Unfortunatley I think you're going against media inertia at the moment.
Once a view of a product has settled in the mind of the masses it's very
difficult to change it, and given the initial problems with WEP and the
publicity surrounding it the wireless LAN sector will be constantly fighting
against views like "Well they produced WEP as a security standard, and look
what happened to that" until the opinion of the masses starts changing.
One of the root causes of this view is that the default configuration of
many wireless access points make them open access points for all (i.e. no
requirement to set up MAC address filtering or encryption keys before acting
as an access point), this has lead to a number of insecure live networks
setup by IT deparements with little or no wireless LAN knowledge who've
plugged the access point in, found the could connect to it, and considered
the job done.
There is also a more practicle issue of changing wireless LAN security
configurations. If I want to change my encryption keys or SSID daily,
weekly, or monthly, how do I do it and roll the new key out to all the
clients? (I can give a number of good ideas such as walled garden wireless
LANs that authenticate the users and download the connection data for the
secure network, but I've not seen any implementations to address this).
It's my belief that until the media start coming out with poisitive wireless
LAN stories, and some of the practicle issues can be resolved, it's going to
be a tough battle, so I would suggest you start by doing some general
positive PR work for wireless LANS in the market sectors you're targetting
and try to shift the view from security being the #1 concern of WLANs to
something more easily addressable (such as compatibility, cost, or
training).
Just my 2c worth....
Al Sutton
Argosy TelCrest
www.argosytelcrest.com
-----Original Message-----
From: Phillip Lay [mailto:phillip.l@pacificdata.net.au]
Sent: 29 September 2005 02:43
To: security-management@securityfocus.com
Subject: Key concerns when seeking Wireless IPS/IDS solutions?
Hi all,
As the regional rep of wireless security (AirDefense) in the A/NZ region I
am very keen to better understand why companies do not go wireless?
Many, if not all research reports (including our own client visits) point
the finger at "security" as the #1 inhibitor of WLANs.
However since there is a growing number of available wireless security
solutions that can safeguard Wireless networks- some even argue being able
to secure wireless networks better than the wired side I am wondering from
your "expert" point of view, how would/should/could we better present
WIDS/WIPS info aka technical advantages and capabilities or the business
benefits of WLAN?
Is it fair to say that the leading info source for WLAN Sec Best Practices
is the NIST Wireless Security Checklist based on ISO 17799?
Sincerely,
Phillip Lay
AirDefense Australia & New Zealand
