Growing need for wireless security policies, warns Gartner

The escalating use of wireless technology demands formal corporate security policies governing that use, according to users and...

The escalating use of wireless technology demands formal corporate security policies governing that use, according to users and analysts at a Gartner security conference in Washington DC.

According to Gartner, this included putting in place dedicated intrusion-detection systems for wireless networks, locking down wireless-enabled systems or installing personal firewalls, and keeping all wireless Lans outside the corporate firewall.

Companies need to think beyond simply securing WLan access points when looking at the potential problems created by wireless use, said Gartner analyst John Pescatore.

Instead, the individual client devices inside a WLan will pose the biggest security risks to corporations for the next several years.

Unprotected wireless client devices such as notebooks and handheld devices can be exploited as peers or access points to break into corporate WLans where they can remain undetected indefinitely, he said.

So far, there has been little evidence of attacks targeting such devices. But with 85% of laptops and 60% of handhelds expected to be wireless-enabled by 2006, users should expect to see attacks crafted against those devices in the not-too-distant future. Yet less than 10% of corporations are likely to have formal wireless security policies, Pescatore added.

"There definitely is a need for it," said a user at a large consumer products company. The company is crafting a formal policy regarding wireless use in its conference rooms.

"Rogue access points are not the biggest concern," the user said, but the company is setting up intrusion-detection sensors to detect break-ins. The company will also use an extended Transport Layer Security framework to authenticate wireless users and their equipment to the network.

There are other measures that companies can take to secure wireless use, Pescatore said.

Regular monitoring for rogue access points remains important. Scoping the threat and knowing where users want WLan support and turning down power to service only those areas are other measures, he said.

Jaikumar Vijayan writes for IDG News Service

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.