IBM Ripples Security Waves with 802.11 Wireless Auditing Tool
Page 1 of 1
IBM Research Thursday said it has successfully created what it believes is the first automated auditing tool that can monitor 802.11 wireless networks, which would significantly improve security for users of Wi-Fi who want to combat "drive-by hacking." And in keeping with IBM Corp.'s endorsement of open-source operating systems, it's based on Linux.
As a prototype, the Wireless Security Auditor is hardly ready for the market. But if and when IBM does decide to sell it to the wireless networking buffs who work in a very nascent market, Big Blue could hook network administrators itching to find vulnerable access points for their companies. By monitoring and analyzing them in real time, the net admins could make sure security threats are removed.
As it stands now, the security auditor runs on a small, unspecified wireless personal digital assistant. Audit information is presented on a color coded user interface, with configured access points shown in green, and vulnerable ones shown in red. Info is also available for all access points, including station and network name, address, location and security state.
Existing security for 802.11 wireless consists of two subsystems: a data encryption standard known as Wired Equivalent Privacy (WEP) and an authentication algorithm called Shared Key Authentication. WEP and Shared Key are optional, and wireless access points are typically shipped with both turned off.
"Today's wireless networks are facing big security challenges," says Dave Safford, manager of Network Security at IBM Research. "As 802.11 wireless networks become more common, companies' intranets are increasingly being exposed to drive-by hacking. Our Wireless Security Auditor will be an essential tool for security experts to maintain wireless network security."
Estimates of figures for wireless networking security do not exist yet because the market is so young. But taken separately, wireless data transfer and security are lucrative markets enough. When finally conjoined, they may truly prove profitable for players in both fields.
Gartner Inc. has studied both. In June the research firm determined that there will be 137 million wireless data users in the U.S. by 2005. Most of them will be corporate users.
"Increasing mobilization capabilities of work forces, together with additional competitive pressures will drive the adoption of wireless data to enable corporate applications such as e-mail and messaging as well as specific vertical applications such as field service, and sales/inventory programs," said Tole Hart, senior industry analyst for Gartner Dataquest's worldwide Telecommunications and Networking group.
As for security, Gartner stated that "only 0.4 percent of a company's revenue is dedicated to information security in the U.S. By 2011, however, that figure will increase by 10 times to 4 percent of revenue for U.S. companies."
"While e-mail viruses and international espionage steal the media limelight, the palette of security issues spans every business process, application and desktop," said Roberta Witty, Gartner research director.