The article, based in part on security incident reports, explains that some staff have been creating unauthorized wireless networks. This is clearly poor workplace conduct and must be addressed. We do not expect employees to modify the physical facility without permission, nor should they modify the IT environment.
Bringing a wireless access point to work and connecting it to the employer’s network is obviously unacceptable. Many consumer-grade wireless access points lack the security features required for corporate use, and most employees do know how to adequately secure them. But there is much more to this issue than employees breaking security policy.
Without incident details, we will never know what actually transpired. However, the usual scenario is an employee plugging a Wi-Fi access point (or router) into the existing wired network. This was a very common issue faced by many businesses when inexpensive consumer Wi-Fi products were first introduced.
According to the article, the offices include facilities for secure email and fax, and boardrooms for secure discussions. These offices clearly have high security requirements. A fundamental question remains why unauthorized wireless access points could be connected to the network in the first place.
The Citizen article suggests that those responsible for the network did not have control, “workers in the office didn’t acquiesce to requests from Public Works officials to kill the Wi-Fi network,and the documents suggest Public Works Minister Diane Finley may have stepped in.”
Monitoring and controlling wired and wireless networks in sensitive environments is essential. Wired networks should be controlled using 802.1X port-based network access control. This commonly available network security solution only allows authorized devices to connect to the network.
The wireless environment in sensitive areas should also be controlled. Systems to detect unauthorized Wi-Fi networks are commercially available, and some are capable of preventing rogue networks from being used until they can be physically removed.
Unauthorized internal wireless networks are only part of the problem. The reality organizations face today is that employees can often connect to Wi-Fi networks provided by other businesses, some of which are intended for public use. They can also create independent Wi-Fi networks using hotspot capabilities on smartphones and tablets.
Other types of wireless networks, including 3G and LTE, also penetrate most Canadian offices. Every employee with a mobile phone or 3G/LTE tablet is connected to one. USB dongles are also available, and it is difficult to prevent laptop users from plugging them in and connecting to the provider’s network.
All organizations, both public and private, must contend with the reality of wireless. In some environments it is necessary to exclude all wireless devices from sensitive areas. Employees must comply with the relevant security policies.
On the other hand, if employees are frequently asking for wireless networks at work, perhaps there is a good reason. Tablets, laptops, and other mobile devices offer significant productivity advantages, especially in fast-paced environments. For example, political staff in meetings often require immediate access to the Internet for news and research. Recurring instances of unauthorized wireless networks may indicate that the employer is not providing the tools employees need to get the job done.
Security is often cited as a reason not to install Wi-Fi access points in offices. However, the consequences of not providing the service must also be considered. Providing Internet access using Wi-Fi access points on a separate network is usually simple, cost-effective, and allows the organization to better manage risk. It may also reduce the likelihood of bring your own Wi-Fi.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…