Companies still fighting rogue WLANs

[InfoSec News <isn () c4i org>]

http://www.computerworld.com/securitytopics/security/story/0,10801,81026,00.html

By BOB BREWIN 
MAY 07, 2003
Computerworld 

PALM DESERT, Calif. -- Enterprises continue to battle the installation
of unauthorized, or rogue, wireless LAN access points (AP) on
corporate networks by employees who install the increasingly cheap
devices unmindful of the security risks, according to speakers here
today at Computerworld's Mobile and Wireless Conference.

Tom Dillon, manager for mobile and wireless at Hilton Hotels Corp. in
Beverly Hills, Calif., said the management of a Hilton hotel he
recently visited assured him that the property's network had in
operation only six authorized WLAN APs. Dillon said he fired up
sniffer software and quickly detected 15 APs at the hotel, which he
declined to identify.

That, he said, clearly illustrates the continued proliferation of
rogue APs, which he said IT managers need to battle with strict
policies. He also called on companies to institute strong
authentication policies to ensure that only authorized users can gain
access to wireless networks carrying sensitive business information.  
That's absolutely necessary, he said, for businesses such as hotels
that operate both public and private WLANs in the same space.

He also said enterprises need to govern the use of WLAN client
devices, which can be used in an insecure mode on home or
public-access WLAN systems. He said Hilton now requires that WLAN
clients, such as cards in laptop computers, be disabled when the
laptop is connected to the wired enterprise LAN to prevent injection
of Trojan horses picked up when the laptop was hooked up to a home
network.

Joe Przeporia, an IT manager at Cargill Inc. in Wayzatya, Minn., said
his company's many business units, including manufacturing plants, use
such a variety of WLAN and fixed wireless technologies "that we are
not [yet] equipped with it at a corporate level." But, Przeporia said,
Cargill has started to develop high-level corporate policies to deal
with WLAN security, including rogue access points.

Overall, WLAN use and security policies will remain a paramount
concern for business as high-speed, over-the-air network systems
continue to gain market share. Gartner Inc. in Stamford, Conn.  
estimates that sales of WLAN chip sets (used in both APs and client
devices) totaled 18 million units in 2002, and it predicts that sales
will hit 50 million units by 2006.

Richard Stone, mobility solutions manager for the HP Americas division
of Hewlett-Packard Co., said his company has scrambled to come up with
policies governing the use of HP wireless networks by guests visiting
company facilities. The policy includes subjecting guest users on HP
WLAN networks to the same Internet filtering policies applied to HP
users for "moral and legal reasons."

Allan Thompson, CEO of Senforce Technologies Inc. in Cupertino,
Calif., said his company has developed "location-aware" security
software that automatically configures security settings to protect
wireless PC users from unauthorized access to vulnerable, confidential
data on mobile devices when they use public-access WLAN "hot spots."

Dave Sankey, director for process and technology development at Sears,
Roebuck and Co., said his company has added software to the 10,000
WLAN-equipped notebook computers it has fielded to its service
technicians that blocks them from using public-access hot spots.  
Sankey said Sears intends to install private hot spots at company
stores and facilities so technicians can access training materials.




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.