Thursday, April 28, 2005

Wi-Fi Proliferation

Rick Lee illustrates something I've been harping about now for a couple of years: all those open WAP's. Some people turn off WAP by choice. They want to share there internet connection. Many others don't know how or why they should configure their wireless routers. Even others never change the default passwords on their routers. They might have turned on WAP, but it only takes a Goggle search to find the default password to mess with the box.

Securing you wireless network really isn't rocket science and I'll help anyone who wants to know how.

Rick always illustrates his posts with nice pictures. I guess being a commercial photographer helps.


Blogger Rick Lee said...

I'm not a security expert by any means. I honestly don't know how these people might be vulnerable. Perhaps they aren't. They might have file sharing turned off.. they might have internal passwords on their network activated... but I'll bet that most of them would be surprised that they are sharing their Internet bandwith with their neighbors or passersby.

12:58 AM  
Blogger oncee said...

The biggest threat is if someone used a packet sniffer on one of these business networks. Many passwords and other private information are passed over local area networks via plain text. Sharing your internet connection with strangers really isn't much of a security problem. The problem comes from keeping the information on your network secured from the eyes of strangers who might gain from stealing some of your data.

If you aren't running a business network and just have couple of computers for internet and email the risk is much less.

Part of my career has been spent securing law office network, so I've seen the good, the bad, and the ugly when it comes to network that really need to have WAP turned on.

The other issue that comes to mind is how Windows some other operating systems by default handle wireless connections when you turn your computer on. Windows is really bad about joining the closest and strongest wireless network with WEP turned off. The user really should have more control when connecting to wireless networks.

I had one client that had a misconfigured wireless router and half the time he wasn't even using his own wireless network. His was a problem since he practiced law. His email, his internet banking, and all his password were being passed over a network that didn't belong to him. Someone could have sniffed his traffic and found all kinds of things: his bank balance, client names and address, client/attorney communications. I'm not saying anything bad happened. I have no proof that he lost any sort of information, but it could have happened. He would notice that he couldn't share documents with his staff, but he didn't know why. After one or two restarts he noticed he was asked for a password for his own network and everything would work fine.

Wireless security really is a two-way street. I enjoy and use public connections like the ones at Taylor Books and First Watch, but I would never check my email (the password is passed via plain text) or check my bank balance on a public connection.

Packet sniffing isn't that hard. I sniff my own network to see if someone is trying to hack into my home network all the time. Packet sniffing works like a wiretap. You don't even know when you are being sniffed. Sniffing someone else's network is highly illegal and can land one in federal prison. But that doesn't stop some bored high school kid in his parent's basement from doing it.

For the record I have WEP turned on on my home network. My rule of thumb is to turn off services you don't use, use WEP if you don't want to share you connection and your network, and always using a strong firewall. Hardware firewalls are the best.

Some people share their connections by putting a WAP in front of their firewall, which works just as well. Once again we have the problem of wants to share their connection and has configured their network to do so safely, and those who have never configured their wireless network in the first place.

Sorry for the geek rant. I hope anyone who reads this knows a little bit more about wireless security.

1:55 AM  

Post a Comment

<< Home