[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Wireless carriers exploit firewall bypass
From:       InfoSec News <isn () c4i ! org>
Date:       2002-01-28 9:00:10
[Download RAW message or body]

http://www.infoworld.com/articles/hn/xml/02/01/28/020128hnport.xml

By Ephraim Schwartz and Brian Fonseca 
January 25, 2002 11:15 am PT

A NEW AND some say troubling trend is emerging among wireless carriers
who are enabling users to lift data remotely from corporate networks
without IT oversight, according to industry observers.

Dissatisfied with the slow pace of corporate adoption of wireless,
carriers are taking a new route, going directly to employees and
bypassing the IT departments.

In the second quarter, Cingular Wireless will follow Sprint PCS' lead
to become the second major wireless carrier to give users access not
only to e-mail, calendars, and contacts residing on the network but to
just about any file on any directory, as long as a user's desktop or a
delegated co-worker's desktop is active, according to Cingular
officials.

"It is sneaking into the firewall, but sometimes you get to the IT
department by showing them how many different individual users are
already using [a technology]," said John Kampfe, director of business
marketing at Atlanta-based Cingular.

Jason Guesman, director of business marketing at Kansas City,
Mo.-based Sprint, said that, although Sprint's Business Connection
Personal Edition may cause consternation with IT departments, the
company does offer a corporate solution to ease concerns.

Behind Cingular's as-yet-unnamed service and Sprint's Business
Connection Personal Edition is Redwood City, Calif.-based Seven, which
offers its System Seven architecture in two flavors: one for IT
departments and another for individuals.

The Seven solution also supports LDAP access, said Bill Nguyen,
president and co-founder of Seven. "It makes the cell phone a
wonderful extension to the PC," Nguyen said.

Seven establishes an outbound connection and gains access by using
Port 443, the same Web link used to surf the Web and send email. The
System Seven server registers itself as an available resource,
allowing queries back to the desktop. Company officials insist that
System Seven conforms to the highest levels of transport security.

But unsupervised port access can be harmful, analysts said. Network
intrusions and lost or stolen devices could lead to information loss
or theft, said Peter Firstbrook, an analyst at Stamford, Conn.-based
Meta Group. "At the very least, companies need to acknowledge the
issue. They need to find out what people are doing and put a policy
[or device restrictions] in place," Firstbrook said.

But, as others debate, Seven is close to signing up Verizon and AT&T
Wireless, industry sources said. Officials at Seven declined
commenting on the pending deals.
 


-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@attrition.org with 'unsubscribe isn' in the BODY
of the mail.
[prev in list] [next in list] [prev in thread] [next in thread]