks the likes of which cannot be paralleled. The same principles would have to be of such a high level that they would not be relevant. The truth is we have to innovate and adapt to counter the new wireless threats.

Wireless special report: Remote revolution >>

Effective wireless security is available, but holes exist >>

Wireless widens its corporate appeal >>

Computer Weekly: security >>

Comment on this article: [email protected]

Read more on Wireless networking