Saturday, June 27, 2009

Why Your Weakest Security Link May Remain Invisible to You Forever

In a poor economy condition, layoffs, downsizing and low morale brings worst out of a trusted insiders as more and more IT professionals admitting they’re tempted to abuse their access privileges looking to profit off of proprietary intellectual property, trade secrets, human resource databases and any other sensitive information, according to a survey report published on darkreading.com.

It’s not that security administrators are not taking right measures to minimize newly emerged security risks from trusted insiders. Traditional way to stop data theft by improving physical security, disabling access to media drives, CD, USB or applying controls on the network side e.g. email filtering for attachments or access to limited Internet sites are definitely necessary actions to take but these are not sufficient to reduce the data security risk in today’s world.

With the proliferation of different wireless technology (e.g. GSM/GPRS, Bluetooth, WiFi, WiMax), human interactions with electronic gadgets, to share data, music, videos etc. has completely changed. Now all these contents are shared over wireless medium.

In fact WiFi has become the most popular wireless technology for local area data network and hence most of the modern mobile gadgets have inbuilt support for this technology. The technology also offers a very good range. Low deployment cost involved in it has made it an optimal choice especially for enterprises, to roll out corporate LAN in a most favorable time.

But there are some caveats for those who use this technology and those who don’t. WiFi medium can be a weakest security link for your enterprise and may remain invisible to you forever if you have not implemented right controls to manage WiFi enabled devices. Having the strongest authentication or encryption configuration possible in place for the corporate WiFi network is not enough to guarantee security of the network or the data that resides on the network.

The WiFi threats
Here are the top three WiFi threats we must know:

1. Presence of rogue, mis-configured or unmanaged WiFi gears
Presence of any rogue, mis-configured or unmanaged access points on corporate network may open a backdoor entry for an unauthorized or a malicious user and leave the network vulnerable. Such devices come into existence onto corporate network mostly by a trusted employee who sets up his own private WLAN.

2. Backdoor entry through WiFi enabled client machines
WiFi enabled clients can also serve as a point to access corporate network. Such backdoor can easily be created by a trusted insider on any WiFi enabled machine by simply creating a bridge interface on top of wired and wireless interface. An unauthorized user can establish peer to peer or adhoc mode connection with a trusted client machine from outside the building and have all data transferred on his machine.

3. RF spillage from neighbor’s networks
RF spillage from neighboring open WiFi networks e.g. a cyber caffe or WiFi Internet service provider can defeat the purpose of a corporate firewall or built-in access controls which are implemented to protect leakage of corporate data or sensitive information through Internet.

The solution

Presence of above mentioned threats can only be discovered if we monitor the airspace. Hence, there is a need to continuously monitor the airspace in and out of a corporate building, 24/7 and 365 days. Believing that legacy wired network monitoring systems or tools can also monitor wireless devices is a big misapprehension. In a wired network, all devices are physically connected to the network with the help of a copper cable. While in a wireless network, devices connect and communicate in the air with the help of radio frequency (RF) and hence monitoring such devices requires a system which can understand RF communication.

In a technical terminology such systems are known as Wireless Intrusion Detection and Prevention Systems (WIPS). In the absence of such systems, it is impossible to visualize the presence of WiFi enabled devices especially clients or data exchange done by these clients. Hence, threats arising from WiFi may remain invisible forever.

The conclusion

So the conclusion is that in a looming economic condition, corporate data and sensitive information residing on the network demands for more tightened security, which means, ensuring that corporate policies are effectively enforced and corporate networks, authorized client devices, and wireless medium are properly monitored round the clock. This is only possible if enterprises have successfully implemented right controls to manage the risk that is inherent with their employee’s use of wireless technology.

No comments:

Post a Comment