Home > Ask the Security Experts > Network Security Questions & Answers > Should the enterprise be concerned with the Apple iPhone's automatic connection to Wi-Fi networks?
Ask The Security Expert: Questions & Answers
EMAIL THIS

Should the enterprise be concerned with the Apple iPhone's automatic connection to Wi-Fi networks?

Mike Chapple EXPERT RESPONSE FROM: Mike Chapple

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 19 September 2007
A number of today's handheld devices and cellular phones, including the Apple iPhone, automatically seek out and connect to Wi-Fi networks. How dangerous is this behavior, and how should enterprises react, especially regarding user-owned devices?

>
EXPERT RESPONSE
I'm not too concerned about this feature being a threat to the enterprise, since well-managed enterprises should have functions in place to prevent unauthorized devices from connecting to the network. The simplest security measure organizations can take is to implement Wi-Fi Protected Access (WPA or WPA2) encryption on the network. The encryption requires users to provide a security key before connecting to the network, preventing unauthorized users from attaching devices to a wireless infrastructure.

More advanced products are available for larger enterprises where key management issues make straight WPA impractical. For example, 802.1x technology allows administrators to require individual user authentication against a centralized authentication service, such as Active Directory. Such a mechanism facilitates the management of authorization privileges. Devices that don't support 802.1x may use "captive portal" mechanisms -- similar to those found in hotels -- to manage authentication through a Web-based interface.

More information:

  • Executive Editor Dennis Fisher explains why users should switch to the more secure Wi-Fi Protected Access 2 (WPA2).
  • Are iPhone security risks any different than those of other mobile devices?


    • Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED CONTENT
    Network Security
    What are the differences between intrusion detection and intrusion prevention?
    Will there be DMZ routing issues if several firewalls serve as the default gateway?
    Should tunnel connections be initiated from an ISP to a internal data center, or vice versa?
    What are the top LAN security issues in a client-server network environment?
    What warning signs will indicate the presence of a P2P botnet?
    What reporting tools are available for an enterprise IDS?
    Is it possible to allow select access to IP addresses using Windows Server 2003?
    Is an IPsec VPN necessary when connecting remote servers that process financial transactions?
    What are best practices for creating an IDS and maintaining a signature database?
    What are the best ways to hide system information from network scanning software?

    Handheld and Mobile Device Security
    New worm attacks Windows smartphones
    Smartphone security: The growing threat of mobile malware
    Alcatel-Lucent's 3G laptop security card goes international
    Recovering stolen laptops one step at a time
    Is the iPhone amenable to any method of email encryption?
    Smartphones opening up enterprise risks
    BlackBerry server faced with critical zero-day
    Does the iPhone SDK effectively increase the risk iPhones pose?
    Do you think introducing Wi-Fi to airplanes is a good idea security-wise?
    Has proof-of-concept mobile device malware translated into any meaningful attacks?
    Handheld and Mobile Device Security Research

    Wireless Access Control
    How to configure NAP for Windows Server 2008
    Product review: AirDefense Enterprise 7.3
    PCI DSS 1.2 clarifies wireless, antivirus use
    Lessons learned from TJX: Best practices for enterprise wireless encryption
    Is it possible to identify a fake wireless access point?
    How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses
    Wi-Fi simplicity edging out Wi-Fi security
    Should an enterprise network be regularly checked for rogue access points?
    Aruba bolsters mobile suite with security acquisition
    Cafe Wi-Fi
    Wireless Access Control Research

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    evil twin  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    Targeted Security Channel Tips for Resellers, Integrators and Consultants
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts