News Stay informed about the latest enterprise technology news and product updates.

Network policy: 'No wireless' restriction enforced at Blue Cross

Blue Cross of Idaho had a "no wireless" policy on paper but never really enforced it -- until a team of auditors said the company had better do something.

It's not necessarily for security reasons that Blue Cross of Idaho has a strict "no wireless" policy. And it's not really the additional costs generated by a wireless network that keep that policy in place.

Actually, the reasoning behind Blue Cross' anti-wireless policy is simple: They just don't need wireless.

"We have not found a real business need to support wireless," said Jan Marshall, Blue Cross of Idaho's manager of technical and network services.

It's been that way for years. No wireless, no worries.

While Blue Cross of Idaho makes a conscious decision not to deploy a wireless network and to bar the use of wireless within the company walls, other companies may see benefits from it. For example, a company where end users are not confined to desks and bounce from room to room may want the seamless connectivity of WLANs. For Blue Cross, however, the cost and potential security risks don't make a WLAN a worthwhile venture, Marshall said.

But a recent audit found that in order to enforce the no-wireless policy in its three buildings, Blue Cross of Idaho needed something that would monitor the wireless spectrum 24/7. Essentially, the auditors determined that a no-wireless policy was worthless if it was only on paper.

"The auditors said, 'You have a no-wireless policy. How are you enforcing that?'" Marshall said.

At the auditors' suggestion, Blue Cross of Idaho deployed a wireless threat detection and prevention system. The product they settled on was RFprotect Distributed from Network Chemistry, which ensures that no wireless access points or other devices are on the network.

But wrapping in RFprotect created some interesting conundrums. First, Blue Cross of Idaho had to make sure they weren't shutting down neighboring buildings' wireless networks, Marshall said. The Starbucks nearby certainly "wouldn't appreciate that."

Marshall stressed that RFprotect is not a jammer or blocker, but instead it lets his team see what wireless devices are popping up on the network and track them to a specific location.

For more information

Check out more security stories in our Network Defenders series

Learn more about wireless vulnerabilities and exploits

Being able to track the location of a wireless network has made for an interesting game within Blue Cross of Idaho. Since a number of users have PDAs with wireless settings, some have had a few laughs tracking the whereabouts of those users within the building – kind of a Big Brother situation. Marshall said it's all in fun.

And if someone came in with a laptop or PDA and wanted to hop onto Starbucks' hot spot, the user wouldn't be able to see it from inside Blue Cross' walls.

"We have to have a secure network for keeping outside people from getting into it for whatever reason," Marshall said, adding that Blue Cross of Idaho must comply with HIPAA regulations because it handles medical billing. "A hard-wired network contained within the walls of the company is just more secure."

So far, Marshall said, no real wireless threats have been found since RFprotect was deployed. No one has tried to set up rogue access. In some instances, however, visiting vendors and other guests have had their wireless cards enabled. Marshall said it gives a little peace of mind to know what is on the network and when.

"This was all a proactive project to make sure we don't have any problems going forward," he said.

Dig Deeper on Wireless LAN (WLAN)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.