When it comes to wireless technology, concern about security is well-founded, according to Nicholas Miller, president of Cirond Corp., a San Jose, Calif.-based wireless security provider.That's because two major security risks associated with wireless laptops have the potential to severely compromise wired networks, he says. "One is people buying their own access points and plugging them into the corporate network, and the other is people plugging laptops into the corporate network while accidentally leaving the wireless access on."
Wireless bay stations are so inexpensive now-as little as $40 apiece-people are buying their own access points and bringing them to work, Miller says. The problem is: "When they plug them into the network port in their cubicle, they've just blown a hole in the side of the network," he says. "That access point is now broadcasting the network connection out into the parking lot where it can be accessed by anybody driving by with a laptop computer."
Even more alarming, however, is the possibility that employees will compromise the security of the corporate network with no idea that they've done so -by accidentally leaving a wireless computer on in "ad hoc" mode, he says.
People can establish peer-to-peer networks without using a bay station by selecting the "ad hoc" setting on their wireless laptops, Miller explains. It's a useful feature, because it enables employees to meet in an airline lounge, for example, and work on a proposal together. "They just turn on their wireless laptops, put them in 'ad hoc' mode, and they instantly have a network where they can work collaboratively," he says.
But imagine if those employees forget to turn off the wireless connection, he says. "When they go into the office and plug the laptop into the network, and enter their user name and password, they've just established a freeway for anyone in the vicinity into the heart of the corporate network."
To protect themselves, insurers should adopt clear policies that prohibit employees from plugging their own access points into the corporate network, as well as requiring them to turn off the wireless 'ad hoc' feature before connecting to the network, according to Miller. In addition, he says, insurers should implement technology that detects and locates rogue wireless devices.
Today, there are about 60 million wireless devices in use and about 2.5 million more are shipped every month, Miller notes. Eventually, every laptop will have wireless built into it-a growing challenge to the security of conventional networks, he says.
"This technology will literally take a wide Ethernet port and broadcast it out into the parking lot. If you're a network administrator or a chief security officer, that has to make your hair stand up."
