Gartner: Misconfigured APs Cause Most WLAN Breaches

The majority of wireless LAN security breaches are caused by poorly configured access points (APs) and client software, Gartner, Inc. said this week.

"Whether hackers are able to enter a company's WLAN through an unprotected AP or through a peer workstation, once they are associated with the network, they will be difficult to detect because they may not be visible in or near the network site," said John Pescatore, vice president and Gartner fellow. "A clever hacker will play it safe and use the company's resources quietly, and as a result, may never be found."

Pescatore made his comments at Gartner's IT Security Summit this week in Washington D.C. He said that it is essential that enterprises prevent rogue APs and that "official" APs are configured correctly. To do that, enterprises should install their own wireless intrusion detection sensors and not rely on methods such as having IT personnel walk the hallways with wireless sniffers.

"Sniffer walks should not be attempted as an ongoing survey method, but should be kept on standby," Pescatore said.. "If rogue WLAN activity is detected by network monitoring systems, individual members of the IT staff can be dispatched, to act as trackers, to hone in on unauthorized signal sources."

He stressed that intrusion detection systems must be vendor-independent that can detect all WLAN traffic.