If your business hasn’t yet deployed a wireless network, chances are good that you are at least considering the possibility. Wi-Fi networks are becoming well-known and readily available in electronics
and office supply stores. A couple of years ago you had to look hard to find
wireless LAN products on store shelves. Now, there are full-length aisles full
of wireless adapters and routers. With this growing popularity, lots of homes
and small offices are deploying wireless LANs.
With this in mind, a couple of my staff members drove through residential and
office areas while running a wireless LAN analyzer. The goal was to find out
what security issues were commonly present in wireless LAN implementations in
the area — what some call a wardrive. Here’s what we found:
Home Office WLAN Security Not So Good
After driving through a few large residential areas and capturing details from
a couple hundred wireless routers
and access points, we found that roughly 50 percent were not using any form
of security. Of course the problem with this is that a neighbor or someone who
parks in the street can easily access Internet services and retrieve files stored
on the homeowner’s computers.
A while ago, a friend of mine living in an apartment installed a wireless LAN
router (with no security) attached to a broadband Internet service. After a
few months, he found that a couple of unknown users were associating with the
router and using his Internet service from somewhere else within the apartment
complex. He quickly implemented Wi-Fi Protected Access (WPA), which
solved the problem. You could also disable SSID (service
set identifier) broadcasting (if available on the unit) to limit other users
from automatically gaining access.
Also, I’d heard that a friend of our family bought a laptop with an integrated
Wi-Fi adapter, took it home, and found it really cool that they could access
the Internet wirelessly. This user, however, hadn’t yet installed any routers
or Internet service. Apparently, the radio card in the laptop was associating
with a neighbor’s unsecured wireless router, which was graciously providing
access.
The funny thing was that this person didn’t even realize that you needed any
special hardware to make this work. They’d thought that the wireless
connection was enabled by only the radio device in the laptop and that the connection
to the Internet was magically made available.
SSIDs Identify Businesses
In our drive-around testing, we found that many of the home offices and businesses
were broadcasting the default SSID, which actually isn’t too much of a problem.
In most cases, the default value is the hardware vendor’s name (except Cisco,
which uses “tsunami”). Some of the SSIDs found in our testing clearly indicate
company names. In fact, we found several large businesses having the SSID the
same as their company name. These companies were not broadcasting SSIDs, but
our packet analyzer readily found the SSIDs in user association request frames.
The knowledge of the SSID alone doesn’t allow access to a WLAN that employs
solid authentication and encryption mechanisms. The issue is that having an
SSID the same as the company name may identify a network that a hacker would
rather attack than others. I’d argue that it’s safer to have the SSID equal
to the default vendor name rather than use your company name. In addition, the
use of meaningless characters as the SSID draws the attention of hackers and
makes them suspicious that it represents a company trying to hide themselves.
Business WLAN Security Not Much Better
In business areas, we found that the usage of wireless security was around
75 percent. This was better than the residential areas, but there
were still several rather large, well-known companies operating wireless LANs
without any form of security. There was even evidence that a significant portion
of these businesses were connecting their access points directly to the corporate
network.
A business is a bigger target for hackers wanting
to either disrupt operations or steal information. Companies not implementing
wireless security are certainly inviting hackers in to overhear e-mail transmissions,
access corporate data and change network configurations.
The bottom line is that home offices and small businesses need to secure the network with at
least wired equivalent privacy (WEP). Even
though WEP has weaknesses, it’s better than nothing. If WPA is available, use
it. For larger companies, consider the use of a VPN (virtual private
network) and/or 802.1x authentication.
Article courtesy of WiFi Planet
| Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today! |
