Secure your technology, secure your business

Mobile technology has without doubt delivered benefits in terms of boosting companies' productivity and extending their reach....

Mobile technology has without doubt delivered benefits in terms of boosting companies' productivity and extending their reach. This message has been well understood. In September last year a SonicWALL sponsored survey carried out by Computer Weekly among directors and senior IT managers at more than 400 UK businesses nearly a third of the companies (28%) said they had already implemented wireless technology and a further 40% indicated plans to do so by 2005. Only just over a third of respondents, declared they would never deploy such technology. As consumers, company executives, have adopted Wi-Fi enthusiastically. 

However it's more than certainly the case that in your company, as with others, the security of wireless technologies causes security managers their biggest headache, even if your company is one of those that does not yet offer access to the corporate network from such means. Wireless is undoubtedly on the corporate agenda but a perception has grown that wireless networks are inherently insecure. A recent survey by Computer Weekly showed that 81% of IT professional responsible for the purchase and management of security technologies were worried about the security of wireless technology. Over a third was very concerned.  

Companies could be forgiven wondering if it is worth the effort to allow laptops to be used wirelessly when it the important corporate information they carry could be hacked. There is always a reticence among senior mangers about highly valuable information leaving the secure confines of the office. No security system is totally secure and the job of company directors  should be to balance the expected business productivity gains of using wireless technologies-in the appropriate manner according to how useful they are to the business-against the risk that they cause the business. Your board then should agree the amount of investment needed to give to the security manager in order to eliminate this risk. Your security manager should then be in strong position to assess what technologies and practices should be employed to achieve the overall aim. 

Despite the general misgivings about wireless being insecure, research, in particular the SonicWALL survey could be used to suggest the contrary. Of those already using wireless networks only five per cent confessed to experiencing a security breach on their wireless LAN in the past 12 months. At first glance this would seem to indicate that security was well taken care of, especially as 83% claimed to encrypt their wireless data traffic. The bad news is that the specified standard for wireless encryption published by the IEEE-Wired Equivalent Privacy (WEP)-is generally regarded as flawed. Companies should not trust their security solely on WEP; other technologies and techniques are required to give better protection. WEP's successor, Wireless Protected Access (WPA), is generally regarded as a much more robust standard but even this has its critics. 

The key though is not to rely solely on encryption. The explosive growth of virtual private networks, (VPNs), is testament to how successful such networks have been in delivers a reliable and secure platform for mobile worker s who wish to connect with the corporate database and wireless VPNs offer equally as good security. 

However there are some particular aspects of wireless technology that you should be aware of that are not necessarily technological driven. Inside the organisation it is not unknown for employees to install unauthorised Wi-Fi access points on a company's network. If not properly configured these hot spots can potentially give anyone within a few hundreds yards access to your networks, bypassing any security systems that you've set up.

The external threats are headed by identity theft where some outside body obtaining the service set identifiers (SSIDs) and Media Access Control addresses of one of your colleagues to assume the identity of an authorised user. Wireless access points are also subject to common denial of service attacks by attackers flooding access points with nonsense traffic.

The remedies for these problems can be quite simple. First your company should check and alter the default settings of all WLAN equipment, including SSIDs of base stations, from the default setting. You should then have a policy whereby you and your colleagues select and update your own SSID regularly, as you would with your ordinary network password. You should also disable the 'broadcast' setting on all WLAN base stations so they don't broadcast what's known as a 'beacon frame' to open communications with in-range WLAN devices. A plethora of other techniques and technologies to lock down wireless devices is available.

The key is to coolly and objectively assess the risk of the proposed benefits and to plan accordingly. The right practices allied to the robust technology will let you gain these benefits.

This article was part of Computer Weekly's enterprise mobile business channel, sponsored by Nokia 

Read more on Mobile hardware