If you don't already have a wireless network in your office or home, you probably will soon: The use of wireless networking is burgeoning because, as millions already have found, it's a wonderfully convenient and inexpensive way to share data, printers, or Internet connections. You can do almost anything on a wireless LAN that you can do over a conventional wired connection, but without the hassle of running cables or of being tethered to one location.
In its most common form, a wireless network consists of one or more devices that connect via low-powered radio signals to and through a transceiver called an "access point." The access point and wireless devices comprise a LAN unto themselves, although the access point is usually also connected to a conventional LAN or to the Internet, or both: This lets the wireless devices connect not only to each other but also to the wider world beyond the immediate range of the wireless network.
The "immediate range" can be substantial: In operation, each access point typically creates a bubble of connectivity extending a hundred feet or more (sometimes much more) in all directions. Any properly equipped wireless device within that bubble, such as a laptop or PDA, can use the access point to go online or get into the local network. This can be a very good thing: It means you can roam from room to room, or meeting to meeting--even outdoors--and still maintain your LAN and Internet connection.
But unless the wireless network is set up properly, this also can create problems: By default, most wireless access points and devices are set up to connect as transparently as possible, with automatic detection of the wireless node, automatic handshaking and assignment of an IP address, and so on. This makes it easy for you and your coworkers to connect, but it also means that anyone in the next office, in the parking lot, on the sidewalk, in a nearby apartment or house--anyplace within the bubble of connectivity--also may be able to tap into your bandwidth and go online through your access point without your explicit knowledge or permission. In fact, they also may be able to access not just the Internet, but the PCs on your local net as well.
The proliferation of wireless access points has spawned a whole new activity called "war driving," in which people cruise the streets looking for "hot spots" where a wireless signal leaks out into public space. (The name derives from the old practice of "war dialing" where miscreants such as the youthful hacker in the movie "War Games" would serially dial all phone numbers in an exchange, looking for an unguarded modem connection to hijack.) War driving has become so popular it's even appeared in the Doonesbury comic strip.
The burgeoning war driving community is split into two antagonistic camps. The bad guys are the war drivers who exploit publicly accessible wireless nodes for purely selfish ends. They regard any accessible wireless signals as fair game, and use them to go online at someone else's expense. Sometimes, these war drivers also use purloined access for outright hacking or cracking activity, such as corporate espionage, data theft, site defacement, and so on.
The good-guy faction of the war driving community seeks wireless hot spots mainly for the thrill of the hunt, and to alert businesses and the public about the security risks of improperly configured access points. In fact, the "Second WorldWide WarDrive" (an international collaboration and competition) just ended on Nov. 2: Its goal is to generate statistics about how access points are commonly misconfigured to allow unintentional public access.
Both types of war drivers publish their findings on the Web: There are many sites that list wireless nodes that are available for public access, either by design or misconfiguration. See, for example, this meta-list.
Preventing Wireless Poaching
The main reason wireless security is a problem is that vendors of wireless gear want to make it as easy as possible to connect: They want their users to have rapid success in setting up and using wireless products--and (not trivially) to avoid tech-support calls. As a result, many wireless devices are shipped with security features disabled or set to a lowest-common-denominator level.
For example, most wireless LANs are configured with something called an SSID, or "Service Set Identifier," meant to act as a barrier to unauthorized access: Only devices that have the proper SSID will be able to access a given wireless connection.
But right out of the box, most wireless devices come with a standardized default SSID. For example, the default SSID for Linksys devices is often simply "Linksys;" the default SSID for Cisco devices is often "tsunami;" and so on. If the user or administrator responsible for setting up a wireless network doesn't change the SSID to something unique, a war driver may gain initial access to a wireless node simply by trying all the well-known default SSIDs.
Thus, the #1 rule for improving the security of a wireless network is to change the default SSID to something truly unique. It's a step that's simple, obvious, and often not done.
Likewise, each authorized user of a wireless connection should have a unique user name and password; the password should be a mix of alphanumeric and punctuation characters, as random as possible, and at least six characters long. An access point's administrator's account is especially sensitive and needs a particularly strong password so a cracker can't guess his way into that account and take over the entire wireless connection.
There are many other steps you can take to improve this most basic level of security: You can enable WEP ("Wired-Equivalent Privacy," a form of encryption that theoretically makes wireless connections as secure as a normal wired LAN connection); MAC filtering (which limits access only to wireless systems whose network card's "Media Access Control" identifier is known and approved); and lots more.
For example, "The Definitive Guide To Wireless WarX'ing" is not only an eye-opening guide to the many means by which war drivers may try to connect to your wireless network, but it also contains excellent advice on how prevent such accesses: See "Section VIII--Securing your WLAN."
Most vendors of wireless connectivity products also provide at least basic information on making their products more secure: For example, Linksys offers a page that details simple wireless security measures. User-to-user, peer-level information sharing also can help. Again using Linksys as a working example, here's a user page that contains screen shots showing how to make a common Linksys wireless product more secure. (Note to the easily offended: The page contains an expletive.)
Moving up the scale of technical complexity, "The Unofficial 802.11 Security Web Page" is extremely deep and somewhat daunting to wade through, but it provides a huge amount of professional-level information on WLAN security. You'll also find many additional information sources here.
Some access-point owners even use spoofing software to create fake access points or fake SSIDs, flooding the airwaves with disinformation, thus making it harder for a war driver to find the real access point or SSID among the blizzard of false ones.
You even can use war drivers' own tools against them by turning the tools around and using them proactively to audit and monitor the security of your access points--letting you find any vulnerabilities before potentially hostile war drivers do.
Limiting initial access to a wireless node or access point is one thing, but it's also important to think about what happens after the initial connection is made: You also need to limit unwanted peer-to-peer contact across the node or access point. For this, I suggest the same strategies for wireless LANs as for any other LAN: a personal firewall. While some IT experts sneer at these software tools, they actually can play a valuable role in backstopping a LAN's primary security measures; in limiting peer-level attacks on the intramural side of a LAN; and in preventing "phone-home" activity by worms, Trojans, viruses, and other hostile software. (See "How Much Security Is Enough?")
Allowing Wireless Guests
So far, we've focused on preventing access to a wireless LAN or node. But some businesses seek the opposite: They not only allow but also actively encourage the sharing of wireless bandwidth. As long as this is a conscious choice on the part of the owner of the access point, made with full awareness of security issues, it's fine.
For example, some shop and cafe owners deliberately set up low-security access points to attract wireless users to their shops. Some airport lounges, libraries, and similar locations also may choose to make some of their bandwidth available to patrons as part of the service.
Some progressive businesses, community activists, and homeowners likewise are banding together deliberately to share their wireless connections over wider areas: By carefully selecting which businesses and homes in an area will house access points, it's possible to blanket a campus, neighborhood, town, or region with overlapping access point coverage, creating a kind of wide-area communications network where users can go anywhere, and still be connected. See, for example the "Personal Telco" project in Portland, Ore. Or see the more general "FreeNetworks" site which describes itself as "... an exercise in telecommunications freedom. A network created by those who use it rather than brought to consumers by business. It is not necessarily 'free' as in cost, but, more to the point, autonomous and self governing."
It sounds great, but access sharing can bring some potential downsides besides just the now-obvious one of security. For example, many ISPs prohibit access sharing, and may terminate any account that's shared among wireless devices. The ISP may even seek legal remedies against users who share their connection: Some ISPs see access-sharing as a form of theft of service because a shared account will consume more bandwidth for longer times than a single account normally would.
So, if you connect through an ISP, it's wise to check your ISP's terms of service to see what is and isn't allowed before you alter the end-point of your connection. If you find your ISP won't allow connection sharing, you may wish to seek one that does. The Electronic Frontier Foundation has compiled just such a list of "Wireless-Friendly ISPs."
Make It A Choice, Not An Accident
A wireless network can be shared or private, and either way is fine as long as it's a deliberate choice, made with full knowledge and awareness of the consequences. Either way, the many resources listed above can help you accomplish your goal.
What's your take? Do you or your business use wireless networking? If so, have you taken steps to prevent unauthorized access? Have you encountered hostile war driving? Or: Do you explicitly invite and allow others to share your access? Either way, what tools have you found useful? Join in the InformationWeek.com Listening Post discussion.