From this week’s issue of Sunbelt’s WXPnews.

Remember when talking on the phone meant being tied to a confined area by a cord? Many members of the younger generation don’t; cordless landlines and cellular/mobile phones have always been a part of their lives. Most of those reading this, though, can still remember when setting up a home or business network required running Ethernet cabling throughout the building (or paying someone else to do it). Those who have actually spent time crawling through attics to drop cable can fully appreciate the miracle of wireless networking technology. No wonder the popularity of 802.11 wireless equipment has boomed in the last few years. For convenience, you can’t beat it. But what about security?

Some people will tell you that wireless networking is inherently less secure than wired communications, and that’s true. To “tap into” your cabled network, an intruder has to have physical access to that line. Because common wireless networking technologies are RF (radio frequency) based and send signals over the airwaves, an intruder can sit in a car with a laptop down the street from your location and “catch” your transmissions. Many wireless users think they’re safe because of the distance limitations referenced in the documentation of their wireless access pointers or routers: approximately 300 feet for 802.11b/g, about half that for 802.11a. What they don’t tell you is that a “war driver” can increase that range by attaching a powerful directional antenna to the wireless network adapter on his laptop.

Now, there are ways to control what computers can connect to your wireless network. You can configure your WAP/router to use “MAC filtering,” which lets you specify that only computers with specific physical (Media Access Control or MAC) addresses can connect to the network. The MAC address is a hexadecimal number that’s usually burned into the chip of the network card by its manufacturer. Unlike the IP address, it’s not easy to change. Unfortunately, though, a skilled hacker can monitor the traffic that’s going over your wireless network and capture the MAC address of a valid computer, then “spoof” it to make it appear that’s the address of his own computer.

Another tip for securing your wireless network is to turn off SSID broadcasting (the feature whereby your WAP/router broadcasts the network name that wireless computers “see” in the list of available networks). That will make an intruder work a little harder to find your network, but only a little. There’s software freely available on Internet hacker sites that a determined intruder can use to “sniff” the packets that are transmitted when a valid user connects to your network and get the SSID that way.

WAPs and wireless routers include encryption mechanisms, typically Wired Equivalent Privacy (WEP) or Wi-Fi Protected Access (WPA) for added protection. Unfortunately, WEP has well known weaknesses that can be exploited by a hacker. WPA provides stronger protection, but isn’t supported by all WAPs, wireless network cards and operating systems.

Because of all these challenges, some folks will tell you that it’s impossible to attain an acceptable level of security on wireless networks and you should just stick with cables, inconvenience and all. Some companies and government agencies have banned wireless networking as a matter of policy. Should you just give up on wireless, too?

We don’t think so. First of all, most of us aren’t transmitting national defense secrets on our wireless nets, so for us an “acceptable” level of security generally means the ability to deter casual intruders, not agents of foreign governments with multi-million dollar equipment who are targeting us specifically. Secondly, much of the insecurity of wireless networking is due to improper configuration of the WAP/router. This is because the default settings of most products leave your network “wide open” (vendors don’t do this to intentionally put you at risk; they do it to make it easier for you to get your wireless network up and running right out of the box). However, you can make your wireless network much more secure by applying the proper settings and encryption. Even more importantly, software companies are hard at work developing products that we can use to make our wireless networks more secure.

We’d like to know what you think about wireless security and what you’d like to see in a wireless security product. Please take the quick survey to share your opinions here.


Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.