Computerworld - I'm still chasing down rogue wireless LAN access points (AP), but this week I've got bigger issues to deal with as my company integrates recent acquisitions into the IT infrastructure.
Before leaving the WLAN security saga, however, I should share one caveat I discovered: If you're using Net-Stumbler or a similar program to try to detect illegal wireless APs in your organization, understand that the MAC address you detect with these products is the radio address, not the LAN MAC address. Without the latter, it's difficult to trace rogue APs back to their source.
Merger Insecurities
My company grew from a few hundred employees to several thousand in a very short time - mainly through a series of mergers and acquisitions. We then had to quickly integrate these companies' IT infrastructures into ours.
Issues such as differences in the configurations and software have been a cause of great frustration during the integration process. It's scary when, due to a business decision, one is forced to configure a trusted relationship with an unknown entity.
Every time we absorb another company's infrastructure, methodologies and culture, we have to make a decision: Is it better to change its systems and ways of doing things to match ours, or to administer and manage its infrastructure per the company's established procedures?
That decision, in turn, affects the way the security infrastructure operates. For example, we have our intrusion-detection systems (IDS) tuned to monitor our existing network traffic based on a painstaking process of monitoring traffic and attributing suspicious activity to a valid incident or to normal network/application behavior. Tuning an IDS is a complicated and time-consuming process in itself. And just when we think we've got our IDS tuned to a state of quiescence, we go and set up a new circuit between our company and another acquisition.
After we establish a relationship between our network and that of the new company, we send an IDS sensor out to each new location. Then we end up starting almost from the beginning, figuring out what traffic is legitimate, marking it to prevent false positives, tracking down a new group of engineers and administrators to find out what's what, and tuning the IDS sensors appropriately.
With all this going on, I'm uncomfortable trusting our IDS to detect every successful hack. We have continuing challenges with false positives, false negatives, event correlation, incident response, IDS tuning and proper placement of IDS sensors in the new infrastructure. And with new application-level attacks on the rise, I'm not sure we
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
