SECURITY ISSUES LINGER AT N+I

Network security was such a critical element of the Networld + Interop 2004 show that an entire “zone” of the convention floor was set aside to showcase user authentication tools, VPNs, anti-virus solutions and other measures.

The protection of wireless and Wi-Fi networks was arguably the dominant theme for the mobile enterprise-focused companies exhibiting at N+I, with many maintaining that the traditional holes and weaknesses plaguing WLANs have now been eradicated. In fact, they say the biggest threat to their business is no longer actual physical attacks, but a lingering public perception that wireless networks are still easily susceptible to penetration.

“Much of the public still thinks wireless networks are unsafe,” said Asa Holmstrom, president of wireless security software developer Columbitech. “We need to make people more secure about security.”

Holmstrom said the perception of wireless is a problem that extends beyond security questions. “Every company has security needs, but at the same time, security creates overhead and lowers productivity, and they don't see the ROI or calculate how much more money they're going to make from mobilizing workers,” she said. “Security is very difficult to understand.”

Mobile professionals are the bread and butter of the wireless enterprise, but they may also pose its biggest remaining threat. Network security developer Fortinet contends that while traditional issues like hacking and Wi-Fi war-driving have been solved, the industry has failed to account for content-based threats, saying that mobile users can easily acquire viruses and worms while connected to the kinds of public networks available at retail Wi-Fi hot spots like Starbucks or McDonald's.

“The number-one source of content threats is mobile professionals,” said Richard Kagan, vice president of marketing at Fortinet, which launched its FortiWiFi-60 anti-virus firewall system earlier this year. He said many organizations believe content-based threats originate at the edge of the wired network, overlooking wireless access that originates within LAN and never even passes through the external gateway.

“That's how viruses can get behind the firewall through the backdoor and infect the entire network,” Kagan said. “There are no security standards to deal with content-based threats.”

Columbitech's Holmstrom agreed that security developers have largely failed to account for content-based threats. The new Enterprise Server features the company announced at N+I specifically target remote workers using public Wi-Fi networks, enabling IT administrators to monitor and inventory wireless devices before they access the corporate network and quarantine any devices missing the most recent security applications and patches.

“The industry needs to better integrate security solutions,” Holmstrom said. “Different products need to work together.”