News from The Globe and Mail


Wednesday, May 21, 2003

They're simple looking boxes about the size of a portable phone base, each with a couple of antennas -- nothing that would normally attract much notice. But for some enterprises, they're causing IT headaches.

Wireless access devices, available for less than $200 at any electronics store, are gaining widespread popularity among employees who want to tap into their company's local area networks from their own personal hot spots.

The employee may want to do nothing more than work from the cafeteria through her lunch break, but what she may be doing is quietly opening a back door to her company's local area network. Home-grown hot spots have a way of spreading though the walls to potential outside users, though enterprises with well-secured networks may not be seriously threatened.

Notes Gary McIntyre, information security architect with IBM Global Services at Markham, Ont.-based IBM Canada Ltd.: "We have found rogue wireless networks set up by employees to be quite a common problem. They're just so cheap to buy and ready to go out of the box. And it doesn't require technical talent to connect them."

But IT managers have begun cracking down, according to Brian Sharwood, principal with SeaBoard Group in Toronto. "At first they didn't know enough to be scared by it. Now IT managers are clued in and are getting the tools to ensure they can manage it. They know if they don't, [these devices] can open a channel inside the company behind the firewall. If there are rogues working within the company, managers need to have a good knowledge of where they are."

Nonetheless, properly equipped enterprises have little to worry about in the way of unauthorized access to corporate information, says Warren Chaisatien, senior telecom analyst with IDC Canada in Toronto. "If you have everything in place such as VPN [virtual private network], authorization and authentication, you have no worries. In most cases, people can only tap into capacity and bandwidth."

So what does an enterprise do to keep rogue access points under control?

"The first thing to do is establish a good policy and communicate that to employees," Mr. McIntyre says.

The next step is making sure that the devices are accounted for and security settings activated.

Enterprises can also restrict communication with an access point to include only equipment with an authorized MAC address. (Any piece of hardware, including a wireless card, has a unique serial number -- or MAC address -- that can be recognized on a network.)

David Wright, area vice-president of Citrix Systems Canada, notes that with the proliferation of wireless devices, enterprises are faced with the issue of making sure their wireless access is secure, "It's now becoming commonplace for executives to have wireless cards. The login process is critical. So is the encryption of data."

© The Globe and Mail