Intel will ship its Grantsdale chip set this summer with the wireless features turned off by default in an attempt to prevent the spread of unsecured access points.
One of the features of Grantsdale is its integrated access point, which turns an ordinary PC into a gateway for other devices to connect to the network.
IT managers already fear those APs will turn into back doors for hackers to wander into an otherwise secured corporate network, analysts say.
If nothing else, the introduction of Grantsdale will focus much-needed attention on wireless security issues. In addition to the access points theyve installed themselves, IT managers have already begun to fight the spread of so-called “rogue” access points, such as a worker installing a cheap access point for his or her own convenience.
“War driving” mobile PCs have already been able to sniff out wireless communications at major retailers. The Grantsdale chip set is due in late June, sources have said; a complementary chip set for the enthusiast PC market, “Alderwood,” also contains the wireless access point technology.
But the wireless configuration within Grantsdale will be set up in a way that enforces security provisions upon the user, said Howard High, a spokesman for Santa Clara, Calif.-based Intel Corp.
In addition, the PCs will be shipped with Microsofts Windows XP Service Pack 2 (SP2) enabled, which includes an improved, software-based firewall.
“Basically, the access point within Grantsdale is autoconfigured at off,” High said. “One has to go into the system and configure the system as an access point. If he chooses [to run the PC as] an access point, the Microsoft firewall will be automatically configured as default.”
Configuring WEP or WPA security will require manual configuration like a standard wireless router, he said, adding, “I think that there is adequate security within the Grantsdale chip set.”
The problem is that IT managers arent aware of the potential security risks, said Tim Scannell, president of Shoreline Research, a wireless consultancy in Quincy, Mass. “What I find in talking to these IT guys is that they go, I have a wired system, Im OK. But what they dont know is that they have a wireless back door built into it.”
The challenge will be even greater within the government and military sectors, where classified information could potentially be exposed to intruders.
The Department of Defenses Directive 8100.2, published April 14, states, “Introduction of wireless technologies in DoD ISs, including those creating an external interface to non-DoD systems (or allowing use of DoD wireless devices on non-DoD wireless networks) can have a significant adverse effect on the security posture of the IS and requires security review and documentation.”
“Portable electronic devices,” such as wireless-equipped notebooks, that are directly connected to a DoD-wired network shall not be permitted to operate wirelessly while directly connected, the directive states.
Another worry is that the new Grantsdale chip set will be secured by an unproven Microsoft software-based firewall first appearing in Windows XP SP2.
Microsoft currently includes a basic firewall with Windows XP, but customers generally secure their networks behind a hardware firewall, or, in small businesses, equip their PCs with third-party solutions.
As IT budgets rise, managers are going to have to look harder at third-party vendors that arent on the default “approved list” and can meet the new security requirements, Scannell said.
Products from Newbury Networks Inc. and its competitors attempt to lock down corporate wireless networks by sniffing out “rogue” access points and establishing barriers beyond which Wi-Fi access is not permitted.
Matthew Gray, founder and chief technology officer at Boston-based Newbury, said Grantsdale PCs have the potential to become “a substantial security breach.”
“Any wired network solution, any wired network switch … can be potentially completely circumvented by a misconfigured desktop,” he said.
At last weeks NetWorld+Interop show in Las Vegas, Newbury charted 386 distinct access points broadcasting open wireless networks that could be considered rogues, the company said in a statement Tuesday.
But wireless back doors in the hands of users arent entirely new. Wirelessly connected workers first started migrating away from corporate cubicles with the spread of Intels Centrino chip sets, which combined a wireless client with the companys low-power Banias processor and chipset.
A Centrino notebook can be manually configured to serve as a gateway to a wireless network by bridging the wired and wireless network though Internet Connection Sharing in Windows XP, or by forming an ad hoc network between two PCs. But doing so requires the permission of the other PC, Scannell said.
PC vendors may implement additional levels of security to lock down corporate networks further. But for now, theyre remaining mum on the subject. Dell Inc., for example, declined to confirm that it would support Grantsdale at all.
“For anybody to assume that Dell will support any products from Intel would be speculation, and we cant comment on that,” said Jeremy Bolen, a spokesman in charge of Dells Optiplex line.
“You can assume, however, that we will be supporting industry-standard security solutions.”