Forum

After speaking to a number of resellers of WIPS, Endpoint Security, and other monitoring and security solutions, it's become apparent that they market their products and services through the use of FUD (Fear, Uncertainty, and Doubt). I'm not saying that this is the fault of the manufacturers of these products, but rather those companies and individuals who are the manufacturer's 'feet on the street'.

For example, when a reseller wants to sell a WIPS, they often go to the potential customer and perform hacking attacks - which both 'wows' them and 'scares' them. If you were using Cisco LEAP and a consulting firm approached you concerning wireless security holes in LEAP, you might give them the time to talk about it. If they then started showing you how to hack your system and were successful, you'd be more than a little freaked out.

In another example, consider that you don't have a WLAN, but are considering buying one. You attend a trade show to see various companies showing non-stop hacking attacks against wireless. They break LEAP, WEP, PPTP, WPA-PSK, and a number of other security measures right before your eyes. What then? Do you run out and pick up a WLAN controller with some APs the next day? Of course not. You will more than likely talk to your CSO about having a "no wireless" policy. Then, you're approached by a vendor or consulting firm who says: "You still need WIPS because you already have wireless even though you have a policy against it. Let me show you how I hacked into your Email server from the parking lot."
Now you're completely freaked out. You may buy the WIPS or you may curse the day that Wi-Fi was invented.

My point is this: Vendors and resellers should be careful in how they approach potential clients so as not to slow market growth and Wi-Fi technology adoption. Wireless networks can be VERY secure if implemented properly.

Amen!

I can see both sides of this story. While the need is there to demonstrate weaknesses in some wireless solutions, the industry as a whole must be careful not to promote the 'wireless is insecure' mantra that so many have. Inherently insecure sure, but many people take a hard lined approach that they will never use wireless because of the stories they read online. Nevermind these are usually the same folks who don't update OS/application patches, have no policy or guidelines in place for social engineering, or any other number of security risks 8)

Good point Dev - good point...