Wireless LANs can leave gaping holes in corporate networks

THE RAPID UPTAKE OF Wireless Local Area Networks has created potential gaping holes in corporate IT security, and many users seem unaware of the latest solutions now available to solve the problem, claims a UK-based IT troubleshooting firm, Advance Seven.

"WLAN is here to stay and will become increasingly popular," says Advance Seven MD Paul Offord. "The consequence is that anyone with a laptop, a network connection at their desk and only a little computing knowledge, can put up a WLAN in minutes. Their IT department might not even know it was there. The result is a serious corporate security threat that appears to be unadressed by a significant number of organisations - largely through unawareness of the technology available to solve the problem".

Offord suggest three basic remedies, the first being to define WLAN policy, outlining procedures for changing network names and passwords from default values, enabling encryption and encryption key changes.

"The second, says Offord, “limits association with WLAN access points to known MAC addresses, and establishes a firewall between access points and a corporate network - to limit general access and avoid the advertisement of services".

Offord points to US research suggesting that, for example, hostile monitoring “from up to 20 miles has been achieved using high-gain directional antennae, and detection, monitoring and detailed analysis can be easily achieved at car speeds of up to 55 mph".

He suggests "lazy users" that opt for out-of-the-box default settings are often to blame for leaving networks vulnerable. One study, he says, "detected that around 60 per cent of WLANs could be detected using vendor defaults - enabling easy data trespass".

He added that in 85 per cent of WLANs detected, no WEP encryption is used at all. And, "where WEP was used, a seven per cent of users employed the vendor's default WEP/encryption key," he said, Flabbergasted. µ

L'INQ
www.advance7.co.uk/WLAN-Security.htm