Bad Reception

Tunneling In

Another approach favored by both Digital Frameworks and Gartner is to protect network traffic in a Virtual Private Network (VPN) tunnel. High-end Wi-Fi devices like those mentioned above support VPN technology from brand names like Blue Socket, Citrix, Colubris Networks, Crossport Systems, eTunnels, Netilla Networks and OpenReach. The tunnels work for mixed-product networks and cover wired and wireless network nodes.

But in most cases, you'll need to buy a separate VPN server for each Wi-Fi access point-and that still doesn't solve your main vulnerability: human beings. Most security breaches involve simple mistakes that can only be addressed by rigorous security procedures administered centrally, says Pescatore, as opposed to relying on employee diligence.

Automatic log-on options and crib sheets for log-on information are out. Devices such as portables and home PCs have to be secured 24/7. Says Ladopoulos, "They always go for the weakest link, and any security process has many weak points."

Few organizations audit their networks frequently enough to detect such an intrusion, he adds. Besides, an ad hoc Wi-Fi workgroup can tap in to the company network in a matter of minutes, largely unnoticed even in relatively small companies. Ironically, if users enable WEP, hackers' presence can be difficult to detect without using a sniffer program.

Ladopoulos and Pescatore agree that the mere presence of wireless users means companies must rethink the traditional perimeter security model. You still need that "high wall" of antivirus, firewall and intrusion-detection software. But sensitive areas need added hardening with advanced encryption, VPN tunnels, restricted access-perhaps even biometric access controls.

Your current security perimeter may look like the Great Wall of China, says Ladopoulos, but ill-intentioned brainiacs are out there building hot air balloons to give away to the barbarian hordes. Network security has to adjust to the times.

PLUG THE HOLES:10 ways to secure your wireless network:

1. Deploy traditional network perimeter security measures.

2. Isolate sensitive areas on switches protected by dynamic encryption, VPNs and so on.

3. Audit for unauthorized WLANs weekly, or at least monthly.

4. Set all WLAN connections to utilize security automatically.

5. Centrally control access.

6. Avoid security practices that depend on user decision-making.

7. Equip employees with secure wireless devices.

8. Show employees how publicized security breaches could impact your company.

9. Reward security compliance and punish noncompliance.

10. Have an outside consultant set up and test your network security procedures.


Mike Hogan is Entrepreneur's technology editor. Write him at mhogan@entrepreneur.com.

« Previous 1 Page 2

Like this article? Get this issue right now on iPad, Nook or Kindle Fire.

This article was originally published in the February 2002 print edition of Entrepreneur with the headline: Bad Reception.

Loading the player ...

2 Secrets to Having Super-Productive Mornings

Ads by Google

Share Your Thoughts

Connect with Entrepreneur

Most Shared Stories