Overly on Security

About this Blog:

The legal side of security.

Michael Overly

Rumors of WEP's demise are greatly exaggerated

to Data Protection |
Well it’s official.  WEP is dead, again.  A recent spate of articles and a new study (Breaking 104 bit WEP in less than 60 seconds) have firmly established the demise of WEP.  In light of the foregoing, certainly no business would continue to use WEP to secure its wireless networks, right?  Well the answer is not what you might think.  There are two problems.  First, we have encountered numerous businesses, particular those in the small to medium size range, that continue to use WEP.  As is so frequently the case, they set their networks up and forgot about them.  They simply don’t appreciate their lack of security.  How did we find these businesses?  We discovered them while conducting due diligence in transactions in which they would be entrusted sensitive information of a business partner.  As part of that process, we asked the businesses whether they use wireless networking and, if so, how they were securing their networks.  Amazingly, a significant number of respondents, after considerable prodding, identified WEP as their one and only method of securing their networks.  In each case, the businesses were given a choice:  upgrade your security or be disqualified from further consideration. 



Now you may say the businesses discussed above are an anomaly.  Certainly no sophisticated business would continue to use WEP.  Unfortunately, many are, but potentially without their knowledge.  This brings us to the second problem I have seen:  employees with insecure home networks remotely accessing their employer’s systems and storing sensitive company information on their home computers.  While the employer’s networks may be adequately secure and free from WEP, their information may nonetheless be stored on the inadequately secured home computers of its employees.  This is a risk businesses should be monitoring.  If employees are permitted remote access, a VPN can certainly be used to increase security over an insecure home wireless network.  But, what about the information that is downloaded from the company network and stored on the home computer?  That information may and likely will be placed at significant risk resulting from the insecurity of the employee’s home systems.  This has led some businesses to reevaluate their remote access policies to better control the security of their employees’ home computers.  This is clearly something every business should consider when their employees may be storing company proprietary/sensitive information on their home systems. 



Based on the foregoing, I expect we will continue to see the effects of WEP for the foreseeable future.  To paraphrase Mark Twain, the rumors of WEP’s death are greatly exaggerated.
Print
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
WHITE PAPER
Reduce Email Archives up to 60%

Clearwell Are you considering implementing a proactive archiving and eDiscovery solutions? This paper summarizes 15 separate soft cost savings when implementing Symantec Enterprise Vault and the Clearwell eDiscovery Platform.

» Learn More

WHITE PAPER
Aberdeen Report: To Patch, or Not to Patch? (Not If, But How)

Secunia The report explores the correlation between the current use of patch management and the level of endpoint-related risk that companies are effectively accepting.

» Learn More

Browse CSO Blogs

See all CSO Blogs »

Recent Comments

RESOURCE CENTER