WLAN Security Still Vexes IT

Computerworld - PALM DESERT, Calif. -- Corporate IT managers continue to grapple with wireless LAN security issues, including the battle against the installation of unauthorized WLAN access points by employees who are unmindful of the risks such links can pose.
That was the theme repeated last week by many attendees at Computerworld's inaugural Mobile & Wireless World conference here. About 200 high-level IT executives attended the event.
Tom Dillon, manager of mobile and wireless technology at Hilton Hotels Corp. in Beverly Hills, Calif., said the manager of a Hilton hotel he recently visited assured him that the property's network had only six authorized WLAN APs in operation. Dillon said he fired up network sniffer software to check the actual number of APs -- and quickly detected a total of 15.
That example clearly illustrates the continued proliferation of rogue APs, he noted. Dillon said IT managers need to fight back by setting and enforcing strict policies against unauthorized WLAN devices. He also recommended that companies institute tough end-user authentication systems to ensure that only legitimate users can gain access to wireless networks set up to transmit sensitive business information.
In addition, Dillon said companies need to set rules governing the use of WLAN client devices, which can be operated on home or public-access WLAN systems that lack stringent security controls. For example, Hilton now requires that WLAN cards in laptop PCs be disabled when the systems are connected to the company's wired LANs to prevent viruses or Trojan horses from being injected into the networks.
In a similar vein, IT staffers at Sears, Roebuck and Co. have added software to the 10,000 WLAN-equipped notebook PCs distributed to the retailer's field service technicians that blocks them from using public-access hot spots, said Dave Sankey, director of process and technology development at Sears. He added that Sears plans to install private WLAN hot spots at stores and other company facilities so technicians can access training materials.
Growing Concern
The need to better secure WLANs is expected to remain a paramount concern for IT managers as the use of high-speed, over-the-air networks continues to expand. Gartner Inc. in Stamford, Conn., estimates that shipments of WLAN chip sets used in both APs and client devices totaled 18 million units last year and predicts that the figure will hit 50 million by 2006.
Joe Przeporia, an IT manager at agricultural products conglomerate Cargill Inc. in Wayzata, Minn., said the company's numerous business units use such a wide variety of WLAN and fixed wireless technologies "that we are