Nets exposed by 'rogue' threats

Computerworld - Unauthorized wireless LAN access points that are being surreptitiously installed on corporate networks pose a dangerous and little understood security threat to companies, users and analysts warned last week.

Called "rogue APs," these access points are usually installed without the knowledge of the IT department by employees or branch office and plant managers who want the mobile convenience provided by 802.11b, or Wi-Fi, wireless LANs. But even technology vendors agreed that when this happens, easily exploitable holes are opened in wired networks.

Delphi Corp. is one user that takes the threat seriously. According to Chuck Maiorana, Delphi's director of communications engineering, the Troy, Mich.-based manufacturer of automotive electronic components and systems routinely "sniffs" its facilities in an attempt to detect rogue APs.

"We do drive around our buildings and see what we can sniff out," Maiorana said. "If we find one, we shut it down."

That puts Delphi way ahead of many corporations, said Chris Kozup, an analyst at Meta Group Inc. in Stamford, Conn.

Kozup said many companies aren't aware of the security problems inherent in unauthorized wireless devices, which are usually installed without any kind of security. But once alerted to the issue, large enterprises that conduct wireless LAN audits find as "many as 10 to 20 rogue APs connected to a network," he said.

The rogue APs discovered by Kozup's clients so far have been installed by employees of the companies, but he said IT managers also need to be aware of the threat of "malicious" rogue APs that could be installed by outsiders.

Brian Grimm, a spokesman for the Wireless Ethernet Compatibility Alliance trade group in Mountain View, Calif., estimated that technology vendors ship about 300,000 wireless LAN access points to users each month.

Bob Black, a corporate systems engineer at networking equipment vendor Avaya Inc. in Basking Ridge, N.J., said he thinks that up to 5% of those devices, or 15,000 per month, could end up as rogue APs.

Thor Sigvaldason, director of the advanced technology group at New York-based PricewaterhouseCoopers' PWC Consulting division, said, "Any company with 50 or more employees has a pretty good chance" of having undetected rogue APs on its internal networks.

Sigvaldason said the proliferation of rogue APs has been spawned by the low cost of the devices—$200—along with their ease of installation. "The problem is going to get worse before it gets better, as prices come down," he said. "They're brain-dead easy to install."

Both Kozup and Sigvaldason said deterring the installation of rogue APs must start with establishing unambiguous policies against their use, including the threat that employees will be terminated.