[ISN] Companies still fighting rogue WLANs

From: InfoSec News (isnat_private)
Date: Thu May 08 2003 - 04:01:10 PDT

  • Next message: InfoSec News: "RE: [ISN] [defaced-commentary] ISS Defaced"

    http://www.computerworld.com/securitytopics/security/story/0,10801,81026,00.html
    
    By BOB BREWIN 
    MAY 07, 2003
    Computerworld 
    
    PALM DESERT, Calif. -- Enterprises continue to battle the installation
    of unauthorized, or rogue, wireless LAN access points (AP) on
    corporate networks by employees who install the increasingly cheap
    devices unmindful of the security risks, according to speakers here
    today at Computerworld's Mobile and Wireless Conference.
    
    Tom Dillon, manager for mobile and wireless at Hilton Hotels Corp. in
    Beverly Hills, Calif., said the management of a Hilton hotel he
    recently visited assured him that the property's network had in
    operation only six authorized WLAN APs. Dillon said he fired up
    sniffer software and quickly detected 15 APs at the hotel, which he
    declined to identify.
    
    That, he said, clearly illustrates the continued proliferation of
    rogue APs, which he said IT managers need to battle with strict
    policies. He also called on companies to institute strong
    authentication policies to ensure that only authorized users can gain
    access to wireless networks carrying sensitive business information.  
    That's absolutely necessary, he said, for businesses such as hotels
    that operate both public and private WLANs in the same space.
    
    He also said enterprises need to govern the use of WLAN client
    devices, which can be used in an insecure mode on home or
    public-access WLAN systems. He said Hilton now requires that WLAN
    clients, such as cards in laptop computers, be disabled when the
    laptop is connected to the wired enterprise LAN to prevent injection
    of Trojan horses picked up when the laptop was hooked up to a home
    network.
    
    Joe Przeporia, an IT manager at Cargill Inc. in Wayzatya, Minn., said
    his company's many business units, including manufacturing plants, use
    such a variety of WLAN and fixed wireless technologies "that we are
    not [yet] equipped with it at a corporate level." But, Przeporia said,
    Cargill has started to develop high-level corporate policies to deal
    with WLAN security, including rogue access points.
    
    Overall, WLAN use and security policies will remain a paramount
    concern for business as high-speed, over-the-air network systems
    continue to gain market share. Gartner Inc. in Stamford, Conn.  
    estimates that sales of WLAN chip sets (used in both APs and client
    devices) totaled 18 million units in 2002, and it predicts that sales
    will hit 50 million units by 2006.
    
    Richard Stone, mobility solutions manager for the HP Americas division
    of Hewlett-Packard Co., said his company has scrambled to come up with
    policies governing the use of HP wireless networks by guests visiting
    company facilities. The policy includes subjecting guest users on HP
    WLAN networks to the same Internet filtering policies applied to HP
    users for "moral and legal reasons."
    
    Allan Thompson, CEO of Senforce Technologies Inc. in Cupertino,
    Calif., said his company has developed "location-aware" security
    software that automatically configures security settings to protect
    wireless PC users from unauthorized access to vulnerable, confidential
    data on mobile devices when they use public-access WLAN "hot spots."
    
    Dave Sankey, director for process and technology development at Sears,
    Roebuck and Co., said his company has added software to the 10,000
    WLAN-equipped notebook computers it has fielded to its service
    technicians that blocks them from using public-access hot spots.  
    Sankey said Sears intends to install private hot spots at company
    stores and facilities so technicians can access training materials.
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu May 08 2003 - 06:03:19 PDT