Mainstream wireless, especially e-mail and Personal Information Management, plays a prominent role in today's business world. However, many of the associated security risks of wireless are often difficult for IT professionals to get a grip on. Conflicts arise when trying to avoid enterprise wireless network security breaches while also trying to control wireless costs. Knowledge Center contributor Dan Croft explains how to strengthen your enterprise wireless network security.
Today, businesses of all sizes are concerned with corporate data being
exposed due to lapses in wireless device security. With expansions to a mobile
user base, companies must recognize wireless security as a valid concern.
The consequences of lost or stolen information can ultimately be detrimental
to an enterprise. In fact, in this troubled economy (where many companies are
essentially disappearing overnight), mass layoffs result in an increased
likelihood that unprotected company data could get into the wrong hands.
Ensuring that all handheld devices are password-equipped and wiping devices
clean of information after employees leave a company are two ways to help
minimize some of the basic security-related anxiety. A company must, however,
consider the additional loopholes. Essentially, security in the wireless space
can be viewed in three categories: connectivity, data packets and IT policy
enforcement. Let's take a closer look at all three categories.
Security category No. 1: Connectivity
Connectivity deals with how the mobile device connects to a company's
mail/application servers. Some of the areas you want to take a look at include
the specific firewall requirements, as well as the type of connection. For example,
do you use a VPN or SSL (Secure Sockets
Layer) connection? VPNs will encrypt traffic; SSL
connections only handle traffic that is HTTP application-specific.
Do you know who has the ability to see data on your server? The optimal
situation would be that only the IT administrators can alter and maintain IT
policies. This would involve having control over the transfer of information
among company servers, as well as the type of data a specific device can
Server data could possibly be susceptible to threats
if a firewall port is opened directly into the mail server. Hackers can easily
crawl into the server via this vulnerable port. Although one option involves
the implementation of a front-end server, it only minimally protects the data.
A better option would be a DMZ (Demilitarized Zone) that has both internal and
external firewalls (see chart below).