OPINION: You may be enjoying the convenience of a newly installed wireless Solution, but how many strangers are doing the same with your network?

Not so long ago, war driving was the latest hacking method, consisting of driving a car around areas populated by business, equipped with laptops and 802.11b NICs that would detect wireless access points (APs).

Not surprisingly, this would pick up many unsecured wireless networks. Based on US anecdotal evidence, 60-80 percent of wireless LANs hadn't had the most basic steps taken to secure them, making them as difficult to break into as buying a wireless NIC and downloading free software.

Then the concept went one step further: War Flying. A group from the Bay Area Wireless Users Group flew over San Diego in a light aircraft at 500 metres, picking 437 access points within a short space of time.

Of these 102 (23 percent) had WEP enabled and 258 (59 percent) hadn't changed the SSID that the wireless access point comes set-up with. The SSID, or default name, is broadcast every few seconds making it very easy to scan for known names.

Interestingly, Cisco and NetGear were among the minority picked up,Linksys by far the most prevalent, indicating either that Linksys had the largest share of the market, or that users (generally businesses) with Cisco or NetGear access points had locked them down to a much higher degree.

In Australia, the situation seems fairly similar. The concept of war flying was actually pioneered in Australia, about a week before the Bay Area Wireless Group, in Perth.

The results are very similar: 95 access points were picked up, with the majority having default names (and a few recognisable, large companies that did not have WEP enabled).

One log file could not be published on the Web site, as it contained conversations, e-mails and clear Netbios traffic for known users. The results have been published.

The only surprising fact is that, I suspect, for most readers none of this is actually surprising. Our own organisation has a wireless access point and notebooks with wireless NICs.

From inside our building we can pick up another network from a neighbouring business (it's a large corporation, the name of which most people would recognise).

Their access point doesn't have WEP enabled, and is happy to assign any of our wireless-equipped users with an IP address and default gateway. In the interests of being a good neighbour, we made their IT manager aware of this, who seemed fairly disinterested (the access point is still unsecured).

At a time when awareness of security is at high level, operating system and software vulnerabilities are monitored and quickly patched, and security vendors are amongst a small group in the IT industry who are maintaining healthy profits, the level of nonchalance to wireless security seems almost out of place.

A paper entitled "Your 802.11 Wireless Network has No Clothes" by three members of the University of Maryland in the US stated that "current wireless access points present a larger security problem than the early Internet connections".

Their conclusion was that the current technologies and standards needed replacing. But an interim measure--which seems common sense-is a robust key management systems and a higher level security mechanism (eg. IPSec).

So is your wireless network wearing any clothes? At a minimum, are you (1) running in infrastructure rather than ad-hoc mode, so all clients must communicate via an access point, (2) have you changed the default name and enabled WEP, and (3) are you running a secure protocol with 128-bit encryption, such as IPSec?

Be aware that for all the benefits of wireless LANs, it's a potential entry point into your network, and like an Internet connection, needs to be secured.

As wireless networking grows in popularity and is extended from notebooks to PDA and portable devices, the magnitude of the threat will grow.

IDC reports the number of wireless subscribers with Internet access worldwide currently exceeds 15 million, and Jupiter Media Metrix expects this number to soar to 96 million in the US alone by 2005.

Giga Information Group's forecast is that more than 32 million personal digital assistants (PDAs) and smartphones will be in use by 2003. There is a corresponding increase in focus from the vendors on implementing security measures-such as digital certificates-for PDAs.

Although the lax attitude and lack of basic security on wireless networks suggests that there is a long way to go (or some well-publicised security compromises) before anything changes!

Oliver Descoeudres is marketing manager at network IP/Internet network infrastructure builder and solutions provider NetStar Australia. He can be contacted at marketing@netstarnetworks.com or on 02 9805 9759.

Subscribe now to Australian Technology & Business magazine.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.