| Networking professionals are encouraging | | | | point is stronger than your AP's radio signal |
| people to think twice about wireless network | | | | you're security is done. |
| security. You might be thinking I use WEP-128 | | | | |
| bit encryption with MAC address filtering, | | | | May be you fall into the category of never |
| I'm safe. Or you may be you've never even | | | | setting up wireless networks because you read |
| heard of WEP, if this is the case you might | | | | about their insecurities. How then can you be |
| want to unplug your wireless access point | | | | at risk? Just consider for a moment that a |
| immediately. But then again look at the | | | | user in your organization fires up his |
| bright side at least you don't have the false | | | | wireless card. See's a wireless network that |
| sense of security that your network is | | | | is named XYZCorp after your company. So they |
| secure. Perhaps you are the smart guy who | | | | connect to it and immediately a script is |
| knows how insecure wireless networks are. You | | | | hammering their machine for security |
| too are at just an equal risk! | | | | vulnerabilities. Once again they connected to |
| | | | a rogue access point setup by a hacker. Now |
| Your computer consultant might be partially | | | | you might be thinking. "C'mon you must have |
| right when they say WEP will protect your | | | | to be a computer genius to find and run these |
| network. It will protect your network from | | | | tools." Think again, thanks to the kind |
| casual snooping but that is about it. Last | | | | people over at all these tools can be |
| year the FBI was able to crack a WEP | | | | downloaded in one big happy ISO file. Burned |
| protected network in less than 3 minutes with | | | | to a CD as an image and bang you're done, |
| tools widely available on the internet. Since | | | | ready to take a drive to the nearest business |
| then it's been downhill for WEP. | | | | and start sniffing credit card numbers. |
| | | | Everything wrapped into a nice package just |
| At this point you might be thinking, "Oh | | | | waiting for the next script kiddy to start |
| well, someone gets on my network and uses the | | | | running the programs. You may be thinking ok |
| internet". This is completely false. If | | | | this is a major problem so what should I do? |
| someone has gone through the process of | | | | Give up my organizations ability to use |
| getting on your network chances are the only | | | | wireless networks? This isn't exactly what we |
| thing they want is not internet access. Any | | | | are saying. A newer wireless security |
| computer security professional will tell you | | | | technology has taken over in 2004 called WPA. |
| that physical access to the network is 95% of | | | | It is more secure than WEP. And so far tools |
| the security battle. Once this has been | | | | are not as readily available to hack your |
| accomplished you can consider all of your | | | | network. But consider the following. WEP was |
| data compromised. Customer invoices, customer | | | | ratified in the late 1990's less than six |
| data, credit card numbers and passwords to | | | | years later it was exploited. This is typical |
| financial institutions will all be in the | | | | of almost every computer technology. It is |
| hands of a hacker. One in many methods can be | | | | only a matter of time before technologies are |
| used to gain access to your personal data, | | | | exploited. Just always remember Security is a |
| whether it's through Key loggers, Trojans, or | | | | multi-tiered companywide responsibility. From |
| just by sniffing your plaintext network | | | | providing physical security to web site |
| traffic. | | | | security all matters should be considered |
| | | | serious and not taken lightly. So before you |
| Maybe, just maybe, I have not convinced you | | | | grab a wireless access point and slap it in |
| of the insecurities of wireless networks. Let | | | | your network, I urge you to think twice. |
| me tell you about another attack that hackers | | | | |
| can use to gain access to your network. Let's | | | | You may think you are in a sinking boat |
| say your access points are completely locked | | | | because you are a small organization not able |
| down, to your knowledge. A user from your | | | | to implement the latest technologies and |
| network goes and flips on their laptop while | | | | afford the newest access points. Or maybe you |
| sitting in an airport terminal waiting for a | | | | cannot afford to pay an IT staff over |
| plane. They see an available insecure | | | | 100k-200k a year to maintain your medium size |
| wireless network so they click on it and | | | | network. Executives at N2 Network Solutions |
| connect. None of us have ever done this | | | | say you should consider IT outsourcing or IT |
| before right, itching to check their email | | | | consulting. You can get Industry certified |
| one last time before heading out of town? | | | | engineers on a project by project basis. |
| Unbeknownst to them they have just clicked on | | | | Contractual relationships are also available |
| a fake honeypot wireless network, set up by a | | | | to dump the responsibility of your network |
| rogue hacker that before they can even | | | | into their hands for a fraction of the price. |
| realize their machine is already being | | | | To keep your small to medium size network |
| scanned. Picture for a moment that user could | | | | performing like a Fortune 500 machine invest |
| be anywhere, even sitting at a desk in your | | | | the capital and secure your assets. |
| network. Just as long as the rogue access | | | | |