ANN ARBOR – Everyone knows that wireless computing is convenient, efficient, and increases productivity. Information and communication follows you, rather than you being tethered to a wire in the wall. Wi-Fi is often less expensive than laying wires, and often wires are simply not an option. So much for The Good.
Now for The Bad. Six weeks ago, a 40-year old man was arrested in Florida for hacking into a home of a quiet subdivision in Tampa Bay, stealing identity data from a resident.
?I know I should have secured it,? he lamented, ?but I never did it because my neighbors are older.” In fact, more than 60 percent of wireless networks have no security at all, and most of the others are protected by WEP, one of the weakest of security methods. And as this Tampa Bay victim now realizes, one out of two hacks are through wireless Internet connections.
Why is the wireless world so vulnerable? Simply, because most security solutions have been developed by engineers, for engineers ? security is just too complex. There is a good reason all wireless access points (AP) have no security out of the box. It?s not that security isn?t important ? it?s critical. However, in the past most users are thrilled if they simply get the wireless device to work, even with no security. Add dozens more decisions and actions to add security? Not likely.
Is Wireless Security an Oxymoron?
Does wireless computing need to be so vulnerable? Absolutely not. There are well-tested security methods that many companies employ today, methods that keep networks, email and data safe from unauthorized eyes. Why don?t more small and midsize businesses use those methods? You guessed it ? complexity. Sure, you can learn about SSID, LEAP, Subnet Masks, Ad-Hoc Mode and MAC Address, but why should you?
By insisting on computer literacy from the business community, wireless vendors have unintentionally given you a choice: reap the substantial benefits of Wi-Fi but remain vulnerable, continue at a competitive disadvantage without Wi-Fi, or study to become a Wi-Fi security expert yourself. Faced with these alternatives, the rational response is to simply limp along with the status quo.
The Ugly: Five Deadly Forms of Wireless Attacks
Just what does ?vulnerable? mean in the world of wireless? For a fascinating graphic glimpse into the tools, techniques, and damage a hacker can create, visit ?Over the shoulder of a wireless hacker? at www.lucidlink.com. However, an overview of that which a hacker is capable includes:
Deadly Attack #1: Account and Password Capture. Several applications send your account and passwords in clear text over the network. For example, every time a POP3 mail account checks for new e-mail, the account name & password are in the clear as part of the data transfer. Anyone sniffing the network traffic can easily get your e-mail account information. Once they have that information, they can access your e-mail account at their leisure, monitoring for personal information without leaving a trace. From there, any confidential information they can get from your account just escalates their attack.
Deadly Attack #2: E-mail, IM and Web Site Traffic Capture ? It is very easy to monitor and capture all of the e-mail traffic sent over an unsecured wireless network. Since most e-mail is sent in clear-text, and instant messaging is sent in HTML, it?s very simple to capture the traffic and mine the traffic offline for any ?interesting? information at a later time. By monitoring your wireless traffic, all of the HTML data can be captured & reconstituted as web pages on the hackers PC to see exactly what web sites & content you are surfing over the wireless network.
Deadly Attack #3: Accessing Data on Your PC. Let?s face it, it?s pretty easy to turn File Sharing on, and then forget to turn it off when you attach to an Open Network. Once File Sharing has been left on or the personal firewall is misconfigured, a hacker can readily access you PC and hard drive across the wireless network. Firewalls are also easy to misconfigure or turn off, and forget to turn back on. With older versions of Windows (NT, W2K), if improperly configured, it?s easy prey for a hacker to get in over the network, log-in as a null session and take over your platform.
Deadly Attack #4 Access to the Corporate Network. If you?re wireless network is connected to a corporate network through a site-to-site VPN, an open wireless network punches a hole through the network, and opens up both sides of the VPN to anyone attaching to the network. Another threat is with improperly configured client VPNs that can be more easily compromised to provide the hacker access through the VPN.
Deadly Attack #5: SPAM and Virus Launching over the Wireless Network. Unsecured Networks provide are an ideal launch point from which hackers can launch SPAM & Virus attacks because it is very difficult to track the source back to them. From a distance, the SPAMmer can launch the SPAM (from your e-mail account if he sniffed your e-mail account info) without repudiation. When the ISP or FBI tracks down the violator, the trail points to your network, and possibly your e-mail account. The liabilities to the owner of the unsecured network are still newly contended battlegrounds for the lawyers.
There is Hope
Implementing wireless computing need not be complex, and making that Wi-Fi networks secure need not require an advanced degree. Computer literacy was an important goal for business 10 years ago. Today, Computer literacy is simply an excuse for bad software!
Your business can benefit greatly from cutting the wires and becoming more mobile, but you need to ask more of your technical solutions.
Wayne Burkan is Vice President of Marketing for Interlink Networks of Ann Arbor. For more information, click on InterLinkNetworks.Com
