Should Apple iPhones automatically connect to Wi-Fi networks?
A number of today's handheld devices and cellular phones, including the Apple iPhone, automatically seek out and connect to Wi-Fi networks. How dangerous is this behavior, and how should enterprises react, especially regarding user-owned devices?
I'm not too concerned about this feature being a threat to the enterprise, since well-managed enterprises should have functions in place to prevent unauthorized devices from connecting to the network. The simplest security measure organizations can take is to implement Wi-Fi Protected Access
(WPA or WPA2) encryption on the network. The encryption requires users to provide a security key before connecting to the network, preventing unauthorized users from attaching devices to a wireless infrastructure.
More advanced products are available for larger enterprises where key management issues make straight WPA impractical. For example, 802.1x technology allows administrators to require individual user authentication against a centralized authentication service, such as Active Directory. Such a mechanism facilitates the management of authorization privileges. Devices that don't support 802.1x may use "captive portal" mechanisms -- similar to those found in hotels -- to manage authentication through a Web-based interface.
More information:Executive Editor Dennis Fisher explains why users should switch to the more secure Wi-Fi Protected Access 2 (WPA2).
Are iPhone security risks any different than those of other mobile devices?
This was first published in October 2007