Wireless networks are nearly everywhere nowadays in the public sector. State and local governments nationwide have fervently pursued them for so long that it's unusual to find an agency or municipality with employees who can't access an office network on a wireless connection. And with smartphones becoming popular, the government wireless umbrella is becoming crowded with different types of access points -- some mobile, others stationary and all representative of in-demand technology that's transformed how government works.
Consequently state and local IT professionals must work diligently to keep up with the security challenges this sprawling technology causes.
In June 2008, Symantec released the Critical Connections report, which contained results of a survey conducted two months prior on information security priorities. Of the 600 participants, 200 were from state and local government, 200 from federal and 200 from the private sector. Only 24 percent of state and local respondents planned to increase spending on mobile security in 2008, even though 34 percent of them said mobile security was a critical issue. And only 52 percent of state and local respondents rated their organizations highly -- 8, 9 or 10 on a 10-point scale -- when it came to IT security. When asked to name their No. 1 security concern, 60 percent said they were most worried about data breaches.
And since keeping government data safe is their top concern, no doubt they're aware of one major challenge -- safeguarding local, employee-only private networks from the outside world.
Who's on Your Network?
"When you place a Wi-Fi access point, which is commonly called an AP, on the network, it's usually attached to the LAN," said Ira Victor, director of compliance for Data Clone Labs Inc., a firm that helps clients address information security challenges. "But because the Wi-Fi signal goes everywhere, it makes it open to the public even though it's on your LAN."
In this case, security managers must weed out unauthorized users. They need to identify what security level is necessary, determine who is an authorized user and create policies to ensure everyone understands the protocols.
"The most important requirement from a network access control perspective would be defining your policies for accessing your environment. That's really the prerequisite for any effective network access control," said Patrick Wheeler, Symantec senior product manager for endpoint security. This includes establishing what security software and configuration options should be on each computer accessing the network, how often antivirus and other software should be updated, and putting it all in the policy to drive compliance. "That's going to be the first requirement for best practices," Wheeler said.
Security officers should also plan and understand their objectives, he added. Do you want the same access control and security standards for employees as for contractors who might only access the network a few hours a day or week? If so, are these contractors using the same types of laptops mobile employees use? "Some organizations are going to want a very tight, locked-down network access control solution. For others, that might be overkill," Wheeler said. "I think understanding your priorities and objectives is really the next best step. The third thing that is really critical, is making sure there's coordination between the different people who are going to be affected by, and ultimately managing, a network access control solution."
Westchester County, N.Y., is centralizing the management of various pockets of wireless devices that have been deployed in different areas. Only employees can use the private network.
"We're trying to standardize the fact that if you're a county employee, and you access a particular wireless network or segment, credentials that you currently have as an employee are authenticated to allow you to get onto that particular network," said Lennox Harris, the county's network engineering manager.
Authentication means verifying users' identities before granting network access.