Monday, December 06, 2010

Firesheep: Should CISOs Ban Employees From Using Unsecured Public Wireless Networks?

The release of the Firesheep plug-in for the Firefox browser has made it trivial for even unskilled attackers to intercept and interfere with private data on unsecured public wireless networks.

Since attackers can use the tool to send messages and make posts on behalf of the victim, organizations using social networks for marketing, support or brand enhancement may suffer serious consequences as a result.

Chief information security officers (CISOs) need to make employees aware of the risks and provide them with the necessary tools to counter them, but should they be banning the use of unsecured wireless networks for any company-related communications?

This note (for subscribers only), entitled "What CIOs need to know about SSL and its effect on network traffic inspection capabilities" answers that question and provides action plans for both employees and software developers to combat the threat of session hijacking, in addition to covering how IT departments can balance the need for enhanced security with the need to inspect encrypted traffic on the corporate network.

Don't forget to follow me on Twitter (@bwalder) to be kept informed of new research.

No comments: