Drive-by hackings 'a myth'

[InfoSec News <isn () c4i org>]

http://www.vnunet.com/News/1129800

[Hmmm, If I didn't know better I'd swear that this Gartner analyst 
pulled this talk out of an ISN posting from January 14th 2002. 
http://cert.uni-stuttgart.de/archive/isn/2002/01/msg00127.html - WK] 

By Nick Farrell in Montreaux [06-03-2002]

Wireless Lans as secure as any other form of networking 

The wireless networking industry is being hamstrung by a myth that it
is peddling an insecure product, according to a principal analyst at
Gartner.

Speaking at NetEvents in Montreux Andy Rolfe said that, for all the
high profile news about the potential for drive-by hackings, he is yet
to see an actual case reported.

"Most of the issues surrounding wireless local area network [Lan]
security disregard the security facilities that are available today.  
At Gartner, our advice to our end user clients is that wireless Lans
can safely be deployed today using an end-to-end virtual private
network," he said.

It is claimed that wireless Lan signals can be intercepted and, with
the right equipment, hacked.

"This is where most reported hacks have taken place, but they have not
really been serious because all sensible enterprises secure their
systems with firewalls and multiple password levels," explained Rolfe.  
"In this way, all the hackers can get is free internet access. That is
really the extent of the problem so far."

He maintained that the industry had publicly debated the security
issues around wireless Lans in a confusing way and had alienated
potential purchasers.

"The argument must be moved on so that we begin to advise and guide
potential end users about how they can secure their wireless Lans and
select the right solution for their particular environment," said
Rofle.

In a panel discussion that followed, members agreed that the
technology was largely as secure as any other style of networking. The
issue was that many companies did not switch the security features on
or have adequate authentication procedures in place.

Nick Hallwood, enterprise manager at 3Com, pointed out that very few
companies have effective single sign-on systems which would help to
solve the problem.

"The ultimate solution would be to produce something that is centrally
controlled for enterprises. This could be brought under the control of
the information systems department," he said, adding that the only
real solution to make wireless secure was to set it up outside the
firewall.

"At 3Com we deploy our own wireless Lans in the same way that we
recommend our customers to do it, i.e. outside a firewall. Then we
require our own users to tunnel in through the firewall to the
corporate network," explained Hallwood.

Mario Maas, business manager at Agere Systems, insisted that wireless
Lans should be introduced according to standards, but said that it is
important to consider the applications (enterprise, home internet
access etc.) for which very different solutions are required.

"We think that people need to be educated about Lans, which is
something that the vendors need to put on their plate in order to gain
maximum security for their systems," he concluded.




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.