Wireless security

Introduction and scope of the topic

Aren’t wireless networks wonderful? So convenient to use, flexible and cheap to deploy, they’re great!  No longer are we tied to our desks by the network, keyboard and mouse  cables.  Wireless technologies enable laptops and other mobile computers to be connected to the corporate networks and the Internet, while distant locations can be linked-up using microwave radio over point-to-point or satellite links.  Travelers use public WiFi hotspots or 3G USB sticks to keep up with email and social networks while on the move, and use GPS geolocation/mapping systems to find their way.  Organizations use RFID tags to monitor valuable items, track their mobile inventories and manage logistics.  Most of us these days rely heavily on our mobile phones and PDAs which are, in fact, sophisticated digital radios using the 3G and other wireless networks.  Many of us have Bluetooth headsets and other gizmos.  Wireless is literally all around us. 

While wireless technologies have tremendous business and personal benefits such as convenience and ease of use, there are some serious information security risks that need to be adequately addressed to avoid eroding or completely negating the benefits.  Simply buying a WiFi access point from a local retailer, plugging it into the network and carrying on as before is probably not A Good Idea as far as network security is concerned, yet this is pretty much how many home WiFi networks are set up in practice.  Scary!

Hackers enjoy the benefits of wireless technologies too, whether that’s connecting to the Internet via someone’s insecure WiFi setup or via a 3G modem.  WEP and WPA encryption schemes and MAC address filtering are no real impediment to WiFi hackers intent on stealing credit card numbers from retail outlets, while insecure Bluetooth headsets are evidently an open invitation to snoop on the conversations of random passers-by.  Furthermore, radio interference whether accidental or deliberate can disrupt wireless circuits.

This month we explore the information security gotchas undermining a variety of widely-used wireless technologies, discussing the security countermeasures necessary to bring the risks under control without destroying the undoubted business benefits that wireless brings.

Outline of the awareness module’s content

There are 30 types of awareness material in the new module, including at number 1 the ‘awareness activities’ paper suggesting creative ways to promote the wireless security topic:

September’s NoticeBored module is packaged and delivered to subscribers as a compressed Zip file totalling about 49 Mb containing the editable MS Word, PowerPoint, Visio and JPG files, plus 4 screensavers, described above and shown on the directory listing below.  As well as the editable MS Word version of the newsletter, we include the Acrobat PDF version of the newsletter which can be freely circulated outside the organization.

NoticeBored is for you, yes you!

If this brief outline of our latest awareness module intrigues you, why not contact us to evaluate NoticeBored?  We’ll send you the contents of a complete module, plus an evaluation license for you to try them out.  There’s no commitment or charge to evaluate.  Find out what makes NoticeBored different and discover what led ENISA to describe us as “best practice experts” in security awareness.  We can even help you build a budget proposal to invest in a security awareness program.  When finances are tight, remember that awareness is the most cost-effective form of security.  A dollar spent on security awareness achieves much more than a dollar spent on security technologies such as firewalls, antivirus controls and suchlike.  Alert, security-aware employees who appreciate the symptoms of security attacks or incidents and know how to respond are far less likely to succumb.  Make security everyone’s business with NoticeBored.

Copyright © 2010  IsecT Ltd.