How TJX Data was Stolen Over a Wireless Network

The Wall Street Journal's article today - How Credit-Card Data Went Out Wireless Door - is a must read article for small and medium businesses using wireless networks. The article explains how hackers easily broke into the wireless network, sniffed out user credentials, and then used those credentials to get into the corporate network (presumable over a VPN) to access millions of customer credit card and social security numbers. The article talks about the devastating effect this breach had on TJX and it's customers and didn't even mention the impact it had on TJX's confidential internal data, which is probably something they don't want to talk about. This should be a call to action for any business using Wi-Fi. Make sure your Wi-Fi network is secure. A RADIUS server and 802.1X control that gives you control over individual access is best. At the very least, use WPA or WPA2 and make sure you change the encryption keys when employees leave the company. Witopia and DAZ Software provide great tools that makes RADIUS easy for small businesses. Companies like Interlink Networks provides a higher end RADIUS server that is better suited for larger enterprises and ISPs.