THE OUTLOOK FOR THE FUTURE

Atlanta-based Internet Security Systems Inc. (ISS) has long had this concern about drive-by hackers. That’s right—drive-by hackers.

ISS claims perpetrators can equip their laptops with wireless technology,^[ix] sit inconspicuously on a park bench, or in a car, and casually monitor traffic, access applications, and hijack data flowing over someone else’s wireless network, unbeknownst to the victim. To combat this threat, which sounds like it could be a plot line from an upcoming James Bond film, ISS recently drew the curtain on wireless local area network (WLAN) security software and consulting practices.

Why create safety for the WLAN? ISS believes enterprises are deploying WLANs with increasing regularity because they are cost-effective and help workers grab knowledge on the go from laptops or personal digital assistants (PDAs). And very little exists in the way of security for wireless networks, as compared to their wired counterparts, LANs?

Gartner Group, it would seem, concurs that wireless networks are in the midst of proliferation. The research firm said 60% of all enterprises in the United States will have deployed a wireless LAN by 2003, an increase from 32% in 2001. Accordingly, ISS indicates that the fact that wireless LANs can easily be accessed by outsiders (friendly or not), means that they need stronger protection.

And, just as perpetrators such as hackers and crackers have done to wired networks, they can assault WLANs through the same methods: unauthorized access points; data interception; denial-of-service (DoS) attacks; peer-to-peer sabotage; and wireless laptops to attacks when they roam to public access points such as airports and hotels.

What is more frightening, ISS claims, is that nontechnical employees, although often victims of attacks, are often unaware of these threats. This ignorance can make the comfort of the firewall a false security blanket.

Most companies have no idea that their networks are wide open to wireless security risks. Employees today are adding their own wireless access points to the backbone of their company’s network without the knowledge of their IT and security staffs. With a lack of awareness by the company that an access point has been added and a lack of proper security configuration, these rogue access points can become an intruder’s dream back-door into a company’s network despite the front-door firewall.

^[ix]John R. Vacca, Wireless Broadband Networks Handbook, McGraw-Hill, 2001.