Wireless Security

[Notes: Journalists are invited to quote and use information from the backgrounder below but please ensure all comment is attributed to Marino Zini, Head of Managed Services, Claranet Limited.]

Marino Zini, Head of Managed Services at Claranet on Wireless Security:

Network security is increasingly critical as companies deploy more complex networks, expand their use of business-critical applications, and support a growing mobile workforce. The spread of wireless technology, high speed broadband and a growing number of mobile access devices means there are more endpoints and vulnerabilities for businesses to protect every day.

Wireless technology can be used to connect to a network or the Internet using radio frequencies and infrared waves instead of wires or cables. Common wireless standards include Wi-Fi, bluetooth and WiMAX. Companies are using wireless LAN (WLAN) technology to enable more flexible and mobile working. Wireless has quickly become a business critical technology.

Wireless networks enable real-time access to critical applications and network resources across an office, between different branches and from remote locations. Business demand for wireless infrastructure and applications continues to grow as they seek a secure means of supporting remote and workers more flexible ways of working. Wireless networks can bring businesses significant cost savings, improvements in workflow and productivity, and a competitive advantage.

Wireless comes with a warning

Nearly two thirds of UK businesses (62 per cent) had a security incident in 2005.

It is estimated that security breaches cost British business around ten billion pounds each year.

Wireless technology is more open and susceptible to breaches of security than traditional wired networks.

Security attacks are no longer intended to disrupt a business’s operations. Hackers now seek to infiltrate corporate networks to steal business data and extort money.

In general the threats which exploited the naivety of businesses in the early days of wireless technology have been counteracted. “Warchalking” where symbols are drawn in public places to advertise an unsecured wireless network, have been largely eradicated.

There are hundreds of specific attack types on wireless networks. These include:

• misconfigured access points. A can of Pringles can act as a rudimentary wireless antenna to detect unsecured wireless networks.
• “evil twins” which look like genuine access points and dupe users into logging on to their connections before intercepting sensitive data that crosses the network.
• “sniffers” which intercept unencrypted data and passwords passing across a wireless network by joining or associating with the network.
• “rogue access points” which describe unauthorized wireless access points deployed on a network. An employee could deploy wireless capabilities on their network without the organisation even knowing, effectively opening a door in the security of the network.

Businesses must implement comprehensive security measures to counteract the threat to their wireless networks.

All organisations face threats

Speaking at a Claranet forum to promote information security, former White House and Microsoft Chief Security Officer, Howard Schmidt spoke about the threats of cyber-crime to SMEs. "SMEs have to realise that just because they are small, it doesn't mean they won't be targeted. Bad guys target wherever they can get money," Schmidt said. Small businesses with limited resources and no have full-time IT staff often fail to address cyber-security issues appropriately.

Enterprises are more likely to be targeted by criminals. Enterprises provide more opportunities for money to be made. The security breaches enterprises experience tend to be more costly.

Encryption and authentication systems are the basics of wireless security. Businesses should restrict the number of people that can use the remote access service, or the information and systems that can be accessed remotely. Those companies that do not impose such limits have been found to be twice as likely to have had an outsider actually penetrate their network.

Outsourcing security to experts

Security is never absolute and must be viewed in terms of business risk. Businesses must assess their vulnerabilities and understand the likely costs of an attack or get someone to do it for them so they can select the appropriate level of security.

Outsourcing network management functions to expert third parties like Claranet can save companies money. It is less expensive than handling it internally, and allows businesses to focus on their core business function.

Claranet offers customers a mix of security expertise and partnerships with best-of-breed vendors. Business customers are able to access industry leading service level agreements (SLAs), security policies and other IT defences.

Wireless offers terrific business benefits, but security concerns remain the key issue deterring businesses from investing heavily in it. Businesses must be confident that their data will remain protected and that only authorized users can access their wireless networks.

Employing an expert security partner like Claranet offers the very best chance of shielding businesses from the risks and enjoying the benefits of wireless networking.

-ends-

Notes to editors:

Journalists are invited to quote and use information from the backgrounder below but please ensure all comment is attributed to Marino Zini, Head of Managed Services, Claranet Limited.

For further editorial information or to arrange an interview please email the Claranet press office or telephone 020 7609 1900.

About Marino Zini, Head of Managed Services, Claranet:

Marino Zini is an information security, managed hosting and Internet specialist. He is an Internet veteran having been involved in evangelising, consulting and delivering projects from the very beginning. He has numerous qualifications and memberships of Internet organisations, combining knowledge, experience, passion and constructive scepticism for all Internet related matters.

Marino sits in various committees including RIPA and the Anti Phishing Working Group. He is a member of ISSA, ISC2 and regularly contributes to the Bugtraq vulnerability list.

He has written several papers on information security topics including, High Availabilty Internet architectures, DDoS, software patching, criminal involvement in cybercrime and compliance in IT. He has moderated very successful seminars on various information security issues for the past 8 years. The latest series is called "Zero Downtime - the debate" looking at the challenges faced by high revenue web-facing businesses.

About Claranet:

Claranet was established in 1996 as a dial-up Internet access provider in the UK. The company's sustained profitability has resulted in continuous reinvestment, transforming Claranet into a multi-national managed service provider.

Today Claranet provides flexible and tailored network infrastructure that performs to the requirements of its 300,000 customers across six European countries and the US.

Claranet customers have confidence in their connectivity. Customers are served by experienced, innovative and dependable technicians.

Claranet commits to the highest standard of service level agreement.

URL: www.clara.net