Home: www.packetnexus.com
Wireless technology presents new security challenges September 7, 2000 Web posted at: 12:27 p.m. EDT (1627 GMT) by Matt Hamblen (IDG) -- Every business should be lucky enough to get a visit from a friendly hacker like Jeff Schmidt. On July 27, Schmidt tried out a brand-new wireless LAN card on his laptop at work. He didn't expect anything to happen, because his organization's wireless LAN wasn't up and running yet. But to his surprise, he was able to connect without any trouble to the network of an office down the street. Oops. Rather than swipe passwords from the other office's domain name server, Schmidt called the office to warn it. It shut down its wireless hub shortly thereafter, he says. Schmidt, a network engineer at the U.S. Department of Agriculture in New Orleans, provided printouts of his communications with the other office, which he declined to name. "Imagine our surprise when their hub instantly returned my signal," Schmidt says. "Since the other office was still using the factory defaults on its wireless hub, I connected just fine. No hacking, no planning - just plain, dumb chance." Chance played a key role in Schmidt's penetration of an outside network, but analysts say wireless LANs can be easily accessed by neighbors - friendly or not - and need strong protection. According to analysts, information technology managers can provide robust security by making sure wireless users are authenticated, preferably with a user name and password as well as a token. They also say encryption should be used end-to-end in a connection. Security can even be made strong enough to allow purchases or money transfers over the Web, banks and retailers say. "We feel very comfortable with our wireless security, and we feel our equipment is secure," says Mark Ebel, director of digital communication services at BestBuy.com, a division of Best Buy Co. in Eden Prairie, Minn. "However, we do believe we have to get better at security than today's approach, because if we don't do something, we know the hackers will find ways to get better," he adds. BestBuy.com is about to launch wireless purchasing on its Web site. The system has worked well in tests but hasn't been launched yet because the company has been tweaking other features of the site that aren't related to security. Banks such as Wachovia Corp. in Winston-Salem, N.C., are confident enough about wireless security to plan a rollout of banking services for consumers and businesses by year's end. One group that has already gone wireless is 500 attorneys at Paul Hastings Janosky and Walker LLP in Los Angeles. The lawyers send e-mail wirelessly via Research in Motion Ltd. (RIM) BlackBerry personal digital assistants, which resemble pagers with small keyboards. They started using the devices last October. "They have been an invaluable tool for the lawyers, and a lot of them travel," says Mary Odson, CIO at Paul Hastings. "We carefully evaluated the RIMs and the network, since security with legal matters was one of the most important components." Banking on wireless Encrypting connections from end to end requires a developer to consider every device used to access a network, users and analysts say. In addition, the security standards of each wireless network carrier must be understood. To deal with this complexity, Wachovia chose 724 Solutions Inc. in Toronto to help it develop wireless banking applications, says Lawrence Baxter, head of e