http://www.wirelessweek.com/article/NEa0503296.1iw?verticalID=360&vertical=Applications
Wireless risk prompts big firms to act
May 5, 2004 12:00am
South China Morning Post Publishers Ltd.
SOUTH CHINA MORNING POST via NewsEdge Corporation : Faced with complex security threats, enterprises in Asia have started to extend network protection to all portable communications and computing devices linked to wireless internet systems.
Industry experts said a growing number of large firms were becoming aware that traditional perimeter security alone was insufficient to keep unwanted threats - spread from so-called wireless client devices - from infecting corporate networks and spreading to other client machines.
According to Gartner Dataquest, more than 20 million handheld computers have been sold in the past five years but only a minuscule 1 per cent of these devices carried simple virus protection.
"Networks have never been so vulnerable," said Eka Hartono, senior regional product marketing manager at information security systems specialist Symantec.
"The presence of a wireless connection elevates overall security concerns, as more connected client devices present an inherently higher security risk to an organisation. But any single security technology alone, such as anti-virus software, can no longer protect businesses against sophisticated internet threats."
That is why many large businesses, mainly multinational operations across the region, are moving rapidly to implement multiple security functions to connected mobile devices.
Ms Hartono said Lonely Planet - with offices in Melbourne, Oakland, London and Paris - was an early adopter of Symantec's Client Security 2.0 software, which offers a quick single update mechanism for virus definitions, firewall rules and intrusion detection signatures when any network attack occurs.
She claimed the new Symantec system was more efficient and effective than multiple security technology updates.
Colorado-based Configuresoft, for example, provides configuration management software that simply focuses on correcting and assessing configuration settings on remote machines every time they connect to an enterprise's internal network.
For basic anti-virus deployments, Symantec has also made available its AntiVirus for Handhelds Corporate Edition 3.2 for Palm and Windows-based handheld computing and communications devices. The setup can be accomplished without synchronising with a desktop system. .end (paragraph)<>
<< Copyright ©2004 South China Morning Post Publishers Ltd. >>
http://www.mirrors.wiretapped.net/security/info/textfiles/risks-digest/risks-23.16
Date: Mon, 26 Jan 2004 16:13:37 -0600
From: Chris Meadows aka Robotech_Master Subject: Another wireless risk
The other day I was in the position of needing to print out my credit card site's invoice display. Since I don't have a fully functional printer at home, and I needed to make a photocopy anyway, I decided to take my Mac Powerbook down to Kinko's and print it off there.
The problem was, when I plugged the Powerbook into their Ethernet link (called a "Macintosh link" for some reason by their onsite documentation...never mind that any computer with an Ethernet port could use it), I couldn't reach the Internet. (Nor could I see any printers in my application...and the printer driver disk the Kinko's clerk helpfully offered didn't help, because it only had drivers for OS 9, not OS X.) However, the fellow who'd just vacated the laptop station had been using wireless, and he said that should work. And I did a quick scan, found an open wireless router labelled "linksys," (the way they didn't even bother to change the default name should have warned me, I suppose...but given the general lack of computer adroitness I had observed in the staff, that carelessness seemed to fit right in) with a Lexmark printer on it, and Internet access...so I called up the invoice and hit print, then asked the Kinko's clerk where that particular printer was.
Longtime RISKS readers should be able to guess what came next. "But we don't have a wireless network...and we don't have any Lexmark printers either." Further research indicated that the wireless router was hooked into a Bellsouth DSL connection, presumably someone's nearby home or business. So I had just printed my credit card invoice to some total stranger's printer...and had no way even to find out where it was so I could get it back. Fortunately, the invoice didn't contain any *truly* sensitive information, such as my SSN or account number (beyond "ends with ...."). And I was closing that account anyway.
The risk here is kind of the inverse of the "usual" risk associated with a wireless system...instead of "you never know who might be using your network," it's "you never know whose network you might be using." The combination of an open wireless network and a location where you would expect there to be one can easily enough confuse you into conflating the two.
Thanks for the article post. I actually understand companies are hesitant about wireless. I am sure that wireless decreases security to an extent. The primary security I have is my "lack of importance." The only people that "should" want to hack me are people looking for free internet. I can easily stop them. Now, if a minor country wants my information, then maybe they can get it. In the case of a company with a ton of classified or other information, I would recommend against wireless. I believe that if it was configured properly it would be as secure as anything. However, if someone makes a mistake on configuration, then you have problems.