CHICAGO -- Have you been dreading wireless applications in your shop? Do users want it, but you have concerns about
securing the technology?
"End users love it. CEOs love it," said John Pescatore, vice president and research director, Gartner at the firm's Information Security Conference last week. "You just can't say no to it."
IT people should think of wireless users much like remote workers. Both ends of the transmission need to be secured. For example, a personal firewall should be installed on the device. A lot of attention is paid to scrambling the message, but security on the device side is just as important, Pescatore said.
For example, proper antivirus protection is needed on the desktop that syncs with a wireless device such as a PDA. "You need to focus on getting the virus before it gets to the device," he said.
Gartner estimates 85% of wireless security incidents during the next few years will be device-related rather than intercepted over the air.
All wireless devices are not created equal (or have the same security requirements). Gartner predicts at least half of Fortune 2000 companies will support three wireless access technologies by 2004. Wireless users range from Bluetooth devices to local area networks (LANs) to wide area networks (WANs).
Recently, wireless LANs have exploded. Standards in this arena is important. Yet users should be wary of the first generation of wireless standards. The focus on these releases is getting on the market quickly, and not security, Pescatore said.
For example, the Wired Equivalent Privacy (WEP) standard for 802.11 LANs has weak encryption, he said. Gartner recommends users put access points in their DMZ to provide isolated security. At least through early next year, users of wireless LAN should run VPN connections, Pescatore said.
A good alternative would be to use Web-based applications accessed through a Secured Socket Layer (SSL) connection, Pescatore said. Opening VPN connections to your main systems can be hazardous if someone gains control of them. SSL connections provide sound protection for data in transit. Additionally, they are easier to manage because client side applications don't need to be installed on every desktop.
Keeping network access points secure is a major concern for users of wireless LANs. Access points with weak authentication are a threat. So are "rogue," or undocumented, access points. Users should literally walk the perimeter of the network with a sniffer device at least once a month, Pescatore recommends. Tools are also coming along that will allow users to check such information without having to sniff the perimeter.
Public LANs are risky areas as they offer limited security. In many cases, connecting to such a network is like connecting directly to the Internet with limited protection, Pescatore said.
Bluetooth devices are pretty much an alternative to wires since they have such short ranges, Pescatore said. They transfer data at a relatively low speed (under one Mbps). The technology is more for point-to-point connections (as an alternative to USB) rather than for networking per se. At this time, there aren't the technology is more consumer focused as the devices are supposed to be inexpensive. "It doesn't leave a lot of room for security," he said.