|
The same versatility that makes wireless LAN technology so attractive also
poses the greatest risks to organizations. No matter how strong an
organization's networking rules and procedures, whether wireless
or wired any employee can compromise the safety of corporate
data by plugging a wireless access point (WAP) into any available network tap.
In a worse case scenario, a rogue WAP introduced into a corporate environment
may not even have WEP enabled, thereby allowing association, and ultimately,
network access to any would-be intruder.
This is analogous to installing an open network
jack out on the sidewalk with the other end connected BEHIND your
firewall.
Anyone in 10 seconds can simply plug in a $30 Wi-Fi device (available from any
computer store) into any network jack and your network is WIDE
OPEN!!
EVEN IF YOU'RE NOT USING WIRELESS!!
It is important to note that no amount of fire-walling can prevent the capture
of network data in the above described scenario. The only feasible defense
becomes authenticated and encrypted network communications within the corporate
environment. For example, transition all wired switch gear to require 802.1x
with data-link encryption via an 802.1x generated key and place firewalls
between the WAP and wired network. Of course, this option entails significant
infrastructure modifications.
Currently, various 3rd party tools exist that can assist network administrators
in identifying unauthorized wireless access points that have been introduced
into corporate networks.
Software Blueprint IT Consulting can help
you get this risk under control.
|
