Wireless kit must be secure 'out of the box', say experts

Infosecurity Europe: The need to make wireless devices secure by default and more openness on data breaches are on the agenda at next week's Infosecurity conference

IT departments should put pressure on suppliers to step up the security of wireless access technology devices.

This will enable the technology to take off in the corporate world, delegates at the Infosecurity Europe conference will hear next week.

John Meakin, group head of security at Standard Chartered Bank, said that until suppliers began offering wireless devices that were secure "out of the box", businesses would remain cautious about rolling out the technology.

"Wireless networking is so fundamental to the way we will use IT in the future, it is a must-have. The wireless industry needs to go through the same conversion on the road to Damascus with security that Microsoft went through," he said.

Meakin said that it was "absolutely essential" for suppliers to produce equipment that has security switched on by default. He said it was also crucial that technologies be easy to configure even by non-specialist staff.

Phil Cracknell, UK president of the Information Systems Security Association and director of technology assurance at Deloitte, said that large firms with the technical skills to configure wireless networks securely were frequently left exposed because they left some purchasing decisions to be made locally.

"I have had two or three clients that have suffered from problems. Where temporary offices need to be set up, non-experts can often buy and install items like an access box," he said.

Equipment may also lose its secure configuration when there is a problem and revert back to an insecure default state, he warned.

Suppliers needed to be more helpful by delivering technology that was secure by default so that if anything happened it would automatically default to its secure status, he said.

Wireless networks were often the weakest point in an organisation's IT systems, Cracknell said. "If I were attacking an organisation, I would not try social engineering or paying a cleaner to insert a memory stick. It is much easier to sit outside the office in a car," he said.


Related articles:

Meru links wireless security to QoS

Effective wireless security is available, but holes exist

Wireless security: IT pros warily watching mobile phone threats

Comment on this article: [email protected]

David Lacey’s security blog
The latest ideas, best practices, and business issues associated with managing security

Stuart King’s risk management blog
Dealing with the operational challenges of information security and risk management



Read more on Voice networking and VoIP