July 14, 2003 (Computerworld) --
Intel Corp.'s recent Centrino announcement marks a new phase in mobile computing, including a strong emphasis on the 802.11 wireless LAN standard for enterprises.
Embedding WLAN chip sets into Microsoft XP-based machines that detect 802.11 networks will dramatically change the way workers use corporate networks. But it will also change the way users can access someone else's wireless networks.
Thus, rapid WLAN adoption presents serious security challenges for enterprise IT professionals. In a traditional wired network, every laptop accesses the network through a designated port. With a WLAN, it's impossible to determine where the user or network equipment actually resides.
In a WLAN environment, it's possible for unauthorized clients or devices to access the network because any compliant 802.11 network interface card can associate with the network. Furthermore, network access can be broadcast to anyone within range of the signal without the systems administrator's knowledge. This is accomplished through the use of any off-the-shelf access point or router attached to an open network port. And although network bandwidth and performance is saturated, administrators may not be able to identify who is downloading large audio or video files.
Here are some common -- yet unpredictable -- security breaches that can occur in a corporate campus setting:
Rogue access point: A user plugs an off-the-shelf access point into a wired network port, thus broadcasting corporate network access to anyone with an 802.11-based device.
Ad hoc mode: A user turns the wireless access from his network card in a laptop into ad hoc mode -- purposely or mistakenly. In both cases, the user is authenticated for network access and creates a gateway to his system as well as to the network he's connected to.
Connection hijacking: A hijacker plugs an access point into his laptop. The access point has Dynamic Host Configuration Protocol bridging but no Wired Equivalent Privacy capabilities turned on. Users on the wired network connect wirelessly to this access point, thus giving the hijacker access to their systems as well as to the wired network to which they're connected.
Neighborhood nuisance: A user plugs into a wired network jack and uses a standard bridging command to gain both wired and wireless access. His wireless connection associates with a neighboring access point, allowing that neighbor access to the user's computer and network.
These security issues aren't insurmountable. One of the ways they can be remedied is by using a location-enabled network (LEN) system to help beef up corporate network access security. This access can be restricted to offices and cubicle work areas while enabling access in public spaces to the Internet, e-mail and instant messaging. LENs can also provide secure access to external networks in conference rooms and monitor external areas for network activity for security and informational purposes.
This is accomplished by determining the location of any 802.11 device on the network. Based on that information, LENs may grant or deny network access, provide perimeter security to ensure no one gets on the network, provide pinpoint location of hackers before they get on a network and put a "dead stop" to the 802.11 signal.
WLAN adoption presents serious security challenges for today's enterprise IT professionals. But by using LENs, organizations can help protect themselves against unauthorized access to networks. Michael Maggio is president and CEO of Newbury Networks Inc., a supplier of location-enabled networks in Boston.
See results from our survey of more than 5,000 IT pros, and use our Smart Salary Tool to compare your pay with IT workers in similar jobs across the U.S.
See your link here
or
Other Security Stories
See results from our survey of more than 5,000 IT pros, and use our Smart Salary Tool to compare your pay with IT workers in similar jobs across the U.S.
After weathering layoffs or pay cuts, your IT staffers may need some help getting motivated. Try these strategies for employee renewal.
No Windows geek or PC support pro should be without these must-have utilities -- and they're all free.
Get the latest news, features, opinions and more on key technology issues.
Get the latest news, reviews and more about Microsoft's newest desktop operating system.
General Mills, Genentech, San Diego Gas & Electric, University of Pennsylvania and Monsanto top the list.
Computerworld
