A few years ago a sort of cult movement grew up out of the worrying lack of security measures employed by many companies and the growing number of home wireless network users. The media image presented was of lawless so-called 'wardrivers' or 'warchalkers' roaming the streets looking for trouble! Actually what they were looking for was unprotected wireless access points and routers, and when they found one they used chalk marks to identify the premises to others and publicised the information on the Internet. For the most part, it has to be said that they confined their activities to gaining free Internet access, but there are examples of open wireless systems being hacked into, which does suggest a criminal element. I think businesses are wising up to this now and in Bluesocket's experience talking to these companies, it's much less common.
The CSO is becoming increasingly aware of the dangers posed by mobile devices that contain confidential information and that are subject to theft or loss. What can they do to mitigate those risks? Is the education of end users within a company the only way to go?
Yes, absolutely. It really carries on from my comments above. Having a strong corporate security policy that incorporates mobile devices is essential for any company employing a mobile workforce - and that's most companies today.
People use wireless networks on a daily basis and are growing concerned about the possible threats. What advice would you give to mobile users so that they could make and keep their laptops secure on any network?
1. 'Don't set up rogue access points'.
This is where an access point (AP) has been installed by an employee onto the enterprise network without authorisation. This is not a malicious act, usually one bourne out of frustration at an internal policy that says 'no wireless'. The problem is that these rogue APs are unsecured and as such act as a huge security breach into the corporate network.
2. Don't use unsecured networks
This might seem obvious, but to some it isn't. There are so many WiFi networks out there today - from hotel rooms to coffee bars - that knowing what is secure and what isn't can be tricky. Most public wireless networks are secured and require a passcode or log-in. But if these are available, especially for home workers, it's tempting to log in to the nearest available one, such as a neighbour's. Apart from using someone else's bandwidth, it is potentially putting your company data or your personal data at risk. If someone is visiting the office of a supplier, partner or customer, check first that the wireless network there is secure or has what is known as Secure Guest Access. This provides the visitor with quick and simple WiFi access, while allowing the company to control - where, when and for how long - and report on that usage for compliance, legal and security reasons.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.