Does it matter if my corporate neighbor in a high density building is on my Wi-Fi network? Does it matter if my employees are connected to my neighbor's network with unauthorized network access?
In a nutshell: Yes, absolutely.
At the most fundamental level, using someone else's network without permission is theft of service. Although prosecution is rare, there have been cases where Wi-Fi "squatters" were charged and fined, and ignorance or lax controls are no defense.
Furthermore, unauthorized network access to a neighbor's network bypasses your established security controls and poses a network security threat. When your employees use your neighbor's network, you cannot log their Internet activity. You cannot firewall their traffic to block inbound attacks or outbound back-channels to dangerous sites. You cannot filter email or web payloads for malware or phishing content. You are completely blind to leakage of sensitive data – including regulated information that could lead to a costly breach.
Finally, unauthorized network access from your neighbor to your own network consumes bandwidth and other resources while increasing a network security threat and risk of attack throughout your network. If a harmless neighbor can connect to your network without being detected or blocked, so can a malicious intruder. In regulated industries, failure to control access to sensitive network segments or systems may be considered serious compliance violations. The only exception is a network that is intended to be a wide open public network – and even then you may require terms of service consent to limit your liability for neighbor misuse.
Lisa Phifer owns Core Competence Inc., a consulting firm specializing in network security and management technology. Phifer has been involved in the design, implementation, and evaluation of networking, security, and management products for over 20 years. At Core Competence, she has advised companies large and small regarding security needs, product assessment, and use of emerging technologies and best practices. Before joining Core Competence, Phifer was a Member of Technical Staff at Bell Communications Research, where she won a president's award for her work on ATM Network Management. Phifer teaches about wireless LANs, mobile security, and VPNs at many industry conferences and webinars. She has written extensively about network infrastructure and security technologies for numerous publications, including Wi-Fi Planet, ISP-Planet, Business Communications Review, Information Security, and SearchSecurity. Phifer's monthly WLAN Advisor column is published by searchMobileComputing.
This was first published in September 2011