The convenience of logging on to the Internet in a coffee shop, in a car or at home in the back yard, along with more “hot spots” where wireless Internet is available has driven the popularity of wireless considerably in the last year. But few people realize the huge security risks with wireless access.
We lock our businesses and houses, keep our money in locked vaults at banks and so on, but we don’t lock our wireless access points on our PCs. Numerous studies of both business and residential wireless access points have shown that they are not locked down or are not locked correctly.
All it takes is a wireless router plugged into the Internet and network adapters for each machine. Instead of long cables, radio signals are used to connect the computers; allowing them to share that single high-speed connection. Wireless networks are easy to set up and relatively inexpensive. But with convenience comes a trade off in security. Wireless networks, sometimes referred to as WI-FI or 802.11 networks, use a radio link instead of cables to connect computers. As a result, anyone within radio range can theoretically listen in or transmit data on the network.
One study showed that 90 percent of 1,500 businesses surveyed reported using wireless security products; a vast majority depended on security systems that left their networks. The data they transmitted were exposed to attacks from hackers (survey by the Diffusion Group, Aug. 16, 2006). Other studies have show that businesses using wireless connectivity are using dated, old technology to lock their wireless access points.
This is scary because hackers can get into a network via wireless and once in, they can obtain social security numbers, driver’s licenses, credit card numbers, and other personal and financial information. Add to the mix that they can take over your computers, and the dangers grow. Intruders don’t need physical access to your hardware; they can be sitting in your parking lot or in the apartment complex across the street. Freely available tools allow intruders to “sniff” for insecure networks. With a program like this, a hacker can gain access to a wireless access point, run the program, and in a couple minutes obtain every password someone uses.
Technology and computers are always changing and advancing. Along with this, white collar criminals, such as hackers, are continually adapting and searching for new ways to succeed. Updates for viruses, spy ware and operating systems come out almost daily. The first security mechanism built into WI-FI was Wired Equivalent Privacy (WEP), which allowed the encryption of wireless traffic. However, encryption is turned off by default in wireless devices and software, and in many cases, it’s never turned on. But even when WEP is used, it isn’t terribly secure.
Last year, Ian Goldberg, a cryptologist at security and privacy software developer Zero-Knowledge Systems Inc. in Montreal, working with researchers at the University of California, Berkeley, broke WEP. Researchers at Rice University in Houston and AT&T Labs in Florham Park, N.J., later discovered an even easier method for breaking WEP.
Going wireless means your Internet connection is broadcasting outside your home or business. Without any security, anyone with a wireless-enabled laptop or handheld computer can use your network. They can get free internet access, steal information stored in your computers, or use your system to attack something else. This could include downloading child porn, sharing copyrighted content, or executing a denial-of-service attack and could be linked to you.
This security weakness has led to “wardriving”, which involves driving around with a wireless-enabled device and finding wireless networks. There are those who consider it a hobby; they do it out of curiosity and to call attention to the extent of the security problem. Then there are those who use wardriving for criminal intent. Identifying the networks isn’t illegal, but accessing them is.
In February 2006 a man in Rockford, Ill. was arrested for accessing the Internet through a nonprofit agency’s wireless. He was fined $250 and sentenced to one year of court supervision. Are we scared yet? We should be. Just last year, even after numerous technology articles ranting and raving about wireless security risks, nothing has changed. Solutions are available. Part of the answer is to enable your access point’s security features. It’s that simple. Businesses also have to encrypt traffic and segment the wireless network using VLANs (virtual local area networks). Information technology professionals recommend that businesses have a wireless assessment done by a company other than the one that set it up. This will determine if your wireless is locked down. If not, it can and should be done as quickly as possible. Companies, such as
Elite IT (
http://www.eliteitpc.com) can provide these solutions to both businesses & residential Clients.
SOURCES:
http://www.eliteitpc.com
http://www.mobile-net.net
http://www.eliterdi.com
