IT is compromising your security

If there is such a thing as the sexy side of corporate IT connectivity then the wireless local area network (WLAN) is it. WLANs network hundreds of users in warehouse and large office environments by using radio waves instead of wires. Signals are transmitted to wireless network cards installed in PCs and laptops.

There are currently around 60,000 WLANs installed in Europe. They connect just under 2 million users – mainly in large vertical markets such as retailing, warehousing and education, where their flexibility and scalability makes them more cost-effective than a wired network. A new report* by consultants Frost & Sullivan reveals the world-wide market for wireless networks was about $1bn in 2000 and is expected to break $4bn by 2005.

Unfortunately, the radio frequency of 2.4GHz that WLANs operate at generates some risible technical hitches. Remote control garage doors, some industrial equipment and Bluetooth, the wireless technology that connects devices to one another, are all liable to interfere with the WLAN frequency. And there’s also bad news for the office kitchen – if you have a WLAN you can’t have a microwave in the building. (Although, if you believe the health scares, leaving your ready-meal next to a WLAN transmitter might heat it anyway.)

But the main problem for corporate users of wireless technology is security. The use of radio waves means your data isn’t contained by physical barriers such as office walls. And, as a WLAN signal carries for about 200 metres, anyone with a laptop can sit on a bench outside a building or in the car park and tap into unsecured network transmissions. If the hacker targets a congested business centre such as the City he potentially has access to hundreds of networks from one location.

This problem was recently demonstrated by “ethical” hackers from IT security consultant Orthus, who picked up signals from 124 corporate WLANs in the capital. And while many WLANs in the City had security measures in place, 48 of the companies were transmitting unencrypted signals – even some large financial institutions were exposed.

One of the main reasons for such lapses is a lack of ownership of the wireless network within a company. Often, IT consultants leave a company after the WLAN build-out and internal IT departments do not proactively take control of security. Simple solutions, such as turning on built-in security measures, which are mainly set to “off” as default, will secure a network. Further measures, such as virtual private networks (VPNs), which make a secure link between the client device and server, may also be needed. Currently only a third of the WLANs in Europe are protected this way (see graph, left).

But wireless technology is still pie in the sky for many finance directors. And, until WLANs really take off, FDs should note that IT security is more likely to be damaged from a source within their organisation than by a cybercriminal in the car park. Mobile networking is helping viruses spread, and the viruses themselves are becoming more efficient. So-called “semantic” viruses and “blended threats” attack systems through a variety of routes and, once in, infect all devices and drives.

Users who have access to networks from their home PC are also a security headache for systems administrators, as home users’ anti-virus software is unregulated and often out of date.

But PDAs are the biggest growth area for network security breaches. Staff synchronising mail between their PC and Psion Revo or Handspring Visor risk uploading all sorts of beasties onto the network, as portable devices currently have no in-built security. Meanwhile the increased capacity of portable devices means employees can download and walk away with 250Mb of company data a day without your knowledge.

The key to keeping such threats under control rests with corporate IT policy. No longer is it acceptable to cover only pornography and personal email. Stringent measures are needed to determine exactly what devices employees can connect to the network and how much downloaded company data constitutes theft. Making sure machines are regularly cleaned of viruses may help, too. You don’t want to have to make an embarrassing call to systems when you crash the network trying to download your KPIs onto that PDA you got for Christmas, do you?

* Frost & Sullivan’s wireless security study is available at www.frost.com

Wireless security to boom

IT consultant Frost & Sullivan, predicts in its recent report on wireless security that security vendors will see a dramatic increase in business over the next five years. It says that the European wireless security market will grow from $99.6m in 2001 to $793.9m in 2005 at a CAGR of 51.5%.

This represents a much higher growth rate average than in the standard IT security market. Frost & Sullivan put this down partly to the lack of ownership of the security issue within companies that use wireless networks and high instances of inadequacies in companies’ security systems.