Internet Security Systems Moves to Parry Drive-by Hackers

Atlanta-based Internet Security Systems Inc. (ISS) has long had this concern
about drive by hackers. That’s right — drive-by hackers.


ISS claims perpetrators can equip their laptops with wireless technology,
sit inconspicuously on a park bench, or in a car, and casually monitor
traffic, access applications, and hijack data flowing over someone else’s
wireless network, unbeknownst to the victim. To combat this threat, which
sounds like it could be a plot line from an upcoming James Bond film, ISS
Wednesday drew the curtain on wireless local area network (WLAN) security
software an consulting practices.


Why create safety for the WLAN? ISS said
it believes enterprises are deploying WLANs with increasing regularity
because they are cost-effective and help workers grab knowledge on the go
from laptops or personal digital assistants (PDAs). And very little exists
in the way of security for wireless networks as compared to their wired
counterparts, LANs?


Gartner Group, it would seem, concurs that wireless networks are in the
midst of proliferation. The research firm said 50 percent of all enterprises
in the U.S. will have deployed a wireless LAN by 2002, an increase from 21
percent at the end of last year (2000). Accordingly, ISS said the fact that
wireless LANs can easily be accessed by outsiders — friendly or not —
means they need strong protection.


And just as perpetrators like hackers and crackers have done to wired
networks, they can assault WLANs through the same methods: unauthorized
access points; data interception; denial-of-service (DoS) attacks;
peer-to-peer sabotage; and wireless laptops to attacks when they roam to
public access points, such as airports and hotels.


What is more frightening, ISS claims, is that non-technical employees, while
often victims of attacks, are often unaware of these threats. This ignorance
can make the comfort of the firewall a false security blanket.


“Most companies have no idea that their networks are wide open to wireless
security risks,” said Christopher Klaus, founder and chief technology
officer for ISS. “Employees today are adding their own wireless access
points to the backbone of their company’s network without the knowledge of
their IT and security staffs. With a lack of awareness by the company that
an access point has been added and a lack of proper security configuration,
these rogue access points can become an intruder’s dream backdoor into a
company’s network despite the front door firewall.”


So, ISS has devised a host of software packages to prevent intruders via
detection. It has also implemented consulting and managed security to
accompany these products:

  • anX-Press Update for its Internet Scanner software — enables customers
    to scan and identify rogue wireless access points on their networks. The
    X-Force team, ISS’ security research arm, is developing additional security
    risk definitions for new
    wireless LAN (WLAN) risks and these will be available as X-Press Updates in
    the near future

  • Security Architecture Consulting — Internet Security Systems’
    consulting solutions group has integrated its security knowledge and
    methodology into wireless-specific offerings, including evaluations,
    penetration testing, design and security
    policy development

  • SecureU Education Services — Scheduled to debut during Networld +
    Interop in Las Vegas on May 7, ISS has added a wireless security seminar to
    its SecureU education programs
  • Managed Security Services — As WLAN protection features are added to
    ISS security software products, ISS’ Managed Security Services will also
    integrate these capabilities into its remote managed security services
    offerings, protecting customers

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web