Wireless Devices - Security Risk?

Archived from groups: alt.internet.wireless (More info?)

From http://www.vnunet.com/news/1155700 --->
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"...companies which had not installed any wireless technology were
also at risk because wireless is shipping in devices from PDAs and
mobile phones to notebook computers".

"He pointed out that Intel's Centrino wireless
capability was embedded in 42 per cent of notebook
computers shipped last year, and will be in 90 per
cent of notebooks shipped this year".

"Whether you're using that wireless capability or not,
every wireless notebook represents a clear and present
danger to the security of your computer network".
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you don't have any access points active/connected, how are these
devices a risk?

Jim Benner
8 answers Last reply
More about wireless devices security risk
  1. Archived from groups: alt.internet.wireless (More info?)

    <b1377@worldnet.att.net> wrote in message
    news:40c65834.710421@netnews.worldnet.att.net...
    > From http://www.vnunet.com/news/1155700 --->
    > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    > "...companies which had not installed any wireless technology were
    > also at risk because wireless is shipping in devices from PDAs and
    > mobile phones to notebook computers".
    >
    > "He pointed out that Intel's Centrino wireless
    > capability was embedded in 42 per cent of notebook
    > computers shipped last year, and will be in 90 per
    > cent of notebooks shipped this year".
    >
    > "Whether you're using that wireless capability or not,
    > every wireless notebook represents a clear and present
    > danger to the security of your computer network".
    > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    > If you don't have any access points active/connected, how are these
    > devices a risk?

    Up until that last sentence you quote, the article was reasonably well
    balanced and accurate. That particular claim - "every wireless notebook
    represents a clear and present danger" - is a bit of an overstatement,
    unless the company is running a WLAN.

    Unfortunately, it's not completely incorrect. Even if there's no WLAN, if
    the notebook is configured for ad-hoc an outsider could associate with the
    adapter. If there are unsecured shares on the notebook, or if the notebook
    is in a docking station connected to the wired corporate net, it could be a
    back door. But this is a really unlikely scenario, and pretty easy to
    eliminate. I don't think it's a significant source of risk.

    >
    > Jim Benner
    >
  2. Archived from groups: alt.internet.wireless (More info?)

    On Wed, 09 Jun 2004 01:06:50 GMT, "gary" <pleasenospam@sbcglobal.net>
    wrote:

    >
    ><b1377@worldnet.att.net> wrote in message
    >news:40c65834.710421@netnews.worldnet.att.net...
    >> From http://www.vnunet.com/news/1155700 --->
    >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    >> "...companies which had not installed any wireless technology were
    >> also at risk because wireless is shipping in devices from PDAs and
    >> mobile phones to notebook computers".
    >>
    >> "He pointed out that Intel's Centrino wireless
    >> capability was embedded in 42 per cent of notebook
    >> computers shipped last year, and will be in 90 per
    >> cent of notebooks shipped this year".
    >>
    >> "Whether you're using that wireless capability or not,
    >> every wireless notebook represents a clear and present
    >> danger to the security of your computer network".
    >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    >> If you don't have any access points active/connected, how are these
    >> devices a risk?
    >
    >Up until that last sentence you quote, the article was reasonably well
    >balanced and accurate. That particular claim - "every wireless notebook
    >represents a clear and present danger" - is a bit of an overstatement,
    >unless the company is running a WLAN.
    >
    >Unfortunately, it's not completely incorrect. Even if there's no WLAN, if
    >the notebook is configured for ad-hoc an outsider could associate with the
    >adapter. If there are unsecured shares on the notebook, or if the notebook
    >is in a docking station connected to the wired corporate net, it could be a
    >back door. But this is a really unlikely scenario, and pretty easy to
    >eliminate. I don't think it's a significant source of risk.
    >
    >>
    >> Jim Benner
    >>

    They know now that almost 50% of company network break ns, are done
    using stolen company notebooks.
  3. Archived from groups: alt.internet.wireless (More info?)

    "AndrewJ" <ajpk3@hotmail.comremove> wrote in message
    news:2qqcc0hndb3sigqa39lugcpsdjja6a6joq@4ax.com...
    > On Wed, 09 Jun 2004 01:06:50 GMT, "gary" <pleasenospam@sbcglobal.net>
    > wrote:
    >
    > >
    > ><b1377@worldnet.att.net> wrote in message
    > >news:40c65834.710421@netnews.worldnet.att.net...
    > >> From http://www.vnunet.com/news/1155700 --->
    > >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    > >> "...companies which had not installed any wireless technology were
    > >> also at risk because wireless is shipping in devices from PDAs and
    > >> mobile phones to notebook computers".
    > >>
    > >> "He pointed out that Intel's Centrino wireless
    > >> capability was embedded in 42 per cent of notebook
    > >> computers shipped last year, and will be in 90 per
    > >> cent of notebooks shipped this year".
    > >>
    > >> "Whether you're using that wireless capability or not,
    > >> every wireless notebook represents a clear and present
    > >> danger to the security of your computer network".
    > >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    > >> If you don't have any access points active/connected, how are these
    > >> devices a risk?
    > >
    > >Up until that last sentence you quote, the article was reasonably well
    > >balanced and accurate. That particular claim - "every wireless notebook
    > >represents a clear and present danger" - is a bit of an overstatement,
    > >unless the company is running a WLAN.
    > >
    > >Unfortunately, it's not completely incorrect. Even if there's no WLAN, if
    > >the notebook is configured for ad-hoc an outsider could associate with
    the
    > >adapter. If there are unsecured shares on the notebook, or if the
    notebook
    > >is in a docking station connected to the wired corporate net, it could be
    a
    > >back door. But this is a really unlikely scenario, and pretty easy to
    > >eliminate. I don't think it's a significant source of risk.
    > >
    > >>
    > >> Jim Benner
    > >>
    >
    > They know now that almost 50% of company network break ns, are done
    > using stolen company notebooks.

    That may be, but that's simply because notebooks are easy to steal, and the
    corporate info on them (including any passwords, login ids, or telephone
    numbers that might be intentionally or accidentally saved to disk) is
    immediately available.

    If the company isn't running a WLAN, then it doesn't matter if the stolen
    notebook has builtin wifi or not. If they were running a WLAN, then if the
    notebook is configured with WEP or WPA preshared key, the company network is
    compromised.
  4. Archived from groups: alt.internet.wireless (More info?)

    >> If the company isn't running a WLAN, then it doesn't matter if the stolen
    notebook has built-in wifi or not. If they were running a WLAN, then if the
    notebook is configured with WEP or WPA preshared key, the company network is
    compromised.

    Gary:

    Not necessarily, if the company was also using VPN.
  5. Archived from groups: alt.internet.wireless (More info?)

    "CZ" <CZ@no99spam.com> wrote in message
    news:9jJxc.5393$4Q5.3796@newssvr22.news.prodigy.com...
    > >> If the company isn't running a WLAN, then it doesn't matter if the
    stolen
    > notebook has built-in wifi or not. If they were running a WLAN, then if
    the
    > notebook is configured with WEP or WPA preshared key, the company network
    is
    > compromised.
    >
    > Gary:
    >
    > Not necessarily, if the company was also using VPN.
    >
    >
    >

    No, of course not necessarily. But even with VPN, you might be surprised at
    what sorts of information can be retrieved by examing swap files. Not to
    mention the fact that people sometimes keep passwords in a file, especially
    if they are required to change this information often. Authentication via
    smartcard is an improvement here, but if someone stole the laptop they may
    also have stolen the card.

    Anyway, rolling this all back to the original post, the only point I'm
    trying to make is that merely allowing employees to carry laptops equipped
    with wifi is not per se an enhanced risk, despite what the article claimed.
    Allowing them to carry laptops at all is the greater part of the risk.
  6. Archived from groups: alt.internet.wireless (More info?)

    In article <zzJxc.5402$XT5.3882@newssvr22.news.prodigy.com>,
    gary <pleasenospam@sbcglobal.net> wrote:
    :Anyway, rolling this all back to the original post, the only point I'm
    :trying to make is that merely allowing employees to carry laptops equipped
    :with wifi is not per se an enhanced risk, despite what the article claimed.
    :Allowing them to carry laptops at all is the greater part of the risk.

    Hmmm.

    So then... a fast food chain employee is authorized to carry latched
    jugs of bleach as part of the hourly bathroom floor sanitation
    procedure. But it isn't any additional risk "per se" for the employee
    to carry around benzine in uncovered cardboard soft-drink cups:
    allowing the employee to carry any hazmat at all is the greater part
    of the risk.
    --
    'ignorandus (Latin): "deserving not to be known"'
    -- Journal of Self-Referentialism
  7. Archived from groups: alt.internet.wireless (More info?)

    "Walter Roberson" <roberson@ibd.nrc-cnrc.gc.ca> wrote in message
    news:ca7vei$ooh$1@canopus.cc.umanitoba.ca...
    > In article <zzJxc.5402$XT5.3882@newssvr22.news.prodigy.com>,
    > gary <pleasenospam@sbcglobal.net> wrote:
    > :Anyway, rolling this all back to the original post, the only point I'm
    > :trying to make is that merely allowing employees to carry laptops
    equipped
    > :with wifi is not per se an enhanced risk, despite what the article
    claimed.
    > :Allowing them to carry laptops at all is the greater part of the risk.
    >
    > Hmmm.
    >
    > So then... a fast food chain employee is authorized to carry latched
    > jugs of bleach as part of the hourly bathroom floor sanitation
    > procedure. But it isn't any additional risk "per se" for the employee
    > to carry around benzine in uncovered cardboard soft-drink cups:
    > allowing the employee to carry any hazmat at all is the greater part
    > of the risk.

    ??? I don't see the parallel at all. Did you read the original post, and the
    article I was responding to? What I said was, if a company doesn't have a
    wireless network, then the fact that employees carry laptops with wireless
    cards does not significantly increase their risk, even though the original
    article specifically claimed that it does. I thought that was a
    straightforward observation, but perhaps not.

    A better analogy would be that the fact that employees carry their car keys
    along with their office keys does not increase the company's risk.

    > --
    > 'ignorandus (Latin): "deserving not to be known"'
    > -- Journal of Self-Referentialism
  8. Archived from groups: alt.internet.wireless (More info?)

    In article <MzOxc.5457$N6.5075@newssvr22.news.prodigy.com>,
    gary <pleasenospam@sbcglobal.net> wrote:
    :Did you read the original post, and the
    :article I was responding to? What I said was, if a company doesn't have a
    :wireless network, then the fact that employees carry laptops with wireless
    :cards does not significantly increase their risk, even though the original
    :article specifically claimed that it does. I thought that was a
    :straightforward observation, but perhaps not.

    But you are wrong: systems default to ad-hoc wireless being turned on,
    and that allows reaching devices that could not otherwise be reached.

    Your counter-argument to that is, as I understand, that employees
    should not be given unsecured laptops, which is true in an ideal world,
    but not so easy to enforce in practice.

    But the way you put your argument, the logic extends further, right to
    the boundary where *everything* that can go wrong with laptop security
    would be the fault of the company for having allowed the employees
    to use laptops at all.

    Companies take risks for business purposes, and it is, in my opinion,
    completely correct for the press to warn companies that they may
    not have previously considered an important risk factor that is getting
    built into computers these days.

    Yes, companies *should* be assigning someone to systematically
    cross-index all the possible security threats of every feature of the
    computer equipment they use, but *in practice* not many companies have
    enough personnel to assign someone to a task such as that. I know well
    that our local organization, about 150 people, doesn't have those kind
    of resources; I don't imagine that the Small Businesses that make up
    most of the economic growth at present have the appropriate
    resources either.
    --
    'ignorandus (Latin): "deserving not to be known"'
    -- Journal of Self-Referentialism
Ask a new question

Read More

Wireless Notebooks Devices Wireless Networking