http://www.internetnews.com/wd-news/article/0,,10_752201,00.html
By Clint Boulton
April 25, 2001
Atlanta-based Internet Security Systems Inc. (ISS) has long had this
concern about drive by hackers. That's right -- drive-by hackers.
ISS claims perpetrators can equip their laptops with wireless
technology, sit inconspicuously on a park bench, or in a car, and
casually monitor traffic, access applications, and hijack data flowing
over someone else's wireless network, unbeknownst to the victim. To
combat this threat, which sounds like it could be a plot line from an
upcoming James Bond film, ISS Wednesday drew the curtain on wireless
local area network (WLAN) security software an consulting practices.
Why create safety for the WLAN? ISS said it believes enterprises are
deploring WLANs with increasing regularity because they are
cost-effective and help workers grab knowledge on the go from laptops
or personal digital assistants (PDAs). And very little exists in the
way of security for wireless networks as compared to their wired
counterparts, LANs?
Gartner Group, it would seem, concurs that wireless networks are in
the midst of proliferation. The research firm said 50 percent of all
enterprises in the U.S. will have deployed a wireless LAN by 2002, an
increase from 21 percent at the end of last year (2000). Accordingly,
ISS said the fact that wireless LANs can easily be accessed by
outsiders -- friendly or not -- means they need strong protection.
And just as perpetrators like hackers and crackers have done to wired
networks, they can assault WLANs through the same methods:
unauthorized access points; data interception; denial-of-service (DoS)
attacks; peer-to-peer sabotage; and wireless laptops to attacks when
they roam to public access points, such as airports and hotels.
What is more frightening, ISS claims, is that non-technical employees,
while often victims of attacks, are often unaware of these threats.
This ignorance can make the comfort of the firewall a false security
blanket.
"Most companies have no idea that their networks are wide open to
wireless security risks," said Christopher Klaus, founder and chief
technology officer for ISS. "Employees today are adding their own
wireless access points to the backbone of their company's network
without the knowledge of their IT and security staffs. With a lack of
awareness by the company that an access point has been added and a
lack of proper security configuration, these rogue access points can
become an intruder's dream backdoor into a company's network despite
the front door firewall."
So, ISS has devised a host of software packages to prevent intruders
via detection. It has also implemented consulting and managed security
to accompany these products:
* anX-Press Update for its Internet Scanner software -- enables
customers to scan and identify rogue wireless access points on
their networks. The X-Force team, ISS' security research arm, is
developing additional security risk definitions for new wireless LAN
(WLAN) risks and these will be available as X-Press Updates in the
near future
* Security Architecture Consulting -- Internet Security Systems'
consulting solutions group has integrated its security knowledge and
methodology into wireless-specific offerings, including evaluations,
penetration testing, design and security policy development
* SecureU Education Services -- Scheduled to debut during Networld +
Interop in Las Vegas on May 7, ISS has added a wireless security
seminar to its SecureU education programs
* Managed Security Services -- As WLAN protection features are added
to ISS security software products, ISS' Managed Security Services
will also integrate these capabilities into its remote managed
security services offerings, protecting customers
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".
Received on Thu Apr 26 02:45 CDT 2001