Recently some of my colleagues attended the National Retail Federation show in New York City. Just before show started, AirDefense did a survey of almost 800 stores in the New York City area to get a sense of what kind of security was in place. The results, while very dismal for retailers, are not very surprising at all. There were still many places where no security is in place or the easily broken WEP key was still being used.

This brings us to a bit of a quandary. How do we make it easier to implement better security and provide a way to audit the network while detecting rogue devices? Well there are a couple of things that we can do to help mitigate the security risk.

First, there needs to be a realization that security is not just a ‘point’ product or a ‘once in awhile’ process. It’s something that needs to be integrated directly into the organization. Using tools that can manage configurations centrally and can audit the network to make sure those configuration policies are consistent is key. This applies to not only the RF settings (i.e. what you’re broadcasting out of your AP), but also the wireline side of your devices. Remember, there are threats coming from inside the network as well!

I’ve been into many customer sites over the years, many of them retailers, and it still amazes me how some customers can be so organized where they know each and every configuration setting on their devices, while others haven’t the slightest clue what’s actually running in their own network. How can we have a secure network that will pass PCI audits when no one actually knows what’s loose on the network?!

The second item that the survey brought up was the number of potential rogue devices that were deployed. PCI today only requires quarterly scans for rogue devices. I’m not sure about you, but that seems a bit long to me! Putting in automated tools to detect these devices as soon as possible is much more in the spirit of true security. In addition to doing wireless scans, which only determines that someone is bleeding into your RF space, performing a wireline scan to determine if the device is truly a security threat is important. By determining whether a device is actually plugged into the wired network it reduces the amount of work involved with determining whether something is ‘truly’ a rogue or if it’s just the AP in the Starbucks across the street.

The whole key to this endeavor is to take the concept of security and making it a part of the day to day operations of the IT staff.