Cosmic Consulting  www.cosmicconsulting.com

Articles

Wireless Security

Oxymoron or Not, You Should Still Use It

When the present popular Wi-Fi wireless standard came out (802.11b/g, Airport), the vendors were very excited to bring a new method of connecting computers to the general marketplace. "Look Ma! No Wires!" They were in such a hurry, they didn't take security very seriously, but they did consider it a little.

Many consumers have taken the same approach when buying and installing these wireless products except many consumers don't even consider security a little. They should. Here's why.

But first I need to provide a little terminology. A wireless network is "Open" when anybody passing by within range of the wireless signal can connect to to the network freely and automatically. The simplest way to configure a laptop computer for wireless access to tell it to automatically join any network within range. Students or office workers can then carry their laptop computers from their home network to their school/office without worrying about re-configuring. A side-effect is that these laptop computers will join any Open network just as readily. Sometimes in apartment buildings, a wireless user may be in the circumstance that the neighbor's wireless signal is stronger than his own equipment and the laptop user may go for months using the neighbor's wireless Internet without even realizing this is happening.

The wireless network is "Closed" when it is more difficult to join by making use of some of the built-in privacy and security features of the wireless equipment. Closed is an indication of intent, not actual results. The features available to close a network are not foolproof and can be circumvented by a persistent cracker. They do effectively block all casual and accidental visiting users. And they can be quite effective at slowing down even the most aggressive intruders.

Why should you bother turning on the security and privacy features of your wireless equipment?

Privacy

Assume that you have two or more computers in your home or office network. Because you want to share files freely between them, you have enabled some sort of sharing scenario whereby you can copy files from one hard drive to another. To make it easy, you aren't requiring that you type a username and password each time you connect to the other computer's files. If this describes you, then in an Open wireless network anybody within wireless range can copy any file that you can. Depending upon the type of information you have, this can be simply an embarrassing violation or it can be a devastating loss of confidential info. If your simple and easy file sharing scenario allows you to create/edit/delete files on the other computer, then the unwanted visitor can do the same thing and destroy or alter your files and add undesired files such as viruses or undesirable material.

What are the chances of somebody doing this? Why would they bother? My business or home network doesn't have anything of interest to anybody.

Unless your business has some material interesting enough for industrial espionage, the type of people who would do this are just bored individuals who might find this fun. Teenagers with high-tech toys are that sort of people. It only takes a consumer-level laptop computer with a wireless card and almost no computer expertise to have this type of "fun". Why these individuals would be prone to do it follows the same reasons that vandalism in our physical world happens. Sometimes it is totally senseless, other times it may be motivated by a grudge you, your organization, or the world in general. For whatever reason, it does happen. There is little reason to make it easy for it to happen.

Security

Related to the privacy issue above, an Open network can be the target of malicious acts. These might be intentional vandalism or they might be totally accidental. Accidental acts of maliciousness would occur when viruses (technically "worms") on the unwanted visiting computer automatically attack computers on your network.

But wait! I've got a firewall on my wireless equipment. I've set it to keep out all those network worm type attacks.

A firewall keeps out attacks from "the outside". The outside usually means the Internet. The firewall acts as a barrier between your Internet connection (the outside world) and your local network (your private, inside world). These firewalls usually do a very good job at this and I recommend them highly. But the unwanted visitor to your Open wireless network is connecting to your local network, i.e., your inside world. The firewall is not involved there and offers no protection whatsoever. When an unwanted visitor connects to your wireless network, he might as well be sitting in your office connected with a cable. Your network is then subject to whatever malicious acts that visitor's computer may be doing intentionally or unintentionally.

Performance

There is only a relatively limited amount of "bandwidth", or ability to carry communication traffic, provided by the wireless networking options. Wireless networks are considerably slower than conventional wired networks. Every computer that connects will use up some of that capacity. By preventing unwanted visitors to your network, the overall performance will be increased.

For those networks that share an Internet connection, there is an additional performance issue. One of the more popular things for an unwanted visitor to do is to "borrow" an Internet connection from an Open wireless network. For them this is free Internet access. If you have a very fast connection and not many users, it may not be a noticeable performance issue. Since wireless connections are faster than cable and DSL "high-speed" connections, an uninvited visitor borrowing the connection will make a very big performance difference. The visitor can easily saturate your connection with a big download session slowing down the Internet session significantly for all users.

Social Responsibility

Aside from the risks that you assume to your security and privacy, there is an additional side-effect of keeping your wireless, Internet-connected network Open. By providing free-for-all Internet connection, you are giving anonymous access to the Internet to anybody. Any malicious activity on the part of your visitor will only be traceable back to you and your network. That visitor can send millions of SPAM e-mail, illegal threat e-mail, launch virus attacks as a prank or even as a terrorist act. This visitor can do whatever they fell like with the confidence that they are going to get away with it. Others will be directly victimized and you and your organization will suffer the blame for either letting this happen using your equipment or you might be falsely accused of perpetrating the crime. In the case of the SPAM e-mail sent, your Internet Service Provider would probably cancel your service. It only takes one wireless visitor to do all of this. And with a little preparation and your Open connection, it can be done by that visitor in a matter of minutes.

The Internet is a powerful tool but it can be a very powerful weapon. Leaving a wireless network Open is the social equivalent of leaving your car unlocked, unattended, and running in front of a public high school. It is certainly more convenient to leave your car unlocked and running. This saves you lots of time finding your keys and starting your car. The risk of one of the students taking a joy ride and getting into an accident is very high. You would likely be held partially to blame. This is a highly preventable situation.

Why Do Wireless At All?

While you can take the extra time to secure your wireless network, you might ask yourself why would you want to have a wireless network at all? The only advantage is that it doesn't need wires. Every other aspect is a significant disadvantage. It is much slower than a wired system. It is much more expensive than a wired system. It is much less secure than a wired system.

If you have a laptop computer and do not want the extra hassle of connecting it into a network using wires, the benefits of wireless may outweigh the hassle of being wired. But for desktop computers, it makes no sense to go wireless. Just wire them up and forget about it. You'll avoid a whole mess of problems.