Wireless security: Accident waiting to happen?

For a long time, computer security solutions vendors have been allaying fears about the secuirty of wireless networks, saying that remote access or wireless connection to corporate VPNs posed no "real dangers" compared to the traditional wired connection. Well, maybe not anymore.

Hackers and virus writers have become ever bolder, writing malicious codes that can easily penetrate and create damage to all types of corporate networks.

Recently, wireless hotspots have sprouted in most busy places like cafés, hotel chains, airports and bookstores that provide high-speed Internet access, mobility, flexibility and improved productivity for field staff and traveling executives. Little do most of these users know that remote wireless access now poses significant security risks.

"A hapless, latte-sipping Web surfer can easily become infected with a virus or worm that has been picked up by a neighboring user." Richard Hanke, director of Product Management, Fortinet

According to Richard Hanke, director of Product Management at security firm Fortinet, most mobile users don't realize that once connected to wireless hotspots, they become members of a connected community of users, of which most or all are strangers. There is often little or no control of what can pass from user to user via a wireless access point, and that can have disastrous consequences.

"A hapless, latte-sipping Web surfer can easily become infected with a virus or worm that has been picked up by a neighboring user. But the real damage occurs when the newly infected user returns to work, connects to the corporation's wireless access point, and passes the virus to the whole network. That innocent cup of coffee just cost his company thousands of dollars and sent his IT administrator scrambling to clean the network," says Hanke.

Companies today that provide wireless connection to their employees through VPN are even more vulnerable to security breaches, especially if their wireless networks are unsecured.

"Potentially anyone with a wireless network card can 'eavesdrop' on network traffic, or even gain access to the company network," warns F. Matthew Young III, vice-president for Asia-Pacific, Fortinet. "Given the range of current wireless access points, this has serious implications, especially for small companies in office blocks, where the offices above and below may be able to tap into their network."

"VPNs are even more vulnerable, because you don't need to be on the company premises, nor even in close proximity to the company's offices, to be connected to the network," he adds. "If improperly configured, or if users use weak passwords, it is possible for hackers to do nasty things to your network."

Mobile connection threats
With more and more mobile users migrating to smart phones, a new phone virus called Cabir has also been discovered.

According to a senior manager for security company Symantec, in order for the worm to spread, the user of a targeted phone has to approve of a download from an unknown source.

To propagate, the worm has to clear three hurdles: First, the target device's user must allow the infected phone to connect to the target device through the Bluetooth wireless protocol. Then, the potential victim must accept the data for download. Finally, the user has to agree to install the application.

Symantec and other antivirus companies confirm that, theoretically, the worm can spread between Nokia Series 60 phones running Symbian 6.1 or higher, but other phones made by other manufacturers may also be susceptible to this phone virus.

"We don't believe it's in the wild," says Charles Cousins, managing director of Sophos Asia. "For now, we advise smart phone users to be careful about which applications they launch on their devices. If they're not expecting to be sent an application, they shouldn't run it."

Content-based attacks
Most of the security problems enterprises encounter today are content-based attacks--such as viruses and worms--which may not be addressed by firewalls and can easily pass through VPNs. Even wireless network security standards including the 802.11i recently ratified have failed to address computer viruses and worms issues.

"That is why content security measures must be deployed ubiquitously, at the network edge, in the fabric of VPNs, and at all wireless access points," Fortinet's Young advises.

Cousins recommends that enterprises install antivirus software and ensure that it is updated continually.

"Updates should be done everyday or immediately if a particularly prolific virus is on the rounds," he says. "Users have to stay informed about the latest virus threats and support information. In this way, they will be constantly aware of new virus threats and be more cautious when dealing with unsolicited emails."

"Also, stay up-to-date with security patches and download these patches as soon as they become available. Doing this minimizes the possibility of getting infected by future viruses that exploit on security vulnerabilities and loopholes," he adds.

Romy T. Arambulo is a freelance IT journalist based in Hong Kong.