Patrick Heim, vice president of enterprise security at McKesson Corp., a pharmaceutical distributor with 24,000 employees, has no sense of humor when it comes to wireless eavesdropping into his company's computer network. Because McKesson allows some employees to access e-mail and information off the company's server through their wireless devices, the McKesson system can be vulnerable to hackers. This rogue access by unauthorized wireless users is made possible unknowingly by employees hooking up via their wireless, particularly while in public places such as an airport, a train station or your local Starbucks. "It's a significant risk to the company," says Heim. "Suddenly, you have a huge gaping security point. Wireless signals don't respect walls."

McKesson's answers to this security threat: plenty of rules and a virtual private network (VPN). A VPN is a tunnel of sorts that blocks access to the network by users not authorized to enter the tunnel and acts as a private thruway between an employee's laptop and the company's network. "It's a very mature technology, whereas wireless security standards are immature," says Heim. "WLAN (wireless local area network) security is more difficult than Internet security. And, there isn't a good way of monitoring rogue access in a big company."

Battening Down the Wireless