Security to the max

Wireless access is becoming par for the course in enterprises of all sizes as the technology advances. Businesses are tempted by the flexibility and freedom offered by wireless integration - yet newer technologies can open security holes in a business network just like Wi-Fi did.

Gartner analyst and security specialist, Andrew Walls, has a true story to tell about this happening at an Australian business not so long ago. In his example, a criminal disguised himself as a copier repairer, and easily accessed a secure area near a wirelessly networked photocopier. He inserted a wireless hub into the network port between the photocopier and the actual network. He then sat outside in his van, logged into the network via his laptop and began talking to the network, trying to grab data on websites, user IDs, credit details and so on. He was going after home addresses. And he was asking the network how its users paid their bills - was it by credit card, could he have that number?

"The business noticed the photocopier was behaving oddly and when they went to look, saw the photocopier had become a wireless hub. They then called the police," Walls said.

Incidents like that don't frighten Walls, however. While wireless technology - such as WiMAX, Ultra WideBand (UWB) and even 802.11n - is certainly speeding things up and pushing wireless access into broader geographic areas, the technology and know how needed to stem a new tide of security threats does actually exist.

If the right actions are taken, wireless -especially emerging wireless technologies - should be no riskier for business customers than a cabled network, Walls said. Few threats from the newer wireless technologies were in any way unique - although, in many cases, they could be travelling faster. Setting up a spurious transmission was getting more difficult too as hardware got more sophisticated and security-savvy, he said.

Apart from the slightly increased risk of a Denial of Service (DoS) attack, the biggest concern isn't with the wireless networking per se but with laptops, mobile phones and other client devices plugged into that network, Walls said.

"The general threat we see is much more focused on endpoint devices," he said.

It goes without saying some of those threats can be dealt with using security software for client devices and servers and by keeping up with patches and updates for the OS. Encryption, WPA or better, would also be adequate, Walls said.

The trouble was setting it all up. "How do normal people get along in the IT world? There's a high expectation of knowledge of how you configure these devices, which I don't think is reality," he said.

There was no easy solution, Walls said. "You can't just pour more technology on the fire to solve the problems," he said.

Opportunity knocks Success for customers and the channel alike may be found in providing quality pre- and post-sales services layered over new hardware and software. Resellers must help users choose the right hardware - and configure it properly.

"There's an opportunity for resellers to actually ensure the devices are configured in a highly secure manner," Walls said. "That would definitely be a value-add that a reseller can pitch into the whole sales transaction." Configuration services tailored specifically for each individual customer's business needs and environment could be a winner, he said, pointing to the growth in demand for managed security services across the Asia-Pacific region, including Australia.

"Asia-Pacific in general has the sharpest growth [in this sector], compared to other global regions. It's a lucrative market," he said.

However, building a profitable managed security services practice if you're not already playing in that space may require considerable investment, Walls said.

"I don't want to even think about the marketing expense but there's definitely a market opportunity. As a result, we're seeing a lot of major players moving into the region with a very strong marketing push," he said. Global players, such as Orange, were moving in and Australian resellers needed to move quickly if they wanted to grab a piece of the rapidly changing and growing market, he said.

Upgrade issues D-Link business development manager, Dean Williams, noted that interoperability between the CPE and the host end is quite difficult to achieve with WiMAX technology. Security developments were trying to address this issue.

One problem that could bedevil businesses moving to newer wireless technologies, including 802.11n, was the tendency to overlook networked devices such as print servers, he claimed. A print server could be the focus for an attack on the WLAN, and few would suspect it as the source of the security hole. "It becomes about doing one's research, I think, more than anything. It's no different to upgrading to Vista, or similar," Williams said. D-Link was developing simpler Web interfaces for configuring security because one of the biggest customer problems with wireless, after setting up the network initially, was configuring security properly, he said.

Service providers should also remember customers are going to need all the latest drivers for their IT systems when they upgrade to technologies like WiMAX. And wireless cards can easily be upgraded on most older devices. "We're actually selling PCI Express Cards for N now," Williams said. He claimed no one should be on WEP anymore as the encryption method can be cracked in minutes. And if customers are already using the more secure WPA, it should be a simple process to upgrade their software to WPA II.

Resellers were going to have to work at educating customers on the new wireless technologies, on top of all the other topics businesses needed to understand. "I don't think that scare tactics still work but, especially with 802.11n, it's going to be the next important thing to pick on," Williams said.