The spread of wireless technology, high speed broadband and a growing number of mobile access devices means there are more endpoints and vulnerabilities for businesses to protect every day. Marino Zini, head of managed services at Claranet explains the ins and outs of Wireless Security.
Wireless technology can be used to connect to a network or the internet using radio frequencies and infrared waves instead of wires or cables. Common wireless standards include Wi-Fi, bluetooth and WiMAX. Companies are using wireless LAN (WLAN) technology to enable more flexible and mobile working. Wireless has quickly become a business critical technology.
Wireless networks enable real-time access to critical applications and network resources across an office, between different branches and from remote locations. Business demand for wireless infrastructure and applications continues to grow as they seek a secure means of supporting remote and workers more flexible ways of working. Wireless networks can bring businesses significant cost savings, improvements in workflow and productivity, and a competitive advantage.
Wireless comes with a warning
- Nearly two thirds of UK businesses (62 per cent) had a security incident in 2005.
- It is estimated that security breaches cost British business around ten billion pounds each year.
- Wireless technology is more open and susceptible to breaches of security than traditional wired networks.
- Security attacks are no longer intended to disrupt a business's operations. Hackers now seek to infiltrate corporate networks to steal business data and extort money.
In general the threats which exploited the naivety of businesses in the early days of wireless technology have been counteracted. Warchalking where symbols are drawn in public places to advertise an unsecured wireless network, have been largely eradicated.
There are hundreds of specific attack types on wireless networks. These include:
- Misconfigured access points. A can of Pringles can act as a rudimentary wireless antenna to detect unsecured wireless networks.
- Evil twins, which look like genuine access points and dupe users into logging on to their connections before intercepting sensitive data that crosses the network.
- Sniffers which intercept unencrypted data and passwords passing across a wireless network by joining or associating with the network.
- Rogue access points which describe unauthorised wireless access points deployed on a network. An employee could deploy wireless capabilities on their network without the organisation even knowing, effectively opening a door in the security of the network.
Businesses must implement comprehensive security measures to counteract the threat to their wireless networks.
All organisations face threats
Speaking at a Claranet forum to promote information security, former White House and Microsoft Chief Security Officer, Howard Schmidt spoke about the threats of cyber-crime to SMEs. 'SMEs have to realise that just because they are small, it doesn't mean they won't be targeted. Bad guys target wherever they can get money,' Schmidt said. Small businesses with limited resources and who have no full-time IT staff often fail to address cyber-security issues appropriately.
Enterprises are more likely to be targeted by criminals. Enterprises provide more opportunities for money to be made. The security breaches enterprises experience tend to be more costly.
Encryption and authentication systems are the basics of wireless security. Businesses should restrict the number of people that can use the remote access service, or the information and systems that can be accessed remotely. Those companies that do not impose such limits have been found to be twice as likely to have had an outsider actually penetrate their network.
Outsourcing security to experts
Security is never absolute and must be viewed in terms of business risk. Businesses must assess their vulnerabilities and understand the likely costs of an attack or get someone to do it for them so they can select the appropriate level of security.
Outsourcing network management functions to expert third parties can save companies money. It is less expensive than handling it internally, and allows businesses to focus on their core business function.
Wireless offers terrific business benefits, but security concerns remain the key issue deterring businesses from investing heavily in it. Businesses must be confident that their data will remain protected and that only authorised users can access their wireless networks.