Cahners Business Information Wireless Internet
  You are here >  Home > Articles > November/December 2001 |    Home    |    Archives    |    ASP Directory    |    Event Calendar    |    Subscribe    
Wireless Week
Topics

Features
Above the Fray
Follow the Money
Market Research
Big Ideas
Technoptions
Developer Insights
Q & A
Opinions

Tools and Services

Archives
Calendar of Events
ASP Directory
Other Cahners Pubs

About Us

Submit a Release
Meet our Staff
Contact Us
Advertise
Magazine Subscription

Powered by...

Cahners

QuoteMedia

MyPoll.net
Printer-friendly format

No network technology is ever truly secure, but wireless networks – where data are exchanged via radio frequencies – definitely pose some unique security challenges. And while the potential for exploiting network glitches is great, wireless security vulnerabilities can be overcome with some fairly simple precautions.

by sue marek
November/December 2001

During the past year, corporations across the country have turned to wireless local area networks as an inexpensive way to connect their workers to their corporate networks without encumbering them with wires. Considered one of the fastest-growing segments of the communications industry, WLAN products are being shipped to enterprises at phenomenal rates. But as quickly as these networks are deployed, the risk of exploitation of those enterprises' data grows.

Drive through any business park in any city and you will easily find dozens of organizations using WLANs to conduct their day-to-day business. But how many of these corporations have outfitted their WLANs with security measures tough enough to protect their networks from intrusion? Not many, according to security experts who say that all it takes to tap into most corporate WLANs is a laptop computer outfitted with some software that is easily obtained via the Internet. "Of all the wireless technologies, WLAN is so powerful and convenient for users to use that we need to be aware of the security vulnerabilities," says Kim Getgen, product marketing manager with RSA Wireless, which makes authentication and other security software.

High-tech threats and security: what's in the pike?

Future Threats:

• Economic Information Warfare. Sophisticated attacks against entire economies, commerce and enterprises.

• Pandoras. Next-generation computer viruses that will self-mutate and are designed to destabilize, confuse and destroy critical electronic infrastructure essential to industry and government.

• Bio-War and Agri-Terrorism.

These methods will be used to destroy ecosystems and will put public health, soil, food and water at risk.

Future Security Solutions:

• Smart Watchers. Super-sensitive satellite and video-networked electronic surveillance will be prolific.

• National Identify Cards. Cards that will be embedded with smart chips containing an individual's entire genomic profile and will act as a secure personal identifier. They will wirelessly authenticate an individual's location, security clearance and identity to intelligent networks tied to the government and enterprises.

• Sniffers. These are designed to automatically sense, watch, search and identify individuals with critical information, weapons or bombs and will be able to navigate physical, wireless and electronic realities.

• Secure-Wearables. Embedded, pinprick-size hyper-sensing bio-reactive nano-chips will have personal PIN codes and GPS location monitoring technology to assist in security tracking and recovery.

• Digitally Engineered Personalities. These are personal sensors that live in the global telecom Internet network and provide 24/7 follow-you-anywhere security protection for individuals, enterprises and governments.

• Biometric Authentication. Facial, eye, fingerprint and genomic scanning will validate an individual's physical or virtual entry into electronic networks or physical areas. Security tattoos with bar-scans will be popular and fashionable.

Source: The Institute for Global Futures

 

Assessing The Risks

Although the potential for glitches is great, the reason so many companies are leaving their networks at risk has little to do with the technology–and a lot to do with lack of knowledge. The biggest problem with WLAN security is few companies realize the weakness that exists in their networks. According to a July Jupiter Media Metrix executive survey, 49.5 percent of Web site managers and chief information officers consider their data's sensitivity "low." The prevalence of this dramatic undervaluing of assets is a big challenge for wireless security firms. "We have found that companies don't appreciate the significance of their risk," says Dain Gary, chief security officer for RedSiren Technologies, a network security firm. "And if safeguards aren't in place, there are risks."

In fact, many companies with WLANs don't take even the most basic security precautions with their system. "Over half of all WLANs deployed don't use the security that is there," says Simon Blake-Wilson, director of business development and cryptographer for Certicom Corp., maker of security software. The reasons for these security discrepancies vary. Some attribute it to a lack of education, while others say the existing security features in WLANs are difficult to implement and support. To employ basic encryption on a WLAN, a technician must manually enter data that changes every time someone new accesses the WLAN. Because it's a labor-intensive process, many companies don't bother doing it. In addition, Blake-Wilson believes many security glitches can be attributed to the fact that often WLANs are deployed on the sly, without the knowledge of the firm's IT department.

However, the casual attitudes toward security that many companies had disappeared with the Sept. 11 terrorist attack on the United States. Enterprises now seem much more unnerved by the possibility of electronic intrusion into their networks. "After Sept. 11, security has a lot more visibility," says Mark Espe, a developer with Netmotion, a company that provides inter-network roaming solutions.

That observation is echoed by research from Cahners In-Stat Group, which has the same parent as Wireless Internet Magazine. "The increasing paranoia among businesses since September has compelled companies to take a more serious approach to securing the enterprise network," says Jaclynn Bumback, an In-Stat research analyst.

This heightened interest in enterprise network security certainly hasn't gone unnoticed by the venture capitalists. Michael Rolnick, partner at venture capital firm ComVentures, believes there will be an increased flow of venture money into Internet security technology. "The venture community has cash, and now there is a business reason to invest money in security issues," Rolnick says.

VPN: The Standard Solution

Exactly where these venture capitalists will start placing their investments is still unclear. There are many companies with wireless security solutions, and most say the type of security solution a company requires depends on the type of data and information its employees are sending or accessing over the WLAN.

And while industry groups are working to improve WLAN security, most security experts say that until a foolproof solution is found, there are many choices for companies that wish to add security features to their network.

One way is for companies to install a virtual private network tunnel to provide an encrypted path for data that is transmitted between the desktop and the wireless access layer. "A fairly widely recommended approach is to place the access point to the WLAN outside the VPN," Blake-Wilson says. "That way, people logging in must tunnel in through the VPN." This solution requires users to authenticate to the VPN or firewall using security software. The advantages are this process keeps access point maintenance simple and is fairly inexpensive. This also is an easy solution for many corporations because there is no hardware change required and most companies are already familiar with VPN technology.

Other, more complex options include installing encryption technology at the application layer or adding authentication features to the end-user device. "Companies need to know that there are options for them to take to secure their wireless enterprise," Getgen says. She suggests companies take a layered approach to security, one that incorporates different solutions depending on what type of data they transmit.

WLANs bundle security

Some WLAN vendors are using the WLAN security issue as a way to bundle security products with their WLAN gear and offer enterprises a full-service package. Colubris Networks bundles VPN capabilities into the access point, which the company says ensures the highest degree of privacy. "This allows us to make a secure connection from the client to the access point using the firewall and VPN functions that we've integrated," says Tony Rossiter, executive vice president of sales and marketing for Colubris.

The company, which focuses primarily on Fortune 100 companies, has found a huge increase in business from small and medium-sized enterprises that want WLAN technology but were inhibited from installing it because of the security gaps. "What we are seeing is a lot of companies, especially financial, government and healthcare, look at our products because we address security issues," Rossiter says.

However, Colubris also works with many Internet service providers that want to add wireless broadband to their service offerings by installing WLANs in public places, such as airports, hotel lobbies and cafes. These firms have special security needs because they must ensure that their customers using the network have secure communications and at the same time they must be able to quickly connect new users without delays. "We make it easy for people to connect to the network, be user friendly and fit in with the ISP infrastructure," Rossiter says.

 

Devices Add Vulnerability

For many companies, the value of the device isn't nearly as great as the data that is stored on the device. And when employees lose those devices, not only are they in danger of exposing the data stored on the device, but if they haven't authenticated to the network, they also are exposing the network to possible infiltration. "The two biggest threats are data is exposed if not encrypted, and if the person didn't authenticate, the network is open to exposure," Getgen says.

Authentication, which is basically using a password or another method to authorize access to a device and/or the network, can be done in a variety of ways. The most basic–a password–is used by many companies. However, there are multiple methods, including infrared scanning and biometric technology, which are becoming more popular as the risk of hacking becomes greater.

To help make devices more secure, many manufacturers are adding security to their PDAs and laptops. As part of a new emphasis on security, IBM announced in October that it was adding security technology to its ThinkPad Notebook computers that requires passwords, encryption keys and other electronic credentials. The company says the technology will help protect critical information from "sniffers" and other potential invaders. In addition, the ThinkPad notebooks will be embedded with a security chip board that supports functions such as encryption.

Beyond just keeping internal corporate data secure, there is a growing threat of viruses and worms spreading to these handheld devices, which are increasingly becoming more sophisticated. "These devices are iterating at speeds faster than the networks," warns Carey Nachenberg, chief researcher at Symmantic Corp., another company specializing in data security. "Can you imagine different scenarios with massive, incredibly fast-spreading computer worms like Nimda or Code Red over wireless? Something like that would sap up bandwidth," Nachenberg says.

And while the instances of viruses being sent over wireless networks are currently unlikely, Nachenberg sees that as a serious risk in the future. Many wireless operators and device makers are aware of the potential, but Nachenberg believes that right now these companies are more focused on features and applications than security. "They have other things to worry about and will deal with it when it becomes a problem. Customers opt for features more than security."

But those glitzy features are quickly moving to the background, as companies become increasingly aware of their vulnerabilities. And although the Sept. 11 tragedy may have called more attention to the need for corporate network security, companies also should consider the value that these precautions add to their corporate systems. Getgen suggests firms look at security technology as an enabler because once a company adds security to its network, the aim is to get a higher return on investment for its services.

But added value or not, in today's world, network security is a necessity for every corporation.  

 
Sponsors
|    Home    |    Archives    |    ASP Directory    |    Event Calendar    |    Subscribe    |

Copyright © 2001 Cahners Business Information
Use of this Web site is subject to its Terms of Use
Privacy Policy