| Networking professionals are encouraging people | | | | security is done. |
| to think twice about wireless network security. | | | | May be you fall into the category of never setting |
| You might be thinking I use WEP-128 bit | | | | up wireless networks because you read about |
| encryption with MAC address filtering, I'm safe. Or | | | | their insecurities. How then can you be at risk? |
| you may be you've never even heard of WEP, if | | | | Just consider for a moment that a user in your |
| this is the case you might want to unplug your | | | | organization fires up his wireless card. See's a |
| wireless access point immediately. But then again | | | | wireless network that is named XYZCorp after |
| look at the bright side at least you don't have the | | | | your company. So they connect to it and |
| false sense of security that your network is | | | | immediately a script is hammering their machine |
| secure. Perhaps you are the smart guy who | | | | for security vulnerabilities. Once again they |
| knows how insecure wireless networks are. You | | | | connected to a rogue access point setup by a |
| too are at just an equal risk! | | | | hacker. Now you might be thinking. "C'mon you |
| Your computer consultant might be partially right | | | | must have to be a computer genius to find and |
| when they say WEP will protect your network. It | | | | run these tools." Think again, thanks to the kind |
| will protect your network from casual snooping | | | | people over at all these tools can be downloaded |
| but that is about it. Last year the FBI was able to | | | | in one big happy ISO file. Burned to a CD as an |
| crack a WEP protected network in less than 3 | | | | image and bang you're done, ready to take a |
| minutes with tools widely available on the internet. | | | | drive to the nearest business and start sniffing |
| Since then it's been downhill for WEP. | | | | credit card numbers. Everything wrapped into a |
| At this point you might be thinking, "Oh well, | | | | nice package just waiting for the next script kiddy |
| someone gets on my network and uses the | | | | to start running the programs. You may be |
| internet". This is completely false. If someone has | | | | thinking ok this is a major problem so what should |
| gone through the process of getting on your | | | | I do? Give up my organizations ability to use |
| network chances are the only thing they want is | | | | wireless networks? This isn't exactly what we are |
| not internet access. Any computer security | | | | saying. A newer wireless security technology has |
| professional will tell you that physical access to | | | | taken over in 2004 called WPA. It is more secure |
| the network is 95% of the security battle. Once | | | | than WEP. And so far tools are not as readily |
| this has been accomplished you can consider all of | | | | available to hack your network. But consider the |
| your data compromised. Customer invoices, | | | | following. WEP was ratified in the late 1990's less |
| customer data, credit card numbers and | | | | than six years later it was exploited. This is typical |
| passwords to financial institutions will all be in the | | | | of almost every computer technology. It is only a |
| hands of a hacker. One in many methods can be | | | | matter of time before technologies are exploited. |
| used to gain access to your personal data, | | | | Just always remember Security is a multi-tiered |
| whether it's through Key loggers, Trojans, or just | | | | companywide responsibility. From providing |
| by sniffing your plaintext network traffic. | | | | physical security to web site security all matters |
| Maybe, just maybe, I have not convinced you of | | | | should be considered serious and not taken lightly. |
| the insecurities of wireless networks. Let me tell | | | | So before you grab a wireless access point and |
| you about another attack that hackers can use | | | | slap it in your network, I urge you to think twice. |
| to gain access to your network. Let's say your | | | | You may think you are in a sinking boat because |
| access points are completely locked down, to | | | | you are a small organization not able to implement |
| your knowledge. A user from your network goes | | | | the latest technologies and afford the newest |
| and flips on their laptop while sitting in an airport | | | | access points. Or maybe you cannot afford to |
| terminal waiting for a plane. They see an available | | | | pay an IT staff over 100k-200k a year to |
| insecure wireless network so they click on it and | | | | maintain your medium size network. Executives at |
| connect. None of us have ever done this before | | | | N2 Network Solutions say you should consider IT |
| right, itching to check their email one last time | | | | outsourcing or IT consulting. You can get Industry |
| before heading out of town? Unbeknownst to | | | | certified engineers on a project by project basis. |
| them they have just clicked on a fake honeypot | | | | Contractual relationships are also available to dump |
| wireless network, set up by a rogue hacker that | | | | the responsibility of your network into their hands |
| before they can even realize their machine is | | | | for a fraction of the price. To keep your small to |
| already being scanned. Picture for a moment that | | | | medium size network performing like a Fortune |
| user could be anywhere, even sitting at a desk in | | | | 500 machine invest the capital and secure your |
| your network. Just as long as the rogue access | | | | assets. |
| point is stronger than your AP's radio signal you're | | | | |