Warning: While you’re hanging around the IT water cooler fretting about wireless security, critical corporate data could be
walking out the door hanging from someone’s keychain. The smiling stranger in the hallway you just asked for the time should
have responded, “It’s 10 a.m. Do you know where your data is?”
Recently, I moderated a wireless security conference panel discussion in Chicago sponsored by the MIS Training Institute about
the pros and cons of wireless deployment. The panel’s catchy title was “Wicked Wireless,” reflecting some of the general fear
circling around 802.11b — the rogue networks, war-driving, and weakness of WEP (wired equivalent privacy) security. The panel
was supposed to focus on issues specific to wireless security, but the discussion kept veering back towards general security
practices. As the moderator, I tried to steer the focus back to things like WEP, MAC address filtering, and SSID broadcasts,
but those topics were of limited use to the discussion. I realized something that I’ve known but have often forgotten: Although
new technologies require adjustments in security handling, security is largely driven by common sense and the personal relationships
between people, not computers, because technology changes constantly.
Even within a particular realm of technology like wireless, certain standards get more attention in the security realm than
others. When was the last time you heard someone talk about Bluetooth security, for example? Eric Maiwald of Bluefire Security
Technologies, the author of two books and an expert on handheld security, noted that most Bluetooth devices have longer range
than advertised. To promote ease of use, most of those devices are set to communicate as default, allowing any Bluetooth client
within range to pull or push contact information, e-mail, and other information from another Bluetooth device.
Towards the end of the discussion, Ian Poynter, an independent security consultant, held up a device that he described as
security’s “worst nightmare” — a small USB thumb drive. They’re cheap, small, and incredibly mobile. Frankly, I had known
about them, but hadn’t considered them a security risk. Poynter noted that easily used operating systems such as Windows XP
and Mac OS X allowed for near-instant installation of such a device on almost any computer in a matter of seconds, and with
such devices capable of holding 64MB or more of information, an intruder (or an insider) in your organization could stealthily
make off with key corporate data while you’re refilling your coffee. One person in the audience pointed to his watch as a
USB storage device. I did some research after the panel, and yes, you can now buy the DiskGO! watch in 128MB and 256MB models.
IT could conceivably set a policy against USB thumb drives, but what do you do about watches that double as storage devices?
After we talked about Bluetooth and thumb drives, wireless didn’t seem quite so wicked. Despite concern about the proliferation
of wireless devices, the panel was in complete agreement about one thing: IT departments that think they can say no to wireless
and handhelds are in a state of denial — it’s already there (as I’ve noted before in “The Battle for Decentralizaion”). The benefits of wireless are too compelling to put the technology genie back into the bottle.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
