In international news at the end of last week, Richard Clarke, special advisor to the US president for cyberspace security, together with other experts labelled wireless networking technology as a potential terrorist target.
The draft copy of `The National Strategy to Secure Cyberspace` which was released in September in the US for public comment also included warnings about the lack of security in wireless networks.
"Federal departments and agencies must be especially mindful of security risks when using wireless technologies. Federal agencies should consider installing systems that continuously check for unauthorised connections to their networks."
The report goes on to say that government and industry should actively promote awareness for individuals, enterprises and government of the security issues involved in the adoption of wireless technologies, especially those utilising the 802.11b and related standards. Industry and government should work closely together to promote the continued development of improved standards and protocols for wireless LANs that have built-in, transparent security.
Martin May, Regional Director of Enterasys Networks, says: "We have been pushing the open standards issue for some time now and believe it is the only way to go towards achieving effective security across wireless networks.
"The whole idea of wireless networks has been a boon for people who can access information from their networks while on the move. However, the dangers of unauthorised access are almost exponential compared to the dangers faced by wired networks."
From a security point of view, authenticating users wanting to gain access to a network also makes it possible to monitor users as individuals.
One example of user authentication is via 802.1x, which is standard in the Microsoft XP.
The weakness with a wireless LAN (WLAN) solution is that it not only provides access for corporate staff, but can also be accessed by passers-by.
"It is possible to drive around buildings here in SA with a wireless-enabled notebook and gain access to their network infrastructures," May warns.
Vulnerabilities were highlighted at the Defcon conference for hackers held recently in Las Vegas, where attendees were split into teams and raced to see how many unprotected wireless networks they could locate and tap into around the city.
Standards like 802.11b/a make it possible to place wireless systems between the different vendors and this gives access to an increased amount of networks.
A possible solution to this problem is having the wireless point outside the firewall thereby maintaining security but also gaining the advantage of mobility for the staff.
May says the mindset within corporates and individual users has to change regarding the vulnerability of their networks.
"There is not enough awareness of the dangers that data faces while travelling across a wireless network. There is also far too much emphasis on the mobility and speed benefits with many people rushing the decision to invest in the system without a full analysis of total cost," concludes May.
Share
Editorial contacts