COMMENTARY-- Should you be concerned about wireless security? Yes, at least according to Chris O'Ferrell, chief technology officer of wireless technology company Netsec.
He says you should ask any organization you see using a wireless network--including your bank, the airports you visit, and even your tax preparer--if it uses 802.11b and if it employs security measures. Why? Because it could be broadcasting your personal information to anyone equipped with an 802.11 device and sniffing software such as NetStumbler, both of which are becoming more common among malicious users.
AROUND THIS TIME of year, the privacy of your tax information is particularly relevant. You may have noticed that from January through May, large tax-preparation companies hire extra accountants who set up temporary offices around town.
Instead of going through the hassle of installing LAN lines, many companies equip their employees with the latest 802.11b devices. Then they throw up an access point at the server, and suddenly all their accountants can tap into the company network wirelessly.
Unfortunately, the same strip malls where the temporary tax offices are found are also notorious for script kiddies. Next to the fast-food outlets, script kiddies hang out with their own 802.11b cards, looking for vulnerable networks to attack.
O'Ferrell knows this firsthand. He also keeps an eye out for vulnerable 802.11 networks, and is amazed at how many he finds. Located in Herndon, Va., Netsec's offices are in the heart of Spook Valley, where the Pentagon, the CIA, and information-security companies such as Riptech are located. While driving through Washington's Dulles International Airport, O'Ferrell says he can often see baggage-operator networks on his computer. So much for increased airport security in our nation's capital.
MOST NETWORKS O'Ferrell sees could be much more secure. He says most people don't create a unique Service Set Identifier (SSID)--an identifier that designates a particular network--and that only about 25 percent use Wired Equivalent Privacy (WEP), the security protocol built into the 802.11b standard. "I see a lot of default SSIDs," says O'Ferrell, including Tsunami, the default SSID for Cisco's Aironet Access Point. "And if [tax-prep companies] are changing their SSIDs, they're changing them to something obvious like Tax Network 1, Tax Network 2," he adds.
Even though WEP has it share of vulnerabilities, O'Ferrell says you should still use it. "It takes about an hour to crack WEP. But there are other things you do besides just using WEP."
O'Ferrell stressed two simple wireless rules. Treat it as you would any other media--use it as a transport layer only. And don't send information through a wireless network unless it is acceptable for the world to see--like a postcard.
A FEW OTHER suggestions: Place wireless access points physically inside buildings, but outside corporate firewalls. And keep the company VPN behind the firewall. For conference rooms that sit along the perimeter of a building, he recommended that you consider using TEMPEST-rated glass.
In addition, you should not use DHCP (Dynamic Host Configuration Protocol) with wireless networks. Having a static network address will slow down the hacker, although he can still get on your network using a sniffer program. Then again, anyone going to those lengths is clearly demonstrating malice, and that makes it easier to prosecute that individual in a court of law.
O'Ferrell's company has another solution on the way, too. This summer Netsec will release Intrusion Detection System (IDS) boxes that will help system administrators identify outside users quickly. Each box is about the size of a 3x5 index card box. "The idea is that a company can place these on the four corners of their building, and keep the network secure," O'Ferrell said, adding that constantly monitoring your access points is one of the best ways to keep your wireless network secure.
How do you keep your wireless network secure? TalkBack to me below.
