Despite the insecurities of 802.11, the number of wireless networks is growing rapidly. What should be done in order to raise awareness of wireless security problems?
Yes, the wireless market is growing rapidly and is one of the most exciting markets to be involved in today. A couple of years ago only selected markets, like Education and Healthcare, were deploying wireless but today companies as small as 10 and as large as 10,000 are deploying it and this is happening right across the spectrum. Today, it's not a question of "if" but "when and how" IT departments will deploy wireless for their increasingly mobile workforce.
I think the industry in general is doing a good job of raising awareness of both the benefits and challenges of wireless networking and security, despite the negative connotations around standards like 802.11, particularly its early iterations. This year we will hear a lot about the much talked about new standard, 802.11n, which will bring wireless connections in line with wired connections. Any standard has its flaws, and any system - wireless or otherwise - is only as secure as it's weakest link. It's our job at Bluesocket to make sure a wireless implementation has no weak links at all!
A significant part in the process of developing wireless networks is ensuring that the data on wireless devices is secure. What do you see as the biggest threats to that security?
Usually the biggest threat is the people using the wireless device. As I said before, a system, or device for that matter, is only as secure as its weakest link - and often that weakest link is the person holding it! You can have all the security in the world to protect your data, but if you lose your smartphone or your laptop is stolen, then it's only a matter of time!
Having a mobile workforce is not new any more, but IT departments have been slow to recognise and respond to the importance of securing end devices against hackers and attackers once they're outside the building. Now that wireless networking is more common, they're waking up to the importance of securing wireless devices, and making sure users are aware of the importance as well.
What's your take on wardrivers? Some say they're harmless while other label them as criminals.
A few years ago a sort of cult movement grew up out of the worrying lack of security measures employed by many companies and the growing number of home wireless network users. The media image presented was of lawless so-called 'wardrivers' or 'warchalkers' roaming the streets looking for trouble! Actually what they were looking for was unprotected wireless access points and routers, and when they found one they used chalk marks to identify the premises to others and publicised the information on the Internet. For the most part, it has to be said that they confined their activities to gaining free Internet access, but there are examples of open wireless systems being hacked into, which does suggest a criminal element. I think businesses are wising up to this now and in Bluesocket's experience talking to these companies, it's much less common.
The CSO is becoming increasingly aware of the dangers posed by mobile devices that contain confidential information and that are subject to theft or loss. What can they do to mitigate those risks? Is the education of end users within a company the only way to go?