• United States

ComNet attendees focus on wireless security

Feb 03, 20033 mins
Network Security

Wireless networks were a hot topic of conversation at last week’s ComNet Conference & Expo, which featured 10 sessions devoted to everything from wireless LAN security to 3G’s viability.

Wireless networks were a hot topic of conversation at last week’s ComNet Conference & Expo, which featured 10 sessions devoted to everything from wireless LAN security to 3G‘s viability.

On the wireless LAN side, sessions focused on the security flaws inherent in the 802.11b specification. The IEEE is drafting a new standard that will fix security holes that create vulnerabilities in 802.11b networks with 802.11i. But this specification is not expected to become final until later this year.

Industry experts in one session had some advice for users who have or want to deploy a wireless LAN: Take a “layered” approach to security. Discovery and vulnerability assessment, access-point security including media access control filtering, user authentication and encryption, security policy enforcement and intrusion detection must all be in place to secure a wireless network, says Fred Tanzella, CTO at intrusion-detection vendor AirDefense.

Tanzella said rogue access points or physical thefts are common risks.

“Your best employee could be your biggest security risk,” he said.

An eager employee who installs a wireless router in his home to work more efficiently after-hours is opening an unprotected hole on the corporate network, he said.

And if a disgruntled employee or activist is targeting a company, physical theft of a laptop or PDA is just as possible as a random hacker trying to access your wireless LAN.

Industry experts agreed that all users should have the ad hoc network option turned off when setting up their wireless LAN cards. If left on, other wireless users could use the device as an access point. They also recommended that businesses that deploy a companywide wireless LAN use VPN security such as IP Security for encryption and authentication.

While one attendee found this session useful, she says she would have liked to have heard more about wireless LANs.

“I was looking for real-world solutions to assist with running my business better,” says Mary Stadelbacher, president of computer consulting company Pionus Creations in Salisbury, Md. “I wanted to hear more about new implementations of 802.11, products, security, troubleshooting tips. Whatever would give me a good [return on investment] of my time and would benefit my clients the most.”

With the promise of much faster data rates, 3G has been hailed as a breakthrough for end users. But full 3G support still isn’t available in most locations and carriers continue to pull in the reigns on 3G network rollouts. AT&T Wireless Services last month scaled back its 3G deployment plans.

The International Telecommunications Union says 3G services should support 144K bit/sec mobile rates, 384K bit/sec stationary mobile rates and up to 2M bit/sec fixed rates. But analysts at the show agreed these are ideal rates. One user will not see 144K bit/sec, but possibly up to 100K bit/sec.

While it’s not clear if 3G will provide the wireless infrastructure to offer business and consumer users a data experience similar to their desktops, it is clear that the carriers already have invested too much in the technology to turn back now.