This page contains a Flash digital edition of a book.
ASK AWAY


WIRELESS ACCESS POINTS


HOW DO I ENSURE MY WIRELESS NETWORK IS SECURE?


A


s bandwidth becomes more affordable, enterprise net- works are becoming extremely fast. However, this means that employees are demanding access to an increasing number of applications, such as Google Apps, Facebook and bandwidth-intensive video streaming apps like YouTube.


With the introduction of 802.11n Wi-Fi, distributed enter- prises now have the convenience of high-speed networking without the costs and challenges of cabling all of their branch office locations. Employees can take advantage of greater mo- bility with the advent of Wi-Fi-enabled laptops, smart phones and PDAs while employers reap the rewards of increased pro- ductivity.


Wireless connectivity is also important to retailers deploying wireless point-of-sale systems, bar code scanners and acces- sible guest Wi-Fi networks for visiting managers, customers, employees or supplier partners. However, with increased convenience comes increased


risk. Today, a hacker simply needs to be near a facility to gain access to the network, whereas historically they would have had to hard wire into it. A retailer, for example, could have the best wired security on the planet, but if their wireless defences are weak, their entire network is exposed and vulnerable to attack. Poor wireless practices we’re seeing today include: • Deploying access points with default passwords and configurations;


• Lack of security tools to detect and block malicious behaviour or unauthorized devices;


• The use of vulnerable and out-of-date applications and pro- tocols, such as WEP;


• Lack of authorization, authentication or data encryption; and • Adaptable and enforceable security policies are often non-existent.


One way to reduce the risk of unauthorized access and data loss is to select a wireless networking security vendor that offers overlapping and complementary layers of security. Companies should look for a wireless vendor that offers a broad spectrum of embedded security features, including, but not limited to: user and device authentication to ensure au- thorized access; application control so that network adminis- trators have complete visibility of what applications are being used; and detection and blocking of rogue access points, an essential tool to block unwanted access.


It would also be extremely advantageous if the wireless vendor offered vulnerability assessment and end-point com- pliance solutions.


Graham Bushkes is the vice president of sales, Canada for Fortinet, a worldwide provider of network security appliances and unified threat management (UTM) solutions.


CLOUD SECURITY


WHEN IT COMES TO CLOUD COMPUTING, WHERE SHOULD I BEGIN WITH REGARDS TO SECURITY?


W


ell, you made the great leap into the cloud. Once you’ve determined the correct solution for you — private, public or hybrid — it’s time to extend your security policies out into the cloud as well. A great place to start is a review of your identity and access management solution (IAM). Start with a few basic key questions: Who has access to what? What can they do with that access? How can they use the information they access? What did they do? Regardless of the type of service your cloud is providing — Software as a Service (SaaS), Platform as a Service (PaaS) or Infrastructure as a Service (IaaS) – these questions must always be confidently answered.


Sound IAM practices within private and public clouds help provide the founda- tion for effective security. These practices help ensure that all users have only the appropriate level of access rights and help control the protection of resources. These access rights must be enforced appropriately though. This also helps lower admin- istration costs by automating many system administration functions, as well as the provisioning and de-provisioning of accounts and access rights. IAM also enhances regulatory compliance efforts by automating your security controls and helping to simplify your compliance audits. Finally, it helps enable business growth and helps you solidify your relationship with your cloud consumers.


Amandio Pereira is director of security sales at CA Canada (www.ca.com). G20 SAFETY


HOW CAN COMPANIES KEEP THEIR EMPLOYEES SAFE DURING EVENTS LIKE THE G20 SUMMIT, WHERE PROTESTS MAY TURN VIOLENT?


dvance planning, proper training, good communications and experienced security personnel are the key elements to keep people safe in such sit- uations. It was easy to do planning for the G20 Summit in Toronto be- cause previous G20 meetings provided ample examples of what might occur. One leading Canadian news organization covering the G20 took a very cre- ative and effective approach. They provided training sessions for their employees and their security company in crisis management, crowd control and use of gas masks/decontamination. The company also set up an Emergency Operations Center (EOC) that provided constant two-way communications between news teams in the field and the EOC.


A


For security personnel, the assignment was a challenging one because the people they were assigned to protect wanted to be as close to the action as pos- sible to film it. Security officers experienced in “close protection” of clients during civil disturbances had to act as the “eyes” of the camera people, who were so focused on what they were filming that they couldn’t see potentially dan- gerous developments occurring around them.


Constant updates from the EOC enabled security officers to anticipate where rioting was happening and take the appropriate measures to protect the news crews. During police sweeps, for example, the crews curled up on the ground in defensive positions and held their news credentials up for the police to see. As a result of this comprehensive planning, close co-operation and good com- munications, the news teams delivered up-to-the-minute live coverage of the G20 event without sustaining any injuries to their personnel. Working with their security provider, they also helped create a new model for co-operative close protection at large-scale events.


Rob McLean is the vice president, physical security for Ontario and Manitoba at Garda (www.garda.ca).


26 SECURITY MATTERS • SEPTEMBER/OCTOBER 2010


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40
Produced with Yudu - www.yudu.com