Everyone says the security problem is solved. I don't disagree, but security being what it is, where should we watch for the next surprise?
Q: Everyone says the [wireless] security problem is solved. I don't disagree, but security being what it is, where should we watch for the next surprise? - Grant, Chicago
The Wizards ponder your question and conjure up their answer:
Seth Goldhammer, Roving Planet
Everyone's definition of security has not always been the same. When Wi-fi was introduced to a more mainstream audience and vulnerabilities with WEP were discovered, over-the-air (OTA) encryption became the security focus.
Now we have various ways to protect OTA traffic, using Wi-Fi Protected Access (WPA) with rotating keys, or VPN, and later 802.11i, etc. Last year, rogue access points seemed to be the security focus, where IT administrators were fighting their own employees bringing in cheap home-user access points and creating open holes into the network. Now there are both wireless and wired technologies to scan for rogue access points. This year, IT administrators have been focused on protecting their networks from virus, worms, Trojan horses, etc. being introduced to the network through wireless users. Now there are solutions on the market to help address these solutions to block access until operating system and anti-virus patches can be enforced.
Because most sites do not have a single type of user or a single type of device, but rather multiple kinds of users and wireless devices, administrators need to be able to implement a system that offers multiple layers of security that can be made appropriate for each type of device or user. This way, security is not simplified to the "lowest common denominator," but flexible policies protect at the appropriate level throughout the network.
Because of Sarbanes-Oxley and other accounting regulations, having the ability to provide detailed audit tracking of wireless network usage may be the next surprise.
Albert Lew, Legra Systems
The success in wireless security means that securing the wireless part of the network is now a checkbox that can be marked off as part of the security process. The next surprise may come from securing wired networks and physical assets. As wireless networks become more secure, practitioners of corporate intellectual property espionage may find it to be easier and more profitable to gain access to mission-critical data by stealing laptops and tapping into wired networks, which are actually less secure than wireless networks at this point. After all, how many enterprises do you know that have actually implemented 802.1x port-based access control for all their wired access ports? Probably very few. There are many more enterprises that have implemented 802.1x for the wireless networks, which just serves to underscore the existing vulnerability. Security - both the establishment and the breaking of - is a process, and at this point, the wireless LAN is no longer the easiest path into most corporate networks.