Wireless technology has developed ahead of most companies’ ability to keep their networks safe.


In principle, wireless networks sound like a great idea: no cabling to pull through the walls and ceilings, no nasty wires tangling themselves up behind your desk, no need for laptop or handheld users to remain rooted to a single location. They’re a great idea, that is, until some facially pierced teenager in the coffee shop across the street from your office taps into your wireless network, downloads a few files, defaces your intranet homepage, and plants a virus or two just for fun.

The reality of wireless networks is that, in most cases, their convenience far exceeds the level of real security they offer. Network administrators with years of experience safeguarding traditional wired setups often fail to plug obvious security gaps in wireless networks simply because they lack the requisite tools and knowledge. (It’s not their fault: Either the technology is too new, or wireless technology vendors haven’t built security safeguards into their products so that they’re secure right out of the box.)

In many cities you can drive down the street with a laptop equipped with a $100 wireless network card and pick up the signals beamed out by various offices as you drive past. In a recent experiment, techie website ExtremeTech set up a wireless laptop on the roof of a building in Manhattan and discovered it could access 61 wireless networks, of which 48 were completely unsecured. In Silicon Valley, the site found 100 networks — many accessible from within a car zooming down Highway 101 — of which 66 lacked any kind of security.

This sort of hacking is made easy by the way most wireless local area networks are set up, using the 802.11b transmission standard (also known as “WiFi”). With WiFi networks, a techie links wireless ports off the wired system using a bridge device called a wireless access point. That access point communicates on regular old radio waves to laptops and handheld computers.

The problem is that WiFi security measures are weak — and in some cases, nonexistent. Wireless access points are often installed behind the company’s firewall, so if you can get to that point, you’re essentially in the system. Elias Ladopoulos, the founder and chief strategy officer of security consultancy Digital Frameworks (and a former hacker), has a vivid analogy: “You think of medieval times, when China was building up its wall to stop all these raiding tribes from attacking their cities. Well, then the tribes discovered you could fly balloons over those walls and attack the cities. That’s what’s happening on our networks. We’ve spent all these years building firewalls, and what happens is someone plugs a $250 wireless device into your network and bypasses all that security.”

WiFi does have a built-in security system — known as “Wired Equivalent Privacy” (WEP) — but network adminstrators have to take steps to install it, and even if they do, it’s easy to get around. Readily available software with names such as AirSnort and WEPCrack can get a hacker through WEP’s defenses in a few hours or less.

There are more effective solutions to address this problem, though, and they aren’t all that complicated. First, your techies need to make sure the wireless component remains separate from the rest of your network. That way, if hackers do get in, they won’t gain automatic access to every piece of digital information in the company’s files. Second, if you’re concerned about the security of wireless data transmissions, use virtual private networking (VPN) technology to create a secure connection over the wireless link. VPN systems work by encrypting the information sent over a network so that it can’t be deciphered, even if someone manages to intercept it (see “Your Own Private Internet”, Defogger, September 2000). Digital Frameworks uses VPN technology to protect wireless networks, and VPN vendor Check Point also offers versions of its products aimed at securing WiFi systems.

Finally, make sure that your IT staff is up to speed on wireless security technology. ExtremeTech is a good place for hard-core, nuts-and-bolts security information. Check out Business 2.0’s Web Guide for a less technologically intense overview of the subject. And send your IT folks off for some training on wireless security if you can. The bottom line is that if you’re going to let employees into your network through wireless devices, you should take steps to make sure everyone else is kept out.

Link: Are You Broadcasting Secrets Over the Airwaves?

Link broken? Try the Wayback Machine.