Mobile Computing Wireless Computer Networks Convenience and (In)Security

<p>Some only recently began using computers. Others are addicted to their computers and
their mobile phones, Blackberrys® and other wireless communication devices. If the
telephone is an example, wireless computer networks will overtake "hard-wired" networks
within the next decade.

</p><p>Many of us can recall when only one phone company provided local service, you could
have (rent) any phone you wanted (as long as you wanted a black, rotary dialing,
bell-ringing model), and life was simple. Then, the change began.

</p><p>First, you could actually purchase and own your very own telephone. Then,
cordless phones were launched. The first cordless phones connected you to a base unit
in your home or office. That expanded into a wireless revolution where everyone is
just expected to have a wireless phone on his or her person 24/7 and its number
on his or her business cards to always "be in touch." The same progression is
underway in wireless computer networks. If you're not sure what a wireless network
is or where you can find one, read on.

</p><p>Wireless networks are growing exponentially. Businesses frequently use or add a
wireless network because it is much cheaper than running "Cat 5" cable throughout a
facility that they might use for just a few years. Installing a few wireless network
access points and issuing wireless network cards to employees is cheaper than buying
miles of cable and banks of routers, plus hiring qualified people to install a
"hardwired" network.

</p><p>Companies with large personnel influxes add wireless networks to deal with increasing
network demand over short periods of time (such as accountants during tax season).
Starbucks advertises its wireless network to entice professionals and students to come
in, load up on caffeine and work. They provide a "home away from home" for both
you and your computer. Many homes have wireless networks. IBM's recent Thinkpad
notebook computer comes with wireless antennae built into the screen's casing so it is
ready for action whenever the computer is on. Wireless networks and capabilities are
truly everywhere and in places you might never have imagined.

</p><p>Some personal observations are in order. My home's wireless network "surveyed" the
available networks and found three in my neighborhood (including mine). One disappeared
when my neighbor (a technology company officer) moved away, so I have a good idea
which one had been his. Then, I was in a particularly boring mediation session
recently with lots of "down time" in a conference room where I could not get out
to "surf the net" for current news. I plugged in my computer's wireless card and
within moments, it found an open network that allowed me to surf at will. This was
a revelation, and I never discovered (nor even tried to determine) which network
provided the open access.

</p><p>Will pervasive wireless computer networks cause as many problems as they will provide
conveniences? Of course they will. The current "standard" for wireless networks is the
IEEE 802.11b Standard. Its benefits include being able to use encryption to
validate users and protect data being broadcast over the airways. That's correct,
broadcast over the airways. All wireless devices broadcast in much the same way that
radio and television stations do—but with lower power and shorter range. Does
broadcasting this data create different security issues? Absolutely!

</p><p>Recently published articles on wireless network security indicate that some networks
are more secure than others. (The most current articles can be found with your
favorite search engine using the search phrase "wireless network security.") It is
also universally reported that wireless networks are vulnerable to those who would
maliciously use their openness by "sniffing" out their locations and then working to
hack their way into whatever is found on the network.

</p><p>"Sniffing" out the wireless signals is relatively easy—most wireless devices will tell
you if a wireless network is within range. Malicious users could add directional
antennae to their toolkits to search over an even broader area since they effectively
extend the wireless network's reach well beyond the hundreds of feet most usually
broadcast.

</p><p>Hacking into wireless networks requires different efforts than hacking over the
Internet, but it can be done. While a "how it's done" explanation goes well beyond
the scope of this article, suffice it to say that a determined hacker can get into
a wireless network; since this can be done from a car in the company's parking lot
or from a nearby building, hackers can choose their specific targets by merely getting
close to them.

</p><p>What can or should you do to minimize this risk (or at least require the hacker
to work harder to break into your wireless network)? Some basic security precautions
include:

</p><ol>
<li>Change your wireless network's Service Set Identifier (SSID) to a unique
and "strong" identifier. The SSID is used within the network to identify authorized
users. Many "off-the-shelf" products suggest or provide a generic SSID that can
easily be used by a hacker to evade an early barrier.

</li><li>Enable wireless network's Wired Equivalent Privacy (WEP) and use the "shared
key" method to both authenticate users and encrypt data being transmitted. While
it is possible for serious hackers to crack the encryption, even a weak lock is
better than no lock at all. It should go without saying that the WEP keys you
select should be either randomly generated or otherwise not obvious (just as you
should not use 1234 as your ATM card's PIN). Changing your WEP key
periodically provides an additional layer of protection.

</li><li>Password-protect everything that is important. There are a number of
"dictionary" password cracking methods that literally roll through the dictionary,
testing each word as a possible password. Using "strong" passwords that combine
letters and numbers increases your security by making it impossible for hackers to
use "off-the-shelf" tools to crack into your data.

</li><li>Treat wireless communications (including data communications) as postcards. If
a communication is truly confidential, do not use a wireless network to transmit
(broadcast) it since you never really know whether anyone else received your
transmission.
</li></ol>

<p>Fortunately, the bodies that promulgate the industry standards are aware of these
(and other) security issues. Standards are continuously updated to take advantage of
new discoveries. Today's wireless networks are more secure than their predecessors, yet
less secure than those that will follow. It is, as always, an evolutionary process.

</p><p>Obviously, wireless network security goes far beyond what can be covered in this
article. As with many things, you must first understand the risk before you can
begin dealing with it. Then, you can take steps to protect yourself and the client
data you send or receive.<small>^{<a href="#2" name="2a">2</a>}</small>

</p><hr>
<h3>Footnotes</h3>

<p>^{<small><a name="1">1</a></small>} Board-certified in business bankruptcy by the American Board of Certification and the Texas Board of Legal Specialization. <a href="#1a">Return to article</a>

</p><p>^{<small><a name="2">2</a></small>} Additional resources: "Securing Your Wireless Network," <a href="http://www.practicallynetworked.com/support/wireless_secure.htm&quot; target="window2">www.practicallynetworked.com/support/wireless_secure.htm</a&gt;; Goodwins, Rupert, "Wireless
Network Security Shows Cracks," <a href="http://news.zdnet.co.uk/story/0,,t269-s2104588,00.html&quot; target="window2">http://news.zdnet.co.uk/story/0,,t269-s2104588,00.html</a&gt;; <i>Wireless Networking Reference—Security</i> (listing
of articles), <a href="http://www.practicallynetworked.com/tools/wireless_articles_security.ht…; target="window2">www.practicallynetworked.com/tools/wireless_articles_security.htm</a&gt;; Arbaugh, William A., Shankar, Narendar, Wan, Y.C. Justin,
"Your 802.11 Wireless Network Has No Clothes," Dept. of Computer Science, University of Maryland ©2001 (and included in listing
of <i>Wireless Networking Reference—Security</i>). <a href="#2a">Return to article</a>