Gartner Says Wireless LANs are the Major Wireless Security Problem Facing Businesses Through 2008
Analysts Discuss How to Secure a Wireless Network at Gartner IT Security Summit 2004
WASHINGTON, D.C., June 9, 2004 — Through 2006, 70 percent of successful wireless local area network (WLAN) attacks will be because of the misconfiguration of WLAN access points (AP) and client software, according to Gartner, Inc. Security for WLANs and personal digital assistants (PDAs) in the company needs to be driven by updated security policies that address the unique demands of the mobile workplace.
Gartner presented these findings today during the Gartner IT Security Summit 2004, which is taking place here, through June 9.
"Whether hackers are able to enter a company's WLAN through an unprotected AP or through a peer workstation, once they are associated with the network, they will be difficult to detect because they may not be visible in or near the network site," said John Pescatore, vice president and Gartner fellow. "A clever hacker will play it safe and use the company's resources quietly, and as a result, may never be found."
To protect themselves, businesses must make sure that employees or hackers don't install unauthorized wireless APs on the network and that APs are configured securely. In dense environments, such as urban areas or multi-tenant office buildings, companies have to make sure that their users don't connect to other companies' networks.
The least expensive, and least effective, way of doing this is to buy a wireless sniffer handheld and walk the perimeter of the network. The most expensive, and most secure, is to install a separate set of wireless intrusion detection sensors.
"Businesses should use sniffers to demonstrate potential exposure problems to management, especially to the management that funds security problems," Pescatore said. "Sniffer walks should not be attempted as an ongoing survey method, but should be kept on standby. If rogue WLAN activity is detected by network monitoring systems, individual members of the IT staff can be dispatched, to act as trackers, to hone in on unauthorized signal sources."
Gartner says that companies will get the most efficient WLAN intrusion detection protection from a vendor-independent dedicated sensor investment. The overwhelming advantage of this method is that all WLAN traffic can be detected regardless of the equipment and vendors involved.
Gartner IT Security Summit 2004 provides both strategic planning and tactical advice for senior-level IT executives whose jobs include enterprise security responsibilities and critical infrastructure protection. Gartner IT Security Summit 2004 covers new and emerging technologies, as well as policy, planning and compliance issues, and will help make sense of the trends, technologies and opportunities that can safeguard an IT enterprise and its assets before the next threat looms large. Additional information about the conference is available at www.gartner.com/us/itsecurity.
About Gartner:
Gartner, Inc. is the leading provider of
research and analysis on the global information technology industry. Gartner serves more
than 10,000 clients, including chief information officers and other senior IT executives
in corporations and government agencies, as well as technology companies and the
investment community. The Company focuses on delivering objective, in-depth analysis
and actionable advice to enable clients to make more informed business and technology
decisions. The Company's businesses consist of Gartner Intelligence, research and
events for IT professionals; Gartner Executive Programs, membership programs and peer
networking services; and Gartner Consulting, customized engagements with a specific
emphasis on outsourcing and IT management. Founded in 1979, Gartner is headquartered in
Stamford, Connecticut, and has 3,700 associates, including more than 1,000 research
analysts and consultants, in more than 75 locations worldwide. For more information,
visit www.gartner.com.
