Mark Lee is a desktop technician at a large law firm. Law firms are among the sl

Question

Mark Lee is a desktop technician at a large law firm. Law firms are among the slowest adopters of new technologies and Mark's employer is no exception. The organization has yet to deploy a wireless network. After bringing up the benefits of wireless networks at a recent meeting with the IT staff, Mark was told that the company will not be deploying a wireless network for serveral years, if ever.

The lack of an IT-configured wireless network has not entirely stopped adoption however. Yesterday, Mark noticed a junior attorney surfing the web with his laptop in the lunchroom -- without a network cable. When Mark asked the attorney how he was connected to the network, he confessed that he plugged a consumer WAP into the network port in his office.

Explain the potential risks of having a rogue wireless network in the office.

Explanation / Answer

There are sevaral risks that stem from the use of a rogue, or undetected wireless network in an office or other place of business.

Risk 1: The company's Activity Directory domain ( where files, plans, employee names and security information is stored) could be joined to by an attacker with a wireless network card via WAP access, that is only in close proximity to the office, such as in a car in a parking lot. In Mark's office, the Activity Directory domain is essentially very unsecure due to the "laziness" of the company to get install a wireless network, which would make it much more harder to access (need codes to get into others WiFi as I am sure you have seen).   

Risk 2: The attacker could access hosts on the Internet network from the lobby of the office with a wireless -enabled mobile computer, even a cellular "smart" phone, nowadays. This is very easy to do and due to the insensitivity of WAP access, unsecure resources to all computers on the networks--including the attackers are easy to get onto. (There is a lack of security).

Risk 3: Traffic between two wired network hosts (two different computers) can be intercepted by a hacker with a wirless network card. This is often times how people can get credit card info, or confidential information like phone numbers and Social Security. This type of action is called "packet sniffing" and is due to the lack of incentive of Mark's company to throw out the outdated WAP protocol that is very unsecure and threatens business.

Risk 4: An attacker can use the office's wireless internet connection from a parking lot, or downstairs in a lobby. Essentially by doing so, it gives the company bad credibility because the attacker can look up, and download whatever he/she wants to. For instance, if an attacker looked at child pornography from this businesses network, this does not look good to IT departments who can see the access points and web addresses visited from their internet network, or access point.

All in all, Mark's office needs to make the switch from WAP to a much more secured connection.

Please Rate (this took a while to type up).

Related Questions

Navigate

• Browse (All)
• Browse M
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.