Forum

Just in case anyone missed this, the official report is out:

http://www.cwnp.com/about/wireless_news.php?newslink=http://feeds.feedburner.com/~r/wi-fiplanet/ssEt/~3/165761708/3703636

And, if you did, you should probably check your pulse to see if you really are part of the WLAN market.

To sum up: the networking folks at Marshalls, a division of TJ Maxx, used WEP in an enterprise environment. Why? I don't know, but it certainly wasn't for lack of available WLAN security products or lack of money to pay for such products.

According to the report, physical and operational measures were in place at the time of the breach, but technical measures were faulty. ?¡é?€??WEP cannot be relied on as a secure system since the encryption is easily bypassed, and it is not adequate for protecting a network,?¡é?€?? said the report.

So what caused this disaster? People, untrained people in charge of securing the WLAN.

Today, four years after WPA products became commercially available, many companies are still using WEP. Some use relatively weak ?¡é?€??compensating measures?¡é?€?? like period WEP key rotation and MAC address filtering to satisfy industry standards like PCI DSS.

Are you on this list??

You can purchase and install all the best WLAN gear known to man, but if your people are not properly trained, you will get burned.

Just ask TJ Maxx which is better: invest a solid budget in upgrading the security of your WLAN, or eat $256 million and endless bad press (including this post)?

Get your people trained!!

Good post Kev...

...to perhaps answer the "why", it's probably due to the few number of publicized compromised wireless attacks causing millions in damage. The TJX case is a good one to bring to light just how bad it can get - the problem is to some organizations security will always be a side burner issue and never on the forefront. Security is often seen as a roadblock to getting things done the cheap, easy, and reliable way.

It's an uphill battle in many industries, but we have to push on, proving all the way the solutions we recommend bring value to our organizations, and are not just blanket statements/recommendations for new gear.