Handheld devices are now owned by many people who use it for business purposes, which makes companies more susceptible to wireless security problems. In your opinion, what is a good approach in writing a wireless and handheld device usage policy for a corporate network?

This very much depends on the level of security required. As I said above, if the wireless connection is seen as being as insecure as an internet connection and extra levels of security, such as VPN's are used to secure access to the corporate network via the wireless LAN then data will be as safe as your corporate network. The use of mandatory passwords on handheld devices improves the security of the devices themselves.

Do you see Wardriving as an extensive problem?

Successful Wardriving results in two issues - illegal use of your internet connection or access to corporate information. If the policy above is followed then only the former issue affects you (assuming your corporate LAN is well protected from the internet). This is a far smaller problem than the latter.


Wireless security is subject to interference and therefore to Denial of Service attacks. What can be done to protect from such attacks?

It depends where the Wireless LAN is. If it's on a campus then a very strong and localizable signal would be required. While you couldn't feasibly stop it, it would be reasonably easy to localize the signal and stop it. The same issue faces other wireless networks such as GSM and is not a major issue as far as we are aware.

What is your vision for the future of wireless security?

We believe that 802.1X will improve wireless security by enabling much more secure authentication. However we also believe that a wireless connection will never be as secure as a cabled one by it's very nature so we expect corporates with extremely sensitive information to treat it with caution. The risk / reward equation will be one for each company to assess.