Posted by Chris Silva on January 22, 2008
came across an article from the Journal. It goes into
great detail talking about the various means of having your data compromised
when using a public Wi-Fi network. The article makes valid points discussing
the means of using evil twin and man-in-the-middle attacks to compromise data
and network resources access by an 802.11-enabled PC.
This article reminded me of an anecdote regarding a US
Government agency. The agency, citing its need to maintain high standards of
data security in its role as a standards
bellwether for many other US Government agencies, has begun
trialling cellular data network access for its laptops, eschewing Wi-Fi due to
data security shortcomings, presumed inherent risks of the technology. Cellular data
networks, in use by close to 30% of enterprises in North America according to Forrester data,
most definitely have their place. However, using these networks as the sole
solution for wireless connectivity is not a reasonable solution to avoid security
risks. More than 50% of North American enterprises have made an investment in
Wi-Fi and it's hard to imagine these investments are made in a security vacuum.
In this example, what has been accomplished by this trial is a move closer to
de-facto wireless connectivity relying on expensive, closed networks often
subject to limited availability versus an investment in Wi-Fi infrastructure
with appropriate security tools such as Wireless IPS/DPS and a robust remote
access solution. A similar approach to that which the Journal article takes,
blaming security woes on a technology's shortcomings versus recognizing Wi-Fi
as an element in a well-designed (read: secure) mobile data access solution.
With FUD like this making its way into venerable publications such as the
Journal, it's not hard to see why companies like Aruba Networks and Bluesocket
are focused, sometimes almost myopically to the external observer, on security.
By Chris Silva.
Check out Chris' research