Another approach favored by both Digital Frameworks and Gartner is to protect network traffic in a Virtual Private Network (VPN) tunnel. High-end Wi-Fi devices like those mentioned above support VPN technology from brand names like Blue Socket, Citrix, Colubris Networks, Crossport Systems, eTunnels, Netilla Networks and OpenReach. The tunnels work for mixed-product networks and cover wired and wireless network nodes.
But in most cases, you'll need to buy a separate VPN server for each Wi-Fi access point-and that still doesn't solve your main vulnerability: human beings. Most security breaches involve simple mistakes that can only be addressed by rigorous security procedures administered centrally, says Pescatore, as opposed to relying on employee diligence.
Automatic log-on options and crib sheets for log-on information are out. Devices such as portables and home PCs have to be secured 24/7. Says Ladopoulos, "They always go for the weakest link, and any security process has many weak points."
Few organizations audit their networks frequently enough to detect such an intrusion, he adds. Besides, an ad hoc Wi-Fi workgroup can tap in to the company network in a matter of minutes, largely unnoticed even in relatively small companies. Ironically, if users enable WEP, hackers' presence can be difficult to detect without using a sniffer program.
Ladopoulos and Pescatore agree that the mere presence of wireless users means companies must rethink the traditional perimeter security model. You still need that "high wall" of antivirus, firewall and intrusion-detection software. But sensitive areas need added hardening with advanced encryption, VPN tunnels, restricted access-perhaps even biometric access controls.
Your current security perimeter may look like the Great Wall of China, says Ladopoulos, but ill-intentioned brainiacs are out there building hot air balloons to give away to the barbarian hordes. Network security has to adjust to the times.
Mike Hogan is Entrepreneur's technology editor. Write him at firstname.lastname@example.org.