Users warned to check laptops are not connecting to other networks

IT staff should take extra care when configuring wireless devices, following a warning that a default setting in Microsoft XP...

IT staff should take extra care when configuring wireless devices, following a warning that a default setting in Microsoft XP leaves laptop PCs vulnerable to unauthorised connection when used within range of 802.11b networks.

The warning came after wireless security specialists found that XP allowed wireless cards to search for access points from start-up without users' knowledge

John Collins, senior analyst at Quocirca, advised users to check they had basic security precautions in place and criticised suppliers for shipping products with default settings that made wireless systems vulnerable.

Rich Mironov, vice-president for marketing at wireless network testing supplier AirMagnet, said his company had discovered examples of users' PCs polling for wireless access points. In one case, employees at a Boston bank were found to be linked into eight wireless networks belonging to local companies.

Mironov said, "The issues are all driven by default configurations of the operating system. Most new notebooks immediately start looking for access points on start-up. If they do not find any access points at start-up, they will continue to poll indefinitely."

He said that when laptops spot an access point, they may connect to it with no security. Such traffic is doubly dangerous, he said, because it may be sent in the clear or be going to an access point that is not part of the enterprise.

Mironov advised users to ensure administrators turn off default settings that allowed laptops to poll for access points.

Collins said, "Ethernet is a broadcast environment, and when you use a wireless network you are potentially broadcasting your presence if you use default settings.

"Suppliers assume that people will turn on security features but this is naive and lazy. Network suppliers should be setting security to a higher level, with people turning off what they do not want."

Stuart Okin, Microsoft's chief security strategist, said users cannot rely on default security and must implement public key infrastructure and IP Sec VPNs to secure wireless Lans.

He said Microsoft had a policy of switching off security features by default because it sought to balance security and functionality, but this approach was being changed with the company's Trustworthy Computing drive.

XP would be fixed to prevent default polling of access points with the issue of SP2 in 2004, said Okin.

Read more on Wireless networking