The Business Justification for Wireless Intrusion Prevention

The Business Justification
for Wireless Intrusion Prevention
339 N. Bernardo Avenue, Suite 200 . Mountain View, CA 94043www.airtightnetworks.net
A I R C O V E R F O R N E T W O R K S E C U R I T Y © 2005, Airtight Networks. All rights reserved.The Business Justification for Wireless Intrusion Prevention
More and more companies are realizing that their corporate air waves are an asset thatrequires protection. Strong security policies have been created for wired networks - protec-tion systems such as firewalls, IDS, anti-virus and anti-spam systems are put in place and poli-cies are monitored for compliance. The same is now needed for the corporate air waves.
The proliferation of Wi-Fi makes it nearly impossible for today's enterprise to remain unaf-fected by this technology. Wireless LAN capability shipped in over 90% of laptops1 in 2005.Due to the prevalence of wireless LAN infrastructure in neighboring buildings, cafes andretail stores, it is now common to be within range of half a dozen or more Wi-Fi networks atthe same time. Even if corporate policy dictates 'no Wi-Fi', networks and users both need tobe protected from a wide variety of wireless threats (rogue Access Points, unintentional clientassociations, ad-hoc networks, etc.).
Enterprise Wireless LAN Penetration The Financial and LegalConsequences of a Weak Wireless Security PolicyThe penalties for a lax wireless securi-ty policy, compliance and monitoringprogram can be much greater thanembarrassment. As was recently ruledon by the Federal Trade Commission2,Discount Shoe Warehouse (DSW), amajor retailer of men's and women'sshoes, now faces significant financialpenalties and the imposition of atwenty (20) year monitoring plan oftheir security policy and complianceSource: Dell 'Oro procedures. A key problem in theirsecurity processes was "failing to useThe exponential growth of wireless LAN technology readily available security measures tomeans every corporation will be exposed to wireless threats, whether they have a 'no Wi-Fi' policy or not. limit access to its computer networksthrough wireless access points on thenetworks...and failing to employ suf-A strong security policy was created to protect the ficient measures to detect unautho-rized access." In addition to imposi-corporation's assets from abuse over the wireline network. tion of a of $6.5 to $9.5 million fine,The new reality of wireless technology means that main- the company has spent considerabletaining that same level of protection now requires consid- IT, PR and legal resources on thisering threats via the corporate airwaves. To protect your issue. Deployment of a wirelessintrusion prevention system couldcorporate air waves, you need to: have providing warning, as well as. define a wireless policy prevented, the security lapse throughwireless access points.. enforce that policy, and. audit and demonstrate compliance to the policy
1 IDC estimates 98% of laptops will ship with embedded Wi-Fi in 2007.2 www.ftc.gov/os/caselist/0523096/051201caseanalysis0523096.pdf Page 1 of 3
A I R C O V E R F O R N E T W O R K S E C U R I T Y © 2005, Airtight Networks. All rights reserved.The Business Justification for Wireless Intrusion Prevention
Corporations have good business and legal reasons for setting up security policies and stringent compliance plans. Identify Theft Over Strong security policies need to be developed, implemented the Wireless LANand monitored for abuse. A corporation that fails to moni- Because wireless signals extendtor for policy abuse is missing an important component of beyond the physical perimeter of thebuilding, wireless security becomessecurity. Thus, wireless perimeter intrusion detection soft- even more important. Case in point ware must be installed on a network, because it monitors is Lowe's Home Improvement whichfor abuse of policy. Delaying an investment in wireless found its network hacked by two mensitting in their parking lot using off-perimeter intrusion detection software leaves a company the-shelf wireless hardware3. Whileopen to litigation, fines, prolonged audit requirements as ultimately arrested and successfullywell as loss of business, good will and corporate image. prosecuted, the men were able tobreak into the national computer system, obtain customer credit cardinformation and install a program "Whether hackers are able to enter a company's WLAN that altered the wa... [download for more]