Top management still Wi-Fi security dunces

IT staff who want to invest to secure their Wi-Fi networks from security breaches may struggle to persuade senior management that the money would be well spent, according to a wireless security vendor.

Speaking at the Enterprise Wireless Technology show in London on Wednesday, Steve Woolf, customer engineering manager at Red-M, urged firms to wake up to the security problems presented by the wireless boom.

Woolf explained that while some companies are actively embracing wireless, others are being permeated by stealth. The arrival of the Intel Centrino wireless chipset and Windows XP - which has been designed to make wireless networking easier - means that employees who are given a new laptop are likely to get wireless connectivity as standard.

The availability of cheap Wi-Fi kit means that IT managers can't be certain that the access points they deploy around the office are the only ones in operation. It's simple and affordable for an errant employee to pick up an 802.11b access point on the high street and plug it into their desktop.

Woolf says that companies must address the issue by creating and implementing a robust wireless security policy. Getting board-level approval, though, could be difficult.

"Senior managers typically have a limited understanding of the relationship between IT and business. They are the users, not the architects, of these high-tech systems and as such they aren't able to reconcile risk with return on investment," said Woolf, explaining that IT managers might find it hard to persuade the board that the benefits of tight wireless security outweigh the costs.

This extra investment is needed because Wi-Fi is inherently insecure. Its encryption standard, called WEP (wired equivalent privacy) encryption, has been compromised and security experts say it wouldn't take a determined attacker long to break into a network that was only protected by WEP.

Even worse, much Wi-Fi kit is shipped with WEP turned off. If a user doesn't switch it on, then even a casual snooper can easily gain network access.

Because of this, many vendors sell Wi-Fi products with additional encryption methods build in. Others urge companies to place a firewall between the wireless network and the rest of the company system, and force users to communicate through a VPN. But implementing these measures can be expensive. Graeme Wearden writes for ZDNet UK