Safety first

Undoubtedly the biggest concern of mobile IT technology is security. How do you strike the balance between flexibility and access...

Undoubtedly the biggest concern of mobile IT technology is security. How do you strike the balance between flexibility and access and prevention of data loss?

Mobile technology has without doubt delivered benefits in terms of boosting companies’ productivity and extending their reach. However it is more than certainly the case that in your company, as with others, the security of wireless technologies causes your security managers their biggest headache, even if your company is one of those that does not yet offer access to the corporate network from such means.

Wireless is undoubtedly on the corporate agenda but a perception has grown that wireless networks are inherently insecure. A survey by Computer Weekly in 2004 showed that 81% of IT professional responsible for the purchase and management of security technologies were worried about the security of wireless technology. Over 33% were very concerned. 

You could be forgiven wondering if it is worth the effort to allow laptops to be used wirelessly when it the important corporate information they carry could be hacked. There is always a reticence among senior mangers about highly valuable information leaving the secure confines of the office.

No security system is totally secure and the job of company directors  should be to balance the expected business productivity gains of using wireless technologies—in the appropriate manner according to how useful they are to the business—against the risk that they cause the business.

Your board then should agree the amount of investment needed to give to the security manager in order to eliminate this risk. Your security manager should then be in strong position to assess what technologies and practices should be employed to achieve the overall aim.

The bad news is that the specified standard for wireless encryption published by the IEEE—Wired Equivalent Privacy (WEP)—is generally regarded as flawed. You should not trust their security solely on WEP; other technologies and techniques are required to give better protection. WEP’s successor, Wireless Protected Access (WPA), is generally regarded as a much more robust standard but even this has its critics.

The key though is not to rely solely on encryption. The explosive growth of virtual private networks, (VPNs), is testament to how successful such networks have been in delivers a reliable and secure platform for mobile worker s who wish to connect with the corporate database and wireless VPNs offer equally as good security.

However there are some particular aspects of wireless technology that you should be aware of that are not necessarily technological driven. Inside the organisation it is not unknown for employees to install unauthorised Wi-Fi access points on a company's network. If not properly configured these hot spots can potentially give anyone within a few hundred yards access to your networks, bypassing any security systems that you have set up.

The external threats are headed by identity theft where some outside body obtaining the service set identifiers (SSIDs) and Media Access Control addresses of one of your colleagues to assume the identity of an authorised user. Wireless access points are also subject to common denial of service attacks by attackers flooding access points with nonsense traffic.

The remedies for these problems can be quite simple. First your company should check and alter the default settings of all WLAN equipment, including SSIDs of base stations, from the default setting. You should then have a policy whereby you and your colleagues select and update your own SSID regularly, as you would with your ordinary network password.

You should also disable the "broadcast" setting on all WLan base stations so they don’t broadcast what is known as a "beacon frame" to open communications with in-range WLan devices. A plethora of other techniques and technologies to lock down wireless devices is available.

The key is to coolly and objectively assess the risk of the proposed benefits and to plan accordingly. The right practices allied to the robust technology will let you gain these benefits.

This was last published in April 2005

Read more on Wireless networking

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close