In the past few months, there’ve been a number of press reports about the security of wireless networks. Mostly, the stories have asserted that they’re a snap to break into-not exactly a comfort to companies that installed them as a less cumbersome alternative to their wired counterparts.
So why are wireless networks so easily breached? Part of the vulnerability lies in the wired equivalent privacy (WEP) security algorithm. That algorithm, intended to keep intruders out, was compromised this year by researchers at the University of California at Berkeley and the University of Maryland. One of the Berkeley code-crackers, Ian Goldberg, is now chief scientist at Zero-Knowledge Systems (www.zeroknowledge.com), a privacy technology company. Goldberg says wireless security gaps stem, in part, from a flawed review process: “WEP has a number of cryptographic problems because not enough cryptographers looked at it during its design.” He adds, though, that WEP standards-setters are working on a more secure version, “and they’re doing it openly.”
Experts also point our that some holes in wireless networks arise from a lack of corporate oversight. Many employees, they note, tend to see walk-around Web access as a toy. Hence, basic security procedures — ensuring that the wireless access point is outside the firewall, or turning on security software — are ignored. Experts also say risk managers need to make sure that no departments have set up an insecure wireless network on the sly. Given the low cost of operating a simple wireless system, such an expense can be buried in a manager’s discretionary budget.
John P. Mello Jr. is a contributor to eCFO.