In contrast, the primary security consideration in a hotspot is ensuring authentication for revenue generation purposes. It is not about keeping WLAN traffic secure. So, most public hotspots (the ones operated for profit) use web page redirection to authenticate the user to the hotspot to collect revenue. This authentication does nothing to protect WLAN traffic, as these access points typically run "naked" (that is, with no encryption protocols in use) to accommodate connectivity by users who own pre-WPA/IEEE 802.11i-compatible WLAN adapters. This introduces hotspot users to WLAN "sniffing" and Windows network share vulnerabilities. If these are your enterprise users, do you want them connected to a "naked" infrastructure with your corporate data sitting on their notebook computer?
Networking Pipeline: Do the security teams at both enterprise and carrier organizations have firm grasp of the security issues?
Thompson: They're both getting there. The carrier organizations are farther along than their enterprise counterparts because they have greater control over the infrastructure. It is much more difficult for a hacker to introduce rogue infrastructure at a carrier than in the enterprise. Adding an access point to the enterprise network is a relatively simple proposition, hence the problem of rogue access points. This really doesn't occur in the carrier infrastructure. The best weapon the enterprise can employ in the security battle is education, both the IT function and the users-the carriers don't have that battle to fight, so this puts them ahead at the moment.
Networking Pipeline: For enterprises, are there some key principles in managing WLAN security that are distinctly different from those associated with managing other enterprise IT assets?
Thompson: There are a few. The overriding principle is that WLANs can both exacerbate existing security problems such as weak passwords, and unencrypted traffic, and introduce new security problems that result from no longer needing a physical connection in order to attack or compromise the network. With more and more corporate data residing on endpoint computers (workstations and notebooks) instead of servers, the WLAN security paradigm requires hardening of the endpoints, instead of the traditional practice of a hardened perimeter and server infrastructure. This is the greatest new threat WLAN introduces to the enterprise, and enterprise IT/security professionals must address it.
Discover the benefits of scalable backbone and network services for application and cloud providers.
Network automation is gaining momentum. Here's how you can drive this powerful technology to its full potential.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
