Wireless consumer-ization: User joy, IT's misery

By Gopinath KN, director engineering, AirTight Networks, Network World |  Mobile & Wireless, smartphones, wifi

Wi-Fi support has made its way into all kinds of consumer devices -- from smartphones to gaming consoles, cameras, DVD players and televisions -- and it is often implemented with native connection sharing capabilities. While great for consumers, this creates security and performance issues when any of these devices end up at work.

Wireless networks and mobility quiz

This article looks at three of the challenges consumer-ization presents to IT administrators. Further, it identifies some best practices that enterprise teams can implement to mitigate the problems.

1. Wireless intrusion points: Before wireless commoditization, wireless intrusion points in an enterprise were mostly limited to specific hardware such as wireless bridges and NAT/routers. One had to physically connect such a device to a network to create an intrusion point (exception being "soft AP" functionality available with a few add-on Wi-Fi cards on Linux/Windows).

Things have changed dramatically with the virtual Wi-Fi feature introduced in Windows Vista and Windows 7. Now almost any innocuous wireless notebook can become a threat to your security.

With virtual Wi-Fi, it is not only easy to set up a "soft AP" using the inbuilt Intel Centrino wireless adapter, but also, it is possible to enable a simultaneous client and AP mode operation. Moreover, free tools such as Connectify enable this configuration in just a couple of clicks.

Virtual Wi-Fi creates a wireless hotspot by "bridging" communication between two wireless interfaces on a host -- one that is used for client operations and the other that is used for AP operations. Note that the AP mode operation is very similar to that of a network address translation (NAT) AP.

Further, insecure Wi-Fi configurations such as Open and WEP are also allowed while creating virtual AP profiles. Thus, unauthorized users (ghost riders) can possibly piggyback behind authorized or guest users in your enterprise. This can pose a serious threat to enterprise security.

Realize that enabling 802.1X port control on your Ethernet ports will not block this threat for the simple reason that there is no unauthorized port to block. Further, network-access control cannot block such devices as they are hidden behind the NAT functionality of your authorized wireless client.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Mobile & WirelessWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness