The Republican National Committee this week isn't providing any Wi-Fi access for workers, reporters and delegates at New York's Madison Square Garden. RNC technology workers won't comment specifically on its network services, but it's widely thought to be concerned that hackers would use the access points as windows into the convention committee's network.
If they'd consulted with Chris Gruin, however, RNC organizers may have been able to pull off a Wi-Fi scheme, though not without significant risk. Gruin was the technology director at the Democratic National Convention, this summer's other juicy target for hackers trying to disrupt the electoral process. He said that any security executive, working on any scale, could learn a thing or two from his experience providing Wi-Fi service at the DNC.
Gruin faced that new and peculiar security dilemma for convention organizers: meeting the demand from attendees for Wi-Fi, despite the technology's vulnerabilities and threats of cyberterrorism. He believed that by monitoring the outer perimeter of the wireless network at Boston's FleetCenter, and keeping DNC servers on a separate network, he could serve thousands of wireless users, while ensuring some basic security.
"Wi-Fi is something we've come to take for granted," said Gruin. "My goal was to provide wireless access to those who needed it, in a targeted way."
Gruin succeeded, for the most part: The Dems' internal network was only laid bare to hackers for about five
"The hardest part of my job," said Gruin, "was keeping track of convention production people for our news and streaming media services."
Whether you are adding Wi-Fi "convenience spaces" to stadiums, boardrooms or campus quads, Gruin said, you will need to apply equal measures of social engineering and enterprise-grade hardware to the job.
"Like the guy with the consumer-grade router," said Gruin. "We tracked him down, and asked him what he needed. We then swapped out his wireless router for a wired Ethernet connection, and monitored his activity," said Gruin.
Gruin enjoyed support from the DNC's enterprise-class vendors and the U.S. Secret Service, whose agents sat in on meetings in the convention committee's operations center. Steeped in DNC funds, Gruin was also able to provide tight security through expensive firewalls, routers and switches.
However, Wi-Fi is woefully insecure. The standard's security protocol, 802.11i, will not be available until late September.
"Before 802.11i, security in WEP (Wired Equivalent Privacy) is badly broken," said John Pescatore, analyst at Stamford, Conn.-based research firm Gartner Inc. "On the air, a smart hacker could crack through it in real time."
Gruin also set-up several Wi-Fi decoy access points, called honeypots, to tempt any would-be hackers, and track their activity.
Gruin named one honeypot "gruinVirus." The name got him about 20 calls from concerned users, including one from the Secret Service.
"It was good to see people were paying attention," said Gruin. "But I'll never use a name that incendiary again."
Gruin said that Wi-Fi, rather than an afterthought, must be integrated into an enterprise's comprehensive security strategy. "You have to plan way ahead," said Gruin. "We started talking about Wi-Fi a full year ago."
As recently as a year ago, Gartner's Pescatore said only 10 of his firm's clients were rolling-out Wi-Fi in a planned way. "Wireless has been sneaking into enterprises," said Pescatore. "Users were going to CompUSA and plugging in (consumer Wi-Fi) devices."
This year, however, 60% of Gartner's clients are involved in planned rollouts of Wi-Fi.