Mads Lillelund is the CEO of Bluesocket, the leader in open wireless security and management solutions that simplify the complexities of mobile enterprises. In this interview Mr. Lillelund discusses wireless security, the development of wireless networks, the dangers posed by mobile devices, and more.
Despite the insecurities of 802.11, the number of wireless networks is growing rapidly. What should be done in order to raise awareness of wireless security problems?
Yes, the wireless market is growing rapidly and is one of the most exciting markets to be involved in today. A couple of years ago only selected markets, like Education and Healthcare, were deploying wireless but today companies as small as 10 and as large as 10,000 are deploying it and this is happening right across the spectrum. Today, it’s not a question of “if” but “when and how” IT departments will deploy wireless for their increasingly mobile workforce.
I think the industry in general is doing a good job of raising awareness of both the benefits and challenges of wireless networking and security, despite the negative connotations around standards like 802.11, particularly its early iterations. This year we will hear a lot about the much talked about new standard, 802.11n, which will bring wireless connections in line with wired connections. Any standard has its flaws, and any system – wireless or otherwise – is only as secure as it’s weakest link. It’s our job at Bluesocket to make sure a wireless implementation has no weak links at all!
A significant part in the process of developing wireless networks is ensuring that the data on wireless devices is secure. What do you see as the biggest threats to that security?
Usually the biggest threat is the people using the wireless device. As I said before, a system, or device for that matter, is only as secure as its weakest link – and often that weakest link is the person holding it! You can have all the security in the world to protect your data, but if you lose your smartphone or your laptop is stolen, then it’s only a matter of time!
Having a mobile workforce is not new any more, but IT departments have been slow to recognise and respond to the importance of securing end devices against hackers and attackers once they’re outside the building. Now that wireless networking is more common, they’re waking up to the importance of securing wireless devices, and making sure users are aware of the importance as well.
What’s your take on wardrivers? Some say they’re harmless while other label them as criminals.
A few years ago a sort of cult movement grew up out of the worrying lack of security measures employed by many companies and the growing number of home wireless network users. The media image presented was of lawless so-called ‘wardrivers’ or ‘warchalkers’ roaming the streets looking for trouble! Actually what they were looking for was unprotected wireless access points and routers, and when they found one they used chalk marks to identify the premises to others and publicised the information on the Internet. For the most part, it has to be said that they confined their activities to gaining free Internet access, but there are examples of open wireless systems being hacked into, which does suggest a criminal element. I think businesses are wising up to this now and in Bluesocket’s experience talking to these companies, it’s much less common.
The CSO is becoming increasingly aware of the dangers posed by mobile devices that contain confidential information and that are subject to theft or loss. What can they do to mitigate those risks? Is the education of end users within a company the only way to go?
Yes, absolutely. It really carries on from my comments above. Having a strong corporate security policy that incorporates mobile devices is essential for any company employing a mobile workforce – and that’s most companies today.
People use wireless networks on a daily basis and are growing concerned about the possible threats. What advice would you give to mobile users so that they could make and keep their laptops secure on any network?
1. ‘Don’t set up rogue access points’.
This is where an access point (AP) has been installed by an employee onto the enterprise network without authorisation. This is not a malicious act, usually one bourne out of frustration at an internal policy that says ‘no wireless’. The problem is that these rogue APs are unsecured and as such act as a huge security breach into the corporate network.
2. Don’t use unsecured networks
This might seem obvious, but to some it isn’t. There are so many WiFi networks out there today – from hotel rooms to coffee bars – that knowing what is secure and what isn’t can be tricky. Most public wireless networks are secured and require a passcode or log-in. But if these are available, especially for home workers, it’s tempting to log in to the nearest available one, such as a neighbour’s. Apart from using someone else’s bandwidth, it is potentially putting your company data or your personal data at risk. If someone is visiting the office of a supplier, partner or customer, check first that the wireless network there is secure or has what is known as Secure Guest Access. This provides the visitor with quick and simple WiFi access, while allowing the company to control – where, when and for how long – and report on that usage for compliance, legal and security reasons.
3. Be informed
Mobile workers should be guided by their corporate IT department clearly and simply as part of the company’s IT security policy or guidance on mobile working. Many people’s knowledge of wireless networks varies from knowing nothing about the security issues to full-blown paranoia fuelled by reports of the horrors of unsecured wireless LANs! If in doubt, ask.
With the constant evolution of threats, what kind of technology challenges does Bluesocket face?
In the wireless market more broadly, the big challenges are not so much about technology but about convergence. Today, most customer requests are about using voice over wireless networks.
What are your future plans? Any exciting new projects?
The most important innovation for Bluesocket this year is our MIMO (multiple input, multiple output) technology, an enterprise-class wireless access point. MIMO gives improved performance and coverage and is less influenced by hostile or constantly changing environments (both people and things move around in a working environment), which can be a problem for wireless networks. Our MIMO products, which are already 802.11 a and b/g complaint, can be upgraded to the new 802.11n standard simply and easily. This is exciting, as it makes MIMO the equivalent of an access point ‘on steroids’ – the most powerful on the market today!