×

SUBSCRIBE TO TMCnet
TMCnet - World's Largest Communications and Technology Community

CHANNEL BY TOPICS


QUICK LINKS




 
WiFi Revolution

Wifi Revolution


Featured Article » WiFi Revolution home

December 11, 2006

Keeping Wireless Safe: Six Tips from AirDefense

By Mae Kowalke, TMCnet Associate Editor

Wireless Internet access is safe, no matter where or how you access it, right? Wrong.
 
While that may seem rather obvious, keeping data safe without wires can be a complicated matter, especially when corporate employees have the opportunity to use unsecured wireless networks while surfing the Web on laptops containing sensitive information.



 
To learn more about how companies can keep their data safe, and educate their employees about the potential dangers of wireless networks, TMCnet recently spoke with Richard Rushing, Chief Security Officer at AirDefense—a company that specializes in wireless security.
 
Rushing had six tips for companies concerned about employees using non-corporate wireless networks, either at their desks or on the move.
 
1. Think Defensively
 
Wireless signal from a corporate network can leak out into the street, and likewise signal from a municipal WiFi network may be accessible inside a company's building, Rushing noted. To prevent the networks from being compromised, companies need to think defensively.
 
A big part of defenses should be user education, he emphasized. Many users may not be aware that bypassing filters to surf the outside world, as it were, can compromise sensitive information on their computers.
 
“If you're not thinking defenseively, you're not thinking their signal is coming into your airspace,” Rushing said of non-corporate networks.
 
If a company doesn't install solutions that prevent users from accessing non-secure networks in situations where it is dangerous, security may be compromised.
 
2. Use More Security, But Be Smart About It
 
“More” security comes in different flavors, Rushing told TMCnet. The question is whether that security is an acceptable “more.” For example, if you set up an alarm that goes off every time an employee accesses an outside network, it quickly could become tiresome.
 
If the fear is that an end-user with a laptop will open sensitive corporate data to outside access, there are better ways to keep things safe. That's because the level of danger depends on who the users is and what type of information they have.
 
“You want to have reactionary alarms that are meaningful,” Rushing said.
 
An ideal solution also is one that doesn't require much or any human action. One way to prevent uneducated users from compromising info is simply to prevent them from connecting to any network but the corporate network, he noted.
 
The problem with a strictly no-outside-connection solution is that, if a user has a laptop, such restrictions would prevent him or her from getting on the Internet at home. That’s because there are no tools smart enough to know exactly where the laptop is, and if danger is or is not present.
 
In fact, Rushing stressed, the real danger is if the user is simultaneously connected to the corporate network and an outside network. To prevent this situation, a pecking order of sorts is needed—in which, for example, a list of usable networks is compiled that reads “corporate,” “muni,” and “home,” in that order.
 
The idea with the pecking order list, Rushing explained, is that if the corporate network is available, the computer connects to it and no other network. If it's not, the next in line is the muni network. If that's not available, the next in line is the home network.
 
3. Consider the Weakest Link
 
In the context of wireless security here, the weakest link is the laptop computer. That’s because PC security software generally does not address wireless security.
 
“The tools and the security that's available for laptops is designed to protect against other forms of attack that are not wireless,” Rushing told TMCnet.
 
A firewall, for example, is a tool that keeps outside mauraders from connecting to the user's PC. It's equivalent to a door or a doorbell—the person “inside” decides whether or not to let the visitor in.
 
“But wireless attacks are about diversion, not about direct assault,” Rushing added. “They're all about tricking you at the electronic level.”
 
To illustrate this point, he said that a wireless connection is like a mailbox where snail-mail is delivered. You go out of your way, as it were, to make a connection by walking to your mailbox to pick up the mail. But, there's no guarantee that what you'll find in the box is safe or useful.
 
Rushing pointed out that a wireless access point—the equivalent of the mailbox—in some cases is not a real access point, but an evil diversion. In such a situation, standard PC security software won't do much good, because it's designed to take on an attack from an army, not to deal with guerilla warfare.
 
The nature of wireless security makes keeping things safe challenging, because security is left in the hands of the end-user.
 
4. Create and Enforce a Wireless Security Policy
 
The first thing companies need to do is create a written access policy, Rushing advised.
“Without it in writing, people just don't listen,” he said.
 
Once the policy is in place, it needs to be enforced. “You have to be able to monitor for the exception,” he said. “Just writing a policy isn’t enough.”
 
Monitoring, he noted, can be done with software, or by having someone walk through the building and check up on users. A combination of both methods is most effective. Old fashioned human monitoring isn't nice, but it is necessary and it does help solve security problems.
 
On the other hand, Rushing cautioned, it is important not to make the monitoring and restrictions too stringent. If corporate wireless is too hard to use, employees will find some other way to get on the Internet.
 
5. Educate Users
 
The best way to enforce a strict no-outside-connection policy is to educate users about the dangers of unsecured wireless networks. Company higher-ups should regularly be checking in with employees, monitoring how they use their computers, and teaching skills to make users safer.
 
This type of proactive approach, Rushing noted, can uncover security problems that are not directly wireless related, such a disabled firewall.
 
6. Install Wireless LAN Intrusion (News - Alert) Prevention Software
 
To achieve optimal security, Rushing advised using a software solution—like AirDefense’s enterprise network monitoring solution, which lives on the corporate server and monitors network access actions on laptops. A free, client-side personal agent application can be installed on each laptop, which syncs up with the server software.
 
Rushing explained that AirDefense’s solution is ideal for a company that wants to control the pecking order of network access, as discussed earlier. The solution allows the company to set access policies, and the monitor the airwaves to see what each laptop is doing.
 
Related Articles
Mae Kowalke previously wrote for Cleveland Magazine in Ohio and The Burlington Free Press in Vermont. To see more of her articles, please visit Mae Kowalke’s columnist page. Also check out her Wireless Mobility blog.


 







Technology Marketing Corporation

2 Trap Falls Road Suite 106, Shelton, CT 06484 USA
Ph: +1-203-852-6800, 800-243-6002

General comments: [email protected].
Comments about this site: [email protected].

STAY CURRENT YOUR WAY

© 2024 Technology Marketing Corporation. All rights reserved | Privacy Policy