Six Business Security Leaks You Should Plug Now
The Titanic was thought to be unsinkable, a testament to the engineering prowess of its day and the fact that luxury liners rarely collided with massive icebergs.
In modern enterprises, there's a similar perception of invulnerability. Yet, for every large organization that glides through the year without any mishaps, there are many stories about perilous break-ins, Wi-Fi sniffing snafus and incidents where Bluetooth sniper rifles were used to steal company secrets.
Here's a look at six security holes that are often wide open, even in companies that take great pride in their security precautions. We checked with security consultants to find out what you can do about them, before your enterprise ship hits a wall of ice.
1. Unauthorized smartphones on Wi-Fi networks
Smartphones create some of the greatest risks for enterprise security, mostly because they're so common and because some employees just can't resist using personal devices in the office -- even if their employers have well-established policies prohibiting their use.
"The danger is that cell phones are tri-homed devices -- Bluetooth, Wi-Fi and GSM wireless," says Robert Hansen, founder of the Internet security consulting firm SecTheory. Employees who use their personal smartphones at work "introduce a conduit that is vulnerable to potential attack points," he explains.
If you use a device like a smartphone that spans multiple wireless spectrums, "someone in a parking lot could use a Bluetooth sniper rifle that can read Bluetooth from a mile away, connect to a smartphone, then connect to a corporate wireless network," says Hansen, who is also known by his alias, RSnake. Bluetooth is the open portal that lets a hacker access Wi-Fi and therefore the corporate network.
Hansen says policies that simply disallow smartphones aren't likely to be effective -- employees will be too tempted to use their gadgets at work even if they're prohibited. Instead, he says IT should allow only approved devices to access the network. And that access should be based on MAC addresses, which are unique codes that are tied to specific devices -- making them more traceable.
Another tactic is to use network access control to make sure whoever is connecting is, in fact, authorized to connect. In an ideal world, companies should also separate guest access Wi-Fi networks from important corporate networks, says Hansen, even if having two wireless LANs means some redundancy and management overhead.
Another approach: Provide robust, company-sanctioned smartphones on popular platforms, such as Google's Android, and thereby dissuade employees from using nonsupported devices. By encouraging the use of approved phones, IT can focus on security precautions for a subset of devices instead of having to deal with numerous brands and platforms.
Next page: No-nos of network printing and social networking