What You Don't Know about WiFi CAN Hurt You.
By Mark Dahmke
That wireless router you installed on your business or home network can be a wonderful productivity tool, but it can also come back to bite you if you're not careful. A recent survey of wireless signals in Lincoln showed that over 60% of all WiFi routers and access points are misconfigured, poorly protected, or not protected at all. This is an alarming and extremely dangerous situation, for a variety of reasons.
First, if you powered up your wireless router and left it in its default configuration, you've effectively put up a "hack me" sign that anyone within a few hundred feet can read, without any special software or hardware.
You might say "well there's nothing important on my computer anyway, so it doesn't matter," but you'd be wrong. Someone might decide to infect your computer with a virus or a trojan... they might want to install a program that captures every keystroke and sends the data back to them over your wired Internet connection. They might want to sit outside your office or home and send spam from your address, causing your ISP to disconnect your service. Or they might use your Internet connection to download pornography, which could be traced to your IP address, causing a visit from the police.
Did you know that most Internet Service Providers prohibit allowing customers to give away or resell their DSL or Cable Modem access to third parties? If you put up a WiFi connection and allow your neighbors or even your customers to use it--without first getting permission from your ISP--they could cancel your service or even prosecute.
What if you install a WiFi access point and turn on all the encryption features, make the password hard to guess, and turn off the feature that announces your network ID? Your network might still be open to several forms of attack.
Many of the inexpensive WiFi products only support "WEP" encryption. WEP is a way of scrambling data packets so that they appear unintelligible to anyone eavesdropping on your network. It works about the same way as scramblers on cordless phones. Unfortunately the WEP standard has some well-known security flaws that make it very easy to crack. Unless you change your encryption key every few days, someone in a nearby building could passively capture enough data to break your codes and read anything going to or from your PCs, including all your passwords, credit card numbers and email.
The new standard for encryption is called "WPA" or Wireless Protected Access, and it fixes the problems with WEP, and adds rotating keys. The router keeps generating new encryption codes so that no one code is in use long enough for a hacker to be able to break it.
What if you configure your router to not broadcast your network ID? Won't that keep people from discovering your network? Not really. Several free software packages such as Kismet and Netstumbler will capture all the data packets they see, and can easily discover all available networks, regardless of whether you try to hide your ID (however we'd still recommend that whether you announce your ID or not, you should not use anything obvious like your business name, your own name or your address). Kismet and Netstumbler can also readily determine network addresses and other information about your network even if you use encryption.
Another concern is the use of "rogue" wireless networks installed by your own employees. Employees frustrated with the slow response of their company's IT department often take matters into their own hands and install their own PC or networking hardware. An employee in need of multiple network connections, might go out and buy a $50 hub for their office, or thinks it'd just be cool to have wireless access for their notebook computer. Once the device is attached to your office network, with no encryption or a weak password, anyone can gain access to your network as if they were sitting at that employee's desk. These issues need to be discussed with employees, and policies need to be in place to prevent expensive intrusions into your corporate network.
In major metropolitan areas, the proliferation of open wireless networks could make it easy for a sophisticated hacker to attempt a digital "Pearl Harbor" -- or more appropriately a digital "9/11" using the networks of unsuspecting and unprepared businesses and home users to attack our national network infrastructure. The threat goes beyond just the security of your own data and your own network.
What if you provide employees with VPN (Virtual Private Network) access from home or laptop? VPNs allow you to create secure extensions to your corporate network, to allow employees to work from anywhere. But all the security of a VPN connection can't protect your office network if your employees have open or unprotected WiFi networks at home. In fact they provide an easy "back door" into your valuable company assets.
Wireless networks can provide enormous benefits to your business, provided that they're configured correctly and with network security in mind.
What steps should you take to protect your network and data? The first step is education. Your employees need to understand the risks and know what they need to do to protect the company. The next step is proactive monitoring and intrusion detection. Anti-virus programs and firewalls are only one part of the solution-- they won't protect you from inadequate network security practices. For larger organizations, its a good idea to consider installing a monitoring system to actively check for new devices added to your network, or new wireless access points that suddenly appear in or near your buildings. Another option is to use contract with a network security company that can keep an eye on your network and notify you of anything suspicious.
Unfortunately there's no way to know if someone is passively monitoring or recording data being sent wirelessly between your computers. But you can use the same tools the hackers use, to test the strength of your own network and improve your defenses.
Information Analytics offers a variety of solutions depending on the size of your business and network. IA can perform an inexpensive external security scan or a more thorough internal network security audit, designed to give you the critical information you need, to make decisions and budget resources. We can also install custom hardware and software systems to monitor and protect your network.
We are an authorized reseller of eEye Digital Security's products, including Retina. Retina will find vulnerabilities for all active IPs, including routers, switches, servers, workstations, printers and wireless access points.
Wireless network protection begins with a thorough assessment of router configuration, plus an actual intrusion test, where we attempt to gain access to your network through your wireless access point. The only way to know for sure if your network is at risk is to try to break into it.
For more information, call us today at 1-866-477-8300 for a free initial consultation.