Wi-Fi Security: Analysts Offer 3 Tips

 
 
By Brian P. Watson  |  Posted 2006-06-07
 
 
 
Financial firms stand to lose customers' trust—and potentially massive amounts of their data—if they don't rein in security risks to their Wi-Fi networks, according to new research.

Analysts with TowerGroup, a Needham, Mass., financial services research firm, in a report released last week at its annual conference, note there are a number of security threats for businesses using Wi-Fi networks. In addition to external forces, such as denial-of-service attacks and access violations, another vulnerability is technically un-savvy employees installing cheap access points into the company's network.

Josh Kessler, an emerging-technologies analyst who co-authored the report with Bob Egan, a research director, says many technology executives have chosen simply to ignore Wi-Fi because they don't fully understand the technology's attacks and access violations. "What their approach has been so far is, 'We know there are some security concerns with Wi-Fi, so let's not do Wi-Fi,'" Kessler says.

TowerGroup analysts urge technology executives at financial services firms to take steps to protect their wireless networks, including fortifying their internal strategy and choosing the right system to help block Wi-Fi-enabled attacks:

  • Understand Wi-Fi's capabilities—and its risks. If your organization doesn't sanction Wi-Fi, that doesn't mean you won't have to worry about it. Technology executives need to get their arms around the risks Wi-Fi poses to the corporate network because, whether they like it or not, some employees bring the technology into company systems.
  • Beware of emerging products. Technology managers need to evaluate the risk that popular products like smart phones—handheld computers that employees can use to tap into the network through Wi-Fi connections—could bring to the enterprise before adding them to the company's mobile arsenal.
  • Play a strong defense. Intrusion detection and prevention systems can analyze network activity and execute security procedures to ward off threats and attacks. Technology managers should evaluate and choose an appropriate program to defend against internal and external risk.

    The report also includes analysis of intrusion detection systems from Air Defense, AirMagnet, AirTight Networks, Aruba Networks, Bluesocket, Cisco Systems, Network Chemistry and WildPackets.