16 Feb Screen-door security: most wireless networks left wide open
I’m not normally one to participate in “scare tactics”. However, there is one area where I finally decided it’s appropriate to do this, and that is wireless security.
Oh sure, there are various articles and such that describe the “improved security” of built-in encryption technologies (WPA versus WEP, and so on). The problem is that at least half of us use no security, and that’s just plain scary.
Last night, I decided to prove my point. I took my laptop home from work, and set it up next to me in the car. The laptop was loaded with “Netstumbler”, a free wireless network sniffing tool, and a cheap GPS unit (79 bucks) that plugs right into the USB port. I didn’t drive around specific neighborhoods – I simply left work, drove to my daughter’s school to pick her up, and went home. About a 20 minute drive, and much of it on the freeway.
The GPS wasn’t necessary, by the way, but it did help me create a really nifty map showing me where all the access points were.
The results of what my laptop saw should scare some of you into realizing the problem we have. Here we go:
Overall, there were 134 wireless access points that I saw. Of these, 72 (more than half) had no encryption enabled. That’s not good. Worse, 23 (about one third of the unsecured units) had the “default SSID” still set. The SSID is the unit’s name broadcast out in the airwaves. Default SSID’s basically imply that the unit was unpackaged, plugged in, and never touched. Yes, these units are far too often treated like Ronco’s tabletop oven: “set it and forget it.”
What we have ended up with is the home security equivalent of a screen door. And for a huge percentage of these access points, the screen door is off the hinges.
Car thieves can break into any automobile, but most of them will take the path of least resistance and break into the car that is unlocked or has a window partially open. Wireless networks are similar. The security tools and settings we can take advantage of are not perfect, but because there are so many people not using any security, they become the preferred targets.
An unsecured wireless network access point is an open invitation. Anyone with a laptop and a handful of free tools can access your network, and quite easy sniff network traffic and eventually get at your computer(s) and all the data that’s there.
What do you use your computer at home for? Accessing your checking account, perhaps? Tracking your personal finances? Logging into a critical server at work? All of this becomes completely vulnerable when access points are set up and not secured. Unsecured network access points at any corporate location up the ante, so to speak.
If you are reading this article online you may have wireless at home. Or perhaps you manage employees who access your corporate systems from home. Worse yet, there may be unofficial wireless access points set up in your workplace, installed by employees for “convenience.” And the data you are responsible for is critical – it may, for example, be health-care information.
Whether it’s your personal environment or related to your employment, it’s a serious issue that should not be ignored. If you have not yet audited the wireless access points in your office and the homes of your employees who telecommute, you should.
Enabling the proper security settings is relatively simple. The broadcast of SSIDs should be turned off. WPA or WEP should be enabled. And “MAC address” filtering can be enabled to only let certain devices in. There are hundreds of articles out there describing how to set up wireless security. A Google search for “set up wireless security” turns up about 14 million hits.
Please: Go get a solid door, put the hinges back on, and lock it.
The opinions expressed herein or statements made in the above column are solely those of the author, & do not necessarily reflect the views of Wisconsin Technology Network, LLC. (WTN). WTN, LLC accepts no legal liability or responsibility for any claims made or opinions expressed herein.