Wireless Security Starts at the Endpoint
|
 |
|
|
|
by Dr. Tina Bird - Security Architect, InfoExpress - Monday, 25 April 2005.
Offering convenience and ease of use that have revolutionized the way people
use computers and networks, wireless networks have also complicated endpoint
management and security. Wireless networks have earned a reputation for being
difficult to monitor and administer, exposing organizations to a higher rate of
infection from Trojans and viruses and incurring greater support costs than
anticipated.
Today, the term “wireless security” usually means
technologies that prevent unauthorized or malicious users from connecting to a
wireless network. Wireless security technologies inspire heated discussions
about key negotiation and data encryption, as well as user and host
authentication. While these mechanisms are vital components of a secure wireless
architecture, they do little to guarantee the configuration and patch levels of
the machines joining the wireless network, and little to reduce the likelihood
of a legitimate user’s infected machine using the wireless connection to spread
chaos throughout the production infrastructure.
The real world
limitations of “traditional” wireless security have been made abundantly clear
during the past two years by the Blaster and the associated Windows RPC attacks,
Sasser, the Agobot/Phatbot family of Trojans and other notorious Windows
security incidents. As organizations quickly learned, neither encryption nor
strong authentication defends an organization against Blaster and its ilk. In
fact, relying solely on these mechanisms may actually make the organizational
exposure worse because once these machines are authenticated, they typically
have access to file shares and other network resources which can be leveraged by
malicious code to spread infections. And if VPNs are used to provide access to
remote users across public, insecure networks, they often unwittingly become the
channel these mindless destructive exploits usurp to bypass firewalls and other
perimeter defenses.
New challenges also bring new opportunities. Many
security architects and network administrators are using the rapid adoption of
wireless connectivity to reduce these mobile computing risks, by supplementing
their native wireless security mechanisms with endpoint configuration management
and enforcement tools. These systems secure wireless networks by blocking access
to the production environment until an endpoint has passed a security audit
which validates the endpoint’s patch level, the presence and state of security
tools and a variety of system configuration details. The endpoints gain access
to production systems only after their compliance to security policy
requirements has been verified by the audit.
A number of commercial
endpoint policy management and enforcement systems manage network access control
levels dynamically, using the results of scans or agent-based audits, allowing
administrators to easily apply the same endpoint security requirements across
many different types of network access methods including wireless, VPN/remote
access and traditional LAN switches. Administrators can use these systems to
display and verify many details about the endpoint configuration, including the
registry settings, operating system and application versions, anti-virus
signatures and running network services and processes. In addition to access
control, these offerings typically support a variety of configurable endpoint
remediation options, ranging from message pop-ups on the endpoint system to
redirecting the user to a Web server to automated patching without any user
intervention. This powerful combination of endpoint visibility and audit
mechanisms, dynamic access enforcement and transparent remediation significantly
reduces the chances that a rogue or infected PC will be able to compromise a
production network through wireless (and other) links.
While all network
topologies will benefit from policy enforcement technologies, wireless networks
gain some of the most significant advantages. Even relatively simple checks –
like verifying that the anti-virus process is up to date and running – can
greatly reduce the chances of a virus or Trojan penetrating the wireless
infrastructure. And an enforcement mechanism that requires all laptops to have
critical patches, up-to-date and running anti-virus programs, no file sharing
and encrypted storage for corporate documents will greatly reduce the chances of
a laptop leaking sensitive data when connecting to the corporate network
wirelessly from hotspots at an airport lounge or coffee shop.
Thus, the
new wireless security paradigm starts at the endpoint, combining inspection and
remediation tools with network-based dynamic access controls to let colleagues
take full advantage of wireless network ease and convenience, while keeping
competitors and other digital vermin out.
|
|
|
|
Transparent Heater utilizes ITO technology
Camera combines 1600 x 1200 resolution and color imaging
Digital Camera offers high resolution and speed
Research and Markets : The Development of Gaskets and Seals Market within China
Digital Video Camera is PC compatible
CVQ1204 - 12 inch B/W Quad Security Camera System
Adtran Announces Industry’s First Integrated Power over Ethernet (PoE) Switch
Network Security Provides Clear Vision for Local Opticians.
Machine Vision Cameras offer UV option
Meditab Software, Inc. Releases an Upgrade to Intelligent Medical Software (IMS)
Aleph Internet Charity Auction for $18,000 in Cash and Dozens of Prizes in
Security Camera News
 |