Despite its many exciting possibilities for new business opportunities, cost-savings, and user freedom, wireless technology presents serious challenges to information security. Any form of wireless communications that is not properly encrypted can be intercepted with the right equipment--in some cases nothing more than a low-end notebook computer armed with a $100 wireless network card and specialized freeware packet sniffing and discovery software. Frequent reports of war driving (using just these interception tools while driving down the street) in major cities have identified numerous wireless access points via factory default security settings in insecure mode just waiting to be exploited by the use of default access passwords and simple attack methods.
Consider too that employees desiring more flexibility in their office networking can easily go to the nearest office supply, electronics, and even major discount stores and purchase a powerful wireless access point and associated wireless network card for less than $200 to create an immediate, unsecured backdoor to the enterprise network. In addition, improperly secured WAP gateways can be used as an exploit focal point that can be leveraged to intercept wireless business transactions while they are temporarily in clear text during the gateway process of converting full-size Web applications to miniature-size applications for cell phones and PDA devices.
The link for this article located at NetSecurity is no longer available.
