Unsupported browser

For a better experience please update your browser to its latest version.

Your browser appears to have cookies disabled. For the best experience of this website, please enable cookies in your browser

We'll assume we have your consent to use cookies, for example so you won't need to log in each time you visit our site.
Learn more

Best-kept secrets

  • Comment
architech - Are you protected against the threat of rogue users infiltrating your wireless network?And does it actually matter anyway?

We all have our firewalls installed, our anti-virus and anti-spam software is up-to-date and we run our anti-spy/malware applications religiously every week. Don't we? But since WiFi was introduced in 1999, a new route into your data has been established. So how secure is the wireless component of our computer communications? And does it really matter all that much?

How do you react to the recent Computer Weekly headline: 'Securing your networks against the risk of rogue wireless access is no longer optional'? If you are still merely wired to each other, is the prospect of rogue wardrivers armed with wireless-enabled laptops and Pringles-can aerials putting you off the idea of setting up a wireless network? You might also ponder an answer to the supplementary question of whether or not it is usually computer security firms that host wardriving demonstrations for impressionable journalists around local business districts. The invention of both the name and activity of wardriving, incidentally, is claimed by Californian Peter Shipley at www. dis. org/shipley.

Overstating things?

Then ponder a piece, 'Hotspot paranoia: try to stay calm', in the independent online industry magazine, The Register, by the influential Guy Kewney. He suggests that not many people, possibly none, are really interested in the myriad files that exist across even a reasonably uncomplex network. There are better and easier ways of conducting commercial espionage, such as using the internet, infiltrating a mole into the office, offering inducements to staff - or simply asking them in the local pub. These are surely more comfortable than sitting conspicuously in a car outside of the office, Pringles can poking out the window, feeding parking meters, arguing with traffic wardens and discovering how appallingly manufacturers exaggerate their laptops' battery lives.

It needs to be said that Kewney was talking about the security of hotspots in places like Starbucks' coffee outlets. Of the security of sites he quite properly says: 'It's a good idea to know what the exploits can be - especially if you're a lawyer or a doctor and have seriously confidential information on your PC, which simply cannot be risked.' It is true that architects sometimes deal with information that really needs to be kept secure. But this is rare, and the contract with your sovery-secret client will almost certainly specify exactly what level of security you need to install and how it is to be implemented. It is also true that selfimportant partners sometimes insist that their every thought and idea merits being kept under electronic lock and key. Fine. It is actually quite easy to do.

Protect and save Internet security is well enough understood, even if the prevalence of spam suggests that few people seem to implement it. The front line of internet security is your firewall. Wireless insecurity starts behind your firewall and hangs on interlopers being able to insert themselves into the network by pretending to be part of it. So you stop that happening.

You instigate password protection for the practice network (and don't file the new one somewhere on the network). You use secure connections before transmitting financial information. You change your SSID (Service Set Identifier), which your access point broadcasts every couple of seconds, to a name other than 'linksys' (the default SSID on Linksys access points) or 'tsunami'(Cisco's) or 'belkin54g'(Belkin).

And you turn on the security switch that comes with most WiFi software.

All those scare stories by journalists who have spent a day wardriving around the City are describing nothing more than logging in to companies whose IT people have forgotten to press the WEP (Wireless Equivalent Privacy) switch, or who don't know about the SSID bit. This is complicated by the fact that, because cracking new passwords is surprisingly easy, some recommend that the WEP should be turned off and every computer in the network assigned the new SSID individually. And you can limit DCHP and hide MACs and? make lots of work for the harassed network supervisor who is probably better engaged reconnecting the A0 printer.

But maybe you have other security imperatives, however unjustified: the above partner, paranoid clients, an overall unease about the possibility of others looking at your stuff, the need to generally proof-test wireless security systems. There is WPA2, which provides a higher, government-grade security than ordinary WPA (WiFi Protected Access). For these two check out www. wi-fi. org/OpenSection/protected_access. asp). And there are a bunch, actually hundreds, of proprietary high-level security programmes. Not surprisingly, in real life people are disinclined to use these religiously because typing in passwords all the time is tedious and any security system tends to slow down a network.

Thin body of evidence Traditionally, our financial institutions close ranks on the topic of fraud, but, although there is one recent, widely reported US case, it seems very few people in the world have yet been convicted of wardriving crimes. It is reckoned that 80 per cent of all computer crime is not wireless-based. It is web-based, probably because it is a lot easier and can produce an immense harvest for crooks. * It may also be because there is apparently nothing to prevent you logging into somebody's network, providing you subsequently do nothing to disadvantage the owner of the data streams in which you have just paddled.

Hard tack There are some physical things you can do. One is to turn your office into a kind of Faraday cage by painting the interior or exterior walls with special paint - most contain particles of aluminium or copper. You could encase all your cabling in a wire sleeve, or stick a metal-rich film to your windows. You could buy the wardriver's divining rod, a WiFi network finder, which is indiscriminate about who uses it. And there is even a stealth wallpaper made from coppercoated Kapton (a polyimide film), which allows mobile phone waves out but not WiFi transmissions. At last count it cost £500 per metre:

'Peanuts to big business, ' said a perky New Scientist reporter. BAA is said to be developing a transparent film for windows.

There are less elaborate techniques, such as attaching wireless access points with directional antennae pointing inwards from the office perimeter walls. But what do you do about long-range Bluetooth devices with their normally omnidirectional antennae? And what do you do about wireless hand-helds and visitors' wireless-enabled laptops?

Remember that around 80 per cent of all laptops sold from now on will be wireless-enabled.

Qui bono?

In the end you have to ask yourself the old lawyer question: qui bono? Who benefits from this fear and uncertainty? One not so cynical view is that it may well be mainly the wireless security firms. That is not to say you should ignore common sense and not install easily implemented wireless security, or that you should be cavalier about protecting genuinely private electronic information. It is just that you need to ask yourself whether you really need massive wireless security;

is your office really unbreachable and what would be the cost of a wireless intrusion? The answers may well be no and nothing.

What, then, of security with the soon-to-be-implemented WiMAX, where you are connected wirelessly to a public access point? That is a whole new can of worms.

l Most financial transactions such as online buying are protected by a technology called SSL (Secure Socket Layer), and are nothing to do with wireless access, unless somebody can follow the transaction or its path on your network.

  • Comment

Have your say

You must sign in to make a comment

Please remember that the submission of any material is governed by our Terms and Conditions and by submitting material you confirm your agreement to these Terms and Conditions.

Links may be included in your comments but HTML is not permitted.