Companies still fighting rogue WLANs

Computerworld - PALM DESERT, Calif. -- Enterprises continue to battle the installation of unauthorized, or rogue, wireless LAN access points (AP) on corporate networks by employees who install the increasingly cheap devices unmindful of the security risks, according to speakers here today at Computerworld's Mobile and Wireless Conference.
Tom Dillon, manager for mobile and wireless at Hilton Hotels Corp. in Beverly Hills, Calif., said the management of a Hilton hotel he recently visited assured him that the property's network had in operation only six authorized WLAN APs. Dillon said he fired up sniffer software and quickly detected 15 APs at the hotel, which he declined to identify.
Of those 15, some came from guests at the hotel and others were bleed throughs from neighboring buildings.
That, he said, clearly illustrates the continued proliferation of rogue APs, which he said IT managers need to battle with strict policies. He also called on companies to institute strong authentication policies to ensure that only authorized users can gain access to wireless networks carrying sensitive business information. That's absolutely necessary, he said, for businesses such as hotels that operate both public and private WLANs in the same space.
He also said enterprises need to govern the use of WLAN client devices, which can be used in an insecure mode on home or public-access WLAN systems. He said Hilton now requires that WLAN clients, such as cards in laptop computers, be disabled when the laptop is connected to the wired enterprise LAN to prevent injection of Trojan horses picked up when the laptop was hooked up to a home network.
Joe Przeporia, an IT manager at Cargill Inc. in Wayzata, Minn., said his company's many business units, including manufacturing plants, use such a variety of WLAN and fixed wireless technologies "that we are not [yet] equipped with it at a corporate level." But, Przeporia said, Cargill has started to develop high-level corporate policies to deal with WLAN security, including rogue access points.
Overall, WLAN use and security policies will remain a paramount concern for business as high-speed, over-the-air network systems continue to gain market share. Gartner Inc. in Stamford, Conn. estimates that sales of WLAN chip sets (used in both APs and client devices) totaled 18 million units in 2002, and it predicts that sales will hit 50 million units by 2006.
Richard Stone, mobility solutions manager for the HP Americas division of Hewlett-Packard Co., said his company has scrambled to come up with policies governing the use of HP wireless networks by guests visiting company facilities.