Although the 802.1x access protocol is a must for wireless network security, companies rarely use it and thus leave the door open for hackers, according to Robert Lamprecht, IT advisory supervisor at KPMG.
The protocol lets users on either wireless or wired local networks set up a connection and prevent others from accessing the port they are trying to use if authentication fails.
"With 802.1x unauthorized users can't get access to your network; without it you are vulnerable to people who can come in and steal information," said Lamprecht, who spoke at the European Computer Audit Control and Security Conference in Stockholm.
But so far that argument hasn't convinced many companies.
When Lamprecht asked an audience during a session on wireless security if they used 802.1x, only a few out of about a hundred participants raised their hands.
Part of the problem is awareness, according to Lamprecht. Many people still see internal networks as secure.
But a bigger problem is complexity.
"Implementing 802.1x requires a lot of work, companies often have to change their whole architecture," said Lamprecht.
It also requires a lot of management resources, he said. Management software is getting better and easier to use, but companies still have to use different tools for hardware, software and identity, which creates a lot of overhead. On top of Lamprecht's wish list is a tool that can do all three, and lower management costs.
"It is and will continue to be a hot topic, so we will probably see [such a tool] in three years," Lamprecht said.
