Looking Back At Wireless Security In 2003
by Berislav Kucan - Friday, 26 December 2003.
Wireless security is one of the hottest topics in our business. In the article you are just reading, I've tried to cover some of the most interesting wireless security topics and events in 2003. The article is divided into several thematical sections: general overview of the wireless security happenings, look back on some software tools, spotlight of two interesting books, a brief positive rant on corporate security world and a Q&A with three wireless security experts working at Funk Software, AirScanner Corporation and IBM.

General overview

The first news item added to Help Net Security in this year was "Wi-Fi: The National Security Threat". The topic of this news item, was literally copied all over and over throughout the year, so the majority of news stories dissed wireless security. This media "attack" on wire-free network security, eventually lead to a raise in wireless security awareness and better state of security in general.

In March, consultancy firm KPMG once again stressed out the importance of wireless threats, so they set up a couple of wireless honeypots over London and stood by to see what was happening. The results showed some activity, mostly bandwidth stealing and a conclusion was made: "The project dispels the myth that all unauthorized wireless activity is harmless". At this year's RSA Conference Europe, held in Amsterdam, I've spoken with one of the guys who ran this project and was unpleasantly surprised that all those figures derived from the study, were based on extremely small amount of "unauthorized wireless activity". From what he said, a new wireless honeypot project is in preparation and it will include far more honeypots, running on several operating systems, which will finally bring much better (from the quality perspective) results than the initial project.

During the NetWorld+Interop conference in April, the Wi-Fi Alliance launched Wi-Fi Protected Access (WPA), protocol that was needed to carry on upon flawed WEP. "Rather than wait for 802.11i to come out as a full standard, which may not happen until next year, they decided to take parts of the draft standard that are already very solid and take that to market now as Wi-Fi Protected Access," said David Cohen, Wi-Fi Alliance security committee chair. WPA soon faced some critics (1, 2).

When taking a look at May, I remember another quote from Wi-Fi Alliance, this time from Kirk Allchorne, marketing co-chairman at that organization, which showed the need for making new security standards: "It has become apparent to us that enterprise markets were avoiding Wi-Fi because of security worries". In the other news, AirDefense's May newsletter featured an interesting list of top 10 Wireless LAN Policy Violations.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th