Vulnerable to Attack
Vulnerable to Attack Wireless hot spots are vulnerable to eavesdropping and man-in-the-middle attacks, which is why IT managers who allow employees to transfer data outside the corporate firewall should authenticate users and enforce encryption. Virtual private networks already in place should be used to secure Web browsing and the transfer of information, whether its via instant messaging or e-mail."I dont have any restrictions, but there is a standard set of policies users are expected to follow," said Angelo Kapitsas, a network engineer at Edmunds.com. "It shouldnt matter how theyre accessing data, as long as it stays secured." For example, employees are expected to keep passwords private, run anti-virus software and close browser windows when a Web session is complete, said Kapitsas. With these policies understood, employees who have wireless cards are free to access e-mail secured by standard Secure HTTP using any Web browser. "There are chances that data could be wirelessly intercepted, but if users are accessing corporate resources from a public hot spot, that data is encrypted," said Kapitsas, in Santa Monica, Calif. "Im more concerned about people getting onto our network within our offices, to be honest." Senior Writer Anne Chen can be reached at anne_chen@ ziffdavis.com.
At the Web site of Edmunds.com Inc., an automotive information source, employees are asked to follow the same security policies when accessing public hot spots as they do when using a dial-up connection.