FEATURE: New wireless threat index exposes significant risks

The explosion of wireless usage has enabled a new and dangerous vector for access to confidential data, a vector that can be used to damage the integrity of corporate networks and assets. Attacks on wireless LANs (WLANs) and breaches of 'no wireless' policies are a quick and easy way for hackers to steal data and enter the corporate network.

The wireless network has the same challenges as the fixed, wired network and organizations must have a pre-emptive plan of action to prevent wireless attacks and policy violations that can compromise an organization's data privacy and regulatory compliance. Security managers need to plan for, monitor and mitigate potential wireless threats as well as react quickly when any breach occurs. Organizations continue to seek additional information and early warning systems to increase their awareness of the growing threats and support their investment in wireless security solutions.

A new threat index helps enterprises and organizations monitor wireless threats and assess the ongoing risk they face. The index is based on data gathered from thousands of enterprise laptops and the hundreds of thousands of connections that users made in offices, on the road, and in homes from December 2005 to March 2006. The findings suggest that some pre-conceived notions about how laptops are used should be re-evaluated.

The data disproves four top security myths: wireless connections are rarely made to unknown networks when actually 36 percent of all wireless connections were with unknown APs, users do not connect to wireless and wired networks at the same time, but 37 percent of the endpoints analyzed had network bridging enabled, ad-hoc networks are seldom used when in reality 63 percent of endpoints had an ad-hoc connection turned on or tried to connect to one, and users actually use their VPN clients when actually 68 percent of endpoints experienced violations of VPN policy.

Each risk reported in the new index is significant, and the index provides detailed information about them, including the percentage of end users that have exposed their organization in the following ways:

  • Ad-hoc connections: the end user attempted to connect to an ad-hoc     network.
  • Unknown AP connections: the end user has connected to an AP which was not previously known.
  • Unknown Ethernet connections: the end user has connected to an Ethernet network which was not previously known.
  • VPN policy violations: the end user has attempted to send network traffic across a connection rather than the VPN required by corporate policy.
  • Network bridging: more than one interface on the endpoint was connected simultaneously, e.g. interfaces were plugged into the corporate LAN and a wireless AP or ad-hoc wireless network at the same time.
  • No firewall protection: the endpoint is not running a software firewall.
  • No virus protection: the endpoint is not running virus protection software.

The data from this analysis provides excellent insight into how laptops are used once they leave the office. The index also highlights the importance of having security personnel apply and automatically enforce policies on what connections are allowed and how communications should be secured. End users will inherently choose productivity over security, so IT must transparently ensure that machines are being used in a safe manner that does not put the user or corporate data at risk.

With the rapid expansion of mobile and wireless technologies, organizations are seeking more tools to help them assess risk and monitor potential threats, such as those coming from unsecured laptops, that leave a back door open to their networks. As the new threat index shows, tools available today provide a detailed, ongoing way for IT and security personnel to better understand and track emerging wireless threats and to mitigate any potential risks.

Joel Riciputi is director of marketing with Network Chemistry, a security company that focuses on the mobile enterprise.