Security through layers

Wireless networks are inherently insecure, but the more layers of security they have, the less likely they are to be attacked, said Mischel Kwon, wireless security officer for the Justice Department's Management Division.

Speaking today at the Wireless/RFID Conference and Exhibition in Washington, D.C., Kwon said the most secure layered approached would use the latest wireless grid technologies in combination with wireless intrusion-detection systems.

Because of the insecurities inherent in wireless technologies, a lot of fear exists, said Capt. Sheila McCoy, former director of information assurance in the Navy's Office of the Chief Information Officer. "We're a rather risk-averse bunch," she said. But attitudes toward wireless networks are changing as Defense Department officials learn more about managing risk with new technologies, she added.

Dan Hickey, deputy commander for computer network defense at the Marine Corps Network Operations and Security Command, prefaced his remarks by saying that "wireless technology scares me." Few agencies, he said, are using layered security or "defense in depth" correctly when deploying wireless technologies. And on the policy side, he said, agencies need to ask who has the authority to accept risk for the organization when people begin using such technologies.

Wireless expert Bill Neugent, chief engineer for cybersecurity at Mitre, a nonprofit engineering organization, said that the proliferation of wireless technologies such as radio frequency identification chips and nanoscale "smart dust" will cause both privacy losses and productivity gains.

According to other wireless experts who offered tips on security technologies and policies, open-source products are the most popular for auditing the security of wireless networks. Auditors in the Government Accountability Office, for example, use open-source scanners NetStumbler and Kismet to conduct wireless audits, said Dan Van Belleghem, technical director for the information assurance group at SRA International.

For the most part, wireless networks become open to attack because administrators fail to properly configure wireless access points with password protection, use no encryption, have no virtual private network protection, and do not disable the infrared ports and peer-to-peer features of their wireless networks, Kwon said.

The conference was sponsored by the E-Gov Institute.


  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

Stay Connected