|
|
Total Number of Subscribers: 464 |
|
| |
|
| |
|
Date: 23rd October 2009 |
Compiled by: M Sathya Kumar |
|
Wireless networks are a tradeoff between security and convenience. The obvious benefits of a wireless network connection — fast and easy access to the network from a portable computer at an isolated location — these come at a cost — Security. For most users, the cost does not outweigh the convenience of wireless operation. But just as you lock the doors of your car when you park, or lock the door of your house/office when you leave, you need to take similar steps to protect your network and data. Recent articles on the topic of wireless networks, discussion on online forums, suggest that WIFI networks leak like a proverbial sieve, but that probably overstates the real threat to your own network. First a few basic concepts : IP address : It is the numeric address currently used by the access point. It is also the address assigned (either automatically or manually) by the network manager. Wireless Network ID/Service Set Identification (SSID) : It is the name of the wireless network that includes the access point. It has a dual purpose, first as a primary line of defense to keep out unauthorised access, secondly in an environment with multiple wireless networks, it associates the client with the right network. Channel : It is the radio channel that the access point will use to exchange data with the client in a wireless LAN. Wired Equivalent Privacy (WEP) : The security scheme that is supposed to keep people, who do not have the proper electronic key code, out of your network. In my earlier articles, I had mentioned that while configuring/planning a WIFI environment, one has to be careful, because most likely, whether one likes it or not, one is going to beam the radio signal to one’s neighbour. The simple truth is that a wireless network uses radio signal with a well-defined set of characteristics, so somebody who dedicates enough time and effort monitoring those signals, can probably find a way to intercept and read the data contained in them. You do the math; your access point has a range of 150 feet or more in ALL directions, so the signal probably extends beyond your own property (walls of your office/apartment). A network device in the next building or a car parked across the street could and would be able to access your files and other confidential data. (Everybody knows that ‘cheap/alternative energy source’ was the original plan of the researchers while splitting the atom. But look what they built instead, an ATOM BOMB.) The original idea behind the 802.11 specification was to provide wireless communications to the LAN in limited areas, such as, businesses, homes and public places. WIFI was supposed to be a simple extension of the Ethernet to laptops and other computers that could not be conveniently connected to a cable. That was the plan, but WIFI equipment is inexpensive, it doesn’t require a license and is relatively easy to set up, hence it spawned an entire culture of ‘guerilla networks’. This is still a grassroots movement mostly made up of enthusiastic techno-geeks and network hackers, but it has the potential to offer some serious headaches to the multibillion dollar software industry. Many institutions, both private and public, have started adding outdoor WIFI access points to their campuses, progressively covering larger areas. The whole system is so cheap and simple that networks are capable of being set up, throwing together some duct tape and antennas in cola cans. If this movement ever becomes popular in providing widespread, cheap and reliable network accessibility, ISPs and cellular companies will have to do a rethink on their offerings. This, dear readers, was the ‘cheap/ alternative energy source’. Now for the ‘Atom bomb’. Guerilla networking (aka war driving) is a polite term for stealing Internet access from unprotected wireless networks. It is common knowledge that an average user of a ‘secured’ ‘physical’ network is exposed to a variety of threats (most of them purely due to his ignorance, others as he does not turn on the security features because they are too complicated or just too much trouble). In our case, WIFI is still in its formative stages and less secure than your average physical network. With the right software tools, you can monitor other users’ data as it passes through the network and crack their WEP encryption keys. A few minutes on a good web search engine can supply a list of factory default SSIDs and WEP codes for many popular network access points and software for cracking WEP encryption. In fact, the same tools that can help you to set up your WIFI network, can be used to hack into it. As I mentioned, there are also those who don’t take the ‘trouble’, don’t even change their default settings. It is just a little harsh to say that people, who don’t secure their networks, deserve to have outsiders break into their systems. The strongest security tools don’t do any good at all if you don’t use them. Speaking of changing default WEP codes, have you ever bothered to change the ‘default’ PIN number given to you by your bankers/credit card company (seems just like the statutory warning on a pack of cigarettes, it’s there, you know the threats, but . . . . .) I know this raises a whole lot of queries in your mind. Questions like "Is my network secure ?, Can someone on the street connect to my network without my knowledge ?, How do I keep them out of my network ?" You must understand that WIFI networks are not absolutely secure, and every 802.11 access point and network adapter radiate signals that can be detected by outsiders. You can take steps to restrict access to your network, but you can’t keep the existence of the network a secret from a serious snoop. Wireless networks are not secure, but there are ways and means of securing them. At this point, it is important to understand that we are talking about two different kinds of security threats to a wireless network. The first is the danger of an outsider connecting to your network without your knowledge or permission; second is the possibility that a dedicated eavesdropper can steal data as you send and receive it. Each represents a different approach to prevention and protection. While it is true that none of the tools available currently provides complete and comprehensive protection, they can however make life more difficult for the most casual intruders. What do I do to keep out intruders ? Remember that most people close enough to eavesdrop on your messages or hack into your network are not just sitting and waiting for you to start transmit data, but the threat is real. The more serious threat is not that people will eavesdrop, but that they can tap into your network and use your broadband connection to the internet to do some serious damage. You could take simple precautions like :
Encryption and other security methods can make data a little more difficult to steal, not impossible. A policeman will tell you, locks are great to keep out honest people, but serious thieves know how to get past them. We are talking about networks and users who leave the door and windows wide open to intruders by failing to use the encryption and other security features that are built into every 802.11 access point and network node. Expert guidance of your hardware supplier is a must for setting up of the network. Paying a little extra for his ‘trouble’ would go a long way, because when everything in your wireless network is working properly, you won’t even know it is there. Just fire up the wireless network adapter and you are online. C’est la vie. | |
|
Article by Samir Kapadia, renowed chartered accountant | |
|
| |
|
Rewards waiting for feedback
at | |
|
| |
|
Disclaimer: We believe that the information contained in this e-zine is true. If you do not wish to receive Smart Trainee please click here. | |
|
| |
|
Click here to contact us, if you are unable to view the content properly | |
|
| |
|
| |
