On Thursday 10 August 2006 17:11, Howard Oakley wrote:
> > This IS really bad for companies, for they can throw away their
> > security measures if all it takes to get the data is a vulnerable
> > computer reachable from the car parked outside the well guarded
> > building.
>
> How many corporates actually use wireless networking inside their
> firewalls etc.?

A LOT!

Speaking from my experience, of course.
There are mostly two cases in play:

a) the company decides they do need wifi access for any reason;

b) some manager discovers that there's a way to avoid plugging ethernet
cable into the notebook every time (s)he returns to office.

Point b is troublesome one. If a company decides they want to use wireless,
they would probably have done it correctly, either by having their IT
department plan and deploy, or by outsourcing this to some IT company.

If a boss, however, decides that (s)he wants a wireless connection, it
might just end up being patched by an inexperienced IT employee. Boss
doesn't care about any technobabble, and rarely want to listen about all
steps that should be done to securely implement wifi. If a boss wants
something, boss gets that.

There's third possibility, that someone in the company just decided to buy
a wifi card and use it on internal network (for "b" reasons).

> Unless they have very remote locations, I'd certainly never advise them
> to.

Neither do I, but it is hard to convince people that while this seems a
cool technology, it might be a pretty big security risk and should be
avoided if possible. I talk to the people - and they tell me that having
wired connections is sooo "pase", and they're cool company that has to use
cool technology.
But I do have more success with my ICT-oriented clients, at least they can
understand what I'm trying to tell them. :-)

--
Radoslav Dejanoviæ
Operacijski sustavi d.o.o.
http://www.opsus.hr

[ reply ]