Hackers exploit poor Wi-Fi security

Shoddy configuration of wireless local area network (Lan) access points and client software will cause 70 per cent of successful attacks against business networks through to 2006, industry experts have warned.

According to analyst Gartner, security for corporate wireless Lans and PDAs must to be driven by updated security policies that address the fast-developing mobile workplace.

"Whether hackers are able to enter a company's wireless Lan through an unprotected access point or through a peer workstation, once they are associated with the network they will be difficult to detect because they may not be visible in or near the network site," said John Pescatore, vice president at Gartner, in a statement.

"A clever hacker will play it safe and use the company's resources quietly and, as a result, may never be found."

The analyst firm advised that, in order to protect themselves, businesses must ensure that wireless access points are configured securely and that employees or hackers do not install unauthorised ones.

In dense environments, such as urban areas or multi-tenant office buildings, companies have to make sure that their users do not connect to other companies' networks.

The least expensive, and least effective, way of doing this is to buy a wireless sniffer handheld and walk the perimeter of the network.

The most expensive, and most secure, method is to install a separate set of wireless intrusion detection sensors, Gartner said.

"Businesses should use sniffers to demonstrate potential exposure problems to management, especially to the management that funds security problems," said Pescatore.

"Sniffer walks should not be attempted as an ongoing survey method, but should be kept on standby. If rogue wireless Lan activity is detected by network monitoring systems, individual members of the IT staff can be dispatched to act as trackers to home in on unauthorised signal sources."