Most of us in the business world today, especially those who travel, can`t live without our laptops and readily available WiFi connections. All new laptops today have WiFi built in as a default configuration and if you want one without wireless, it`s a special order. Our world has certainly changed.
Wireless networks offer tremendous benefits, but also present significant risks, particularly around "end-point security", which is the requirement for end devices to be managed and secured whether or not they are connected to the corporate network. As more and more mobile workers use their laptops to connect to corporate and public WiFi networks, IT departments and end-users will need to be aware of the risks and implement the right mitigation plans.
Most WiFi security stories focus on the over-the-air (OTA) data encryption, wireless access control, or intrusion prevention. Although these are important issues, there are hidden risks with wireless that may not be well known, but still present some serious security challenges. Two of them are (a) working in ad hoc mode, and (b) dual homing - the simultaneous connection to two networks.
Wireless laptops in ad hoc mode. Wireless Network Interface Cards (NICs) operate in two modes - infrastructure and ad hoc. Infrastructure mode is when you connect to an access point, perhaps in your office, at home, or at a public hotspot. Ad hoc mode allows you to make your laptop behave like an access point and have others connect to you through a peer-to-peer wireless connection. Wireless laptops in ad hoc mode are prime targets for hackers to connect to and steal information because it is easy to do so and almost undetectable. Interestingly, many users inadvertently have their wireless NIC set to ad hoc mode by default because that`s how the laptop manufacturer set it, or they may have turned it on before but forgot to switch back to infrastructure mode. An even scarier scenario occurs when a hacker sets his laptop as an ad hoc connection with the same name as a legitimate network, causing unsuspecting users to connect to it thinking it is a valid WiFi network, and divulge important information such as passwords or credit card numbers.
Wired+Wireless Dual Homing. Most laptops today have two NICs - one for a wired connection (Ethernet, dialup, etc) and one for WiFi. This enables the laptop to be dual homed, or connected to two networks at the same time. If the WiFi card is set to ad hoc mode, and the user logs on to the wired network, hackers can easily connect to the laptop via the ad hoc mode and then get access to the wired portion of the enterprise network using the dual homed laptop as a conduit.
Here are some simple steps to help you avoid these risks:
1. Turn off your wireless ad hoc mode, and don`t connect to other ad hoc networks, unless you have a very good reason to do so - perhaps to exchange information among trusted people in a secure meeting room. The rule of thumb, however, should be: don`t use ad hoc networks!
2. Before connecting to your corporate wired network, disable your wireless card, or check that your wireless NIC isn`t in ad hoc mode and isn`t connected to any wireless network.
3. Ask your IT department for the corporate wireless usage policy, and adhere to it. The policies are intended to protect corporate information and all mobile users share that responsibility.
And here are some things IT departments can do to ensure secure and manageable wireless computing:
1. Don`t look at wireless as a separate island of technology; it is an integral part of your enterprise.
2. Enterprise IT management must include the security and management of wireless end-devices - both in connected and disconnected modes.
3. Utilise a comprehensive enterprise management solution that provides automatic policy enforcement across wired and wireless systems.
Network connectivity will continue to be a hybrid of wired and wireless. Adhering to best practices will help secure our devices and prevent corporate information from being compromised. So, the next time you connect to a WiFi network, make sure you`ve taken care of the hidden risks before you launch into the wireless cyberspace.
Share
One CA Plaza, Islandia, NY 11749
(Sumit.Deshpande@ca.com)
Sumit Deshpande is vice-president of the Wireless Solutions group in the Office of the CTO. He is involved in defining and communicating CA`s global strategy for wireless technology, as well as the development of new solutions. Deshpande has a broad range of technical expertise and experience in varying aspects of information technology, including networking, application development, technology consulting, market analysis and others. His articles and interviews on wireless and other topics have been published in several technical publications. Deshpande is a much sought after speaker at several technology events and advises clients, analysts, and other relevant parties on CA`s strategy and solutions for the 21st century. He holds a bachelor`s degree in Computer Science from Pune University, and master`s degree in Computer Science and Information Systems from Marist.
CA
Computer Associates International, Inc (NYSE:CA), one of the world`s largest management software companies, delivers software and services across operations, security, storage, lifecycle and service management to optimise the performance, reliability and efficiency of enterprise IT environments. Founded in 1976, CA is headquartered in Islandia, New York, and serves customers in more than 140 countries. For more information, please visit http://ca.com.
Editorial contacts