IT Jobs
Case Study: No Wi-Fi is good news at News International
Dedicated probes keep rogue access points at bay.
By Peter Judge, Techworld | Techworld
Published: 13:00 GMT, 27 October 04
News International's so-called "Fortress Wapping" has added a new line of defence. The London building - which produces the Times, the Sun, the Sunday Times and the News of the World - has installed a wireless intrusion detection system to enforce its rigid "no wireless LAN" policy.
"The system is up and running, with in excess of 20 probes," says Tor Gisvold, the commercial director of Centrecore, News International's IT subsidiary, which has installed probes from Red-M to make sure that no unauthorised wireless equipment was attached to the wired network in the plant.
"It's a big area to cover," says Gisvold. There are seven floors and each floor has to be covered separately. With heavy printing presses in the building, there is a lot of metal and machinery, making it harder to monitor everywhere. The system also covers a couple of external buildings across the street, where publications like the Times Educational Supplement and Times Literary Supplement are based.
The installation was "very, very quick," says Gisvold. "All the points were in within a week". After that, however, there was still work in tuning the system: "you need to identify all known broadcast sources in the plant."
Identification is the big issue
Any workplace will contain some legitimate wireless signals, and even in a building as deliberately cut-off as Fortress Wapping, Wi-Fi signals can encroach from outside. "There is a big difference between finding a wireless signal and identifying it," says Gisvold. "That is what takes most of the time."
On detection, the Red-M system can distinguish whether a wireless source is attached to the network or not, says Gisvold. "We make sure they are not connected to the network."
Gisvold sees the downside of the tendency to make wireless easy in modern PCs. "All modern laptops have a tendency to broadcast," he says. "It is so easy to leave ad-hoc networking on the machine. Even worse, there is new kit like Apple's wireless repeater. All you need to do is plug into a power socket and find an RJ45 to plug into, and you can scan the network at your leisure." .
His big worry is that journalists working for News International will bring in this easy kit, and attach an insecure access point to the network: "It's so easy," he warns. "You need to catch wireless as it is introduced into the network."
Information from the Red-M system is piped into the network management system, appearing on OpenView screens, so scanning the wireless monitors does not take extra time for network administrators, "You don't want to spend much time on watching the system," says Gisvold.
The "no Wi-Fi" policy is not, in fact, as rigid as at first appears. Gisvold allows some access points at News International, including one in his office. The only condition is that they should have no connection at all to the corporate network. "It allows suppliers and consultants to connect back to their own base," he explains.
How serious is the problem?
Putting in a system like this implies Gisvold sees a serious danger, but he does not put a figure on the risk, or admit to any breaches before the system was installed. "It's more a risk management exercise than anything else," he says. "It's more a potential problem. We consider ourselves, for better or worse, to be a target."
The system is mainly to make sure the company knows what is going on, as opposed to having an identified problem, he says, philosophically: "Risk is the things you don't know." When putting the system in, he found a few rogue access points, but not many of them, he says: "We didn't find anything malicious, just non-authorised machines."
Wi-Fi will come some day
Gisvold can see that wireless use will come inevitably: “Our current IT policy for News International has been cautious in the deployment of wireless technology on site but we know that widespread adoption is inevitable in the future," he says. "The Red-M solution will help us manage a controlled rollout when we decide to implement wireless more widely."
Before this happens the company needs to make sure the security around Wi-Fi is good enough, he said. This reluctance explains the choice of a standalone wireless monitor, as opposed to using the monitoring in a wireless LAN system from Airespace, Aruba or one of the others.
Making a choice?
But why Red-M and not some other vendor. The area of wireless management and security is a complex one (read our guide), and crowded with contenders (read our reviews of Red-Detect and AirDefense, and recent news from AirDefense, for example).
Red-M's dedicated probes were a big factor in the choice, as was the fact that - since they are dedicated - they have been designed to do more than monitor wireless LANs. Gisvold likes the system's ability to disrupt access points that it detects with a "countermeasures" module, and the fact that it can also monitor Bluetooth: "Bluetooth is not a significant risk at the moment, but as it emerges in so many laptops, we need to make sure we can detect it and control it."
As well as News International, Centrecore also works for other companies, but this is its first wireless protections system. The unit decided to gain experience on its own turf first, said Gisvold: "We're not using this with other clients till we've gained enough experieence ourselves."
Add your commentComments