Most IT managers should have got their heads around the obvious security issues thrown up by the Internet but now there's a new challenge: wireless. Wire-free networking offers a lot of flexibility but without proper handling there's a very real chance that company secrets can literally disappear out of the nearest window.
WLANs are spreading fast, starting with booming sales in the consumer and small-business sectors and now edging into even the most conservative of enterprises. This is partly because WLAN equipment and services based on the Wi-Fi standard are cheap and increasingly ubiquitous outside the workplace. Research firm IDC says 55,000 new Wi-Fi hot spots, or public access points, will be installed in the next five years in the US alone. More than half of business notebook PCs are expected to arrive Wi-Fi-ready by the end of this year, according to Gartner. Intel has announced it will integrate Wi-Fi into PC chipsets, potentially turning any desktop machine into an unsecured access point.
In this climate, the possibility that some careless employee will set up a wireless access point in the office, most likely neglecting to switch on any sort of security, is becoming increasing likely. Far from ignoring wireless, most UK firms are actively investigating it, with half of the respondents to a recent survey saying they planned to invest in wireless equipment in the next 12 months. But only 21 percent said they had a strategy for deploying wireless -- a key error. Industry analyst Gartner has noticed the same trend. "In our conversations with enterprise clients, a big problem has been they didn't have a strategy on WLAN," Gartner analyst Ian Keene says. "That's leaving them open to all sorts of security breaches."
The resulting situation, to go by security experts' accounts, is more than a little chaotic. Last autumn a wireless LAN security software vendor called AirDefense drove around in Atlanta, Chicago and San Francisco, finding that 57 percent of the access points they stumbled across weren't using any form of data encryption, not an atypical experience. "If you drive down a major street in a major city like London with an AirMagnet (WLAN sniffer) turned on in your car, you'll come across an unsecured access point three or four times in every block," says AirMagnet vice president of marketing Richard Mironov.
On the other hand, this isn't bad news for enterprises just getting to grips with wireless: it means a few basic measures will probably be enough to discourage all but the most persistent attackers. "If you turn on security, someone who's not specifically targeting your company can find other places to break into," Mironov says.
