Skip the navigation

Rogue Access Point Leads to Embarrassment

An unauthorized and undetected wireless access point lets a visitor into the corporate LAN.

By Mathias Thurman
November 3, 2003 12:00 PM ET

Computerworld - My company is now down one employee. The person I wrote about last time , who authorities suspected was using his workstation to trade child pornography, was escorted from the premises last week.
Since receiving the search warrant that led to his dismissal, I haven't heard anything from the investigators, but I'm sure the guy is in big trouble. We had a chance to analyze the image of his hard drive, and there were extensive directories with different categories of porn. Not that you'd notice unless you opened the files: He had saved almost all of the images with innocuous-sounding file names. I'm sure this was done to bypass our filters, which detect files that have words related to pornography. I don't think my company will suffer any loss as a result of this guy's departure, as he seems to have spent most of his time at work on his illicit collection.
Surprise Guest
This week I received a message from a friend of mine who works for a vendor my company uses. He suggested that my security team and I review our wireless policy, because he was able to connect to our corporate intranet via an open wireless access point while visiting another department recently. This was both surprising and embarrassing, since we have established a policy on wireless LAN use and thought we had rooted out problem devices months ago.
I called my friend, and he said he had been visiting one of our software development centers to give a demonstration of his company's debugging software when he noticed a problem. During the presentation, his personal firewall started popping up messages, asking for permission to allow connections to the Internet.
But he wasn't physically attached to the network and was in the middle of giving a PowerPoint presentation. After the meeting, he did some checking and noticed that his laptop's integrated WLAN adapter had automatically connected to an access point in our facility. The Service Set Identifier code on that access point was set to the default name "default" with no encryption enabled, so he had unfettered access to our corporate intranet.
My team and I try to be proactive in monitoring for these problems. We use the AirWave Management Platform from AirWave Wireless Inc. in San Mateo, Calif., in combination with access points from 3e Technologies International Inc. in Rockville, Md., to scan for rogue devices. But we use it only at our corporate headquarters. We don't have the budget to purchase this infrastructure for remote offices such as the software development center.
I



Our Commenting Policies