Everybody's going wirelessâ€"even those intruders who are after your precious data. Here's how to stop them.
With the growing popularity of wireless local area networks (WLANs) over the past few years, running at either 2.4GHz (802.1b) 11-22Mbps or the newer 5.0GHz 55Mbps (802.11a), many enterprises both large and small that responded to the initial benefits of wireless networking and jumped on the bandwagon are now realising the many hidden costs associated with this technology; from conducting extra site surveys and network scans to isolating illegally installed wireless access points (rogue WLANs).
It is estimated that 30 percent of all companies may have some form of unsecured authorised or unknown unauthorised WLAN product which could be exploited by hackers to gain access to data and bandwidth. There are also costs associated with maintenance, like additional security measures or hardware and staff time needed to monitor activities on the WLAN.
War games
With the increasing frequency in IT reports and mainstream news channels we are encountering the words war-driving, war-chalking, and even war-flying in relation to hackers' attempts to utilise -free" bandwidth on offer from companies and individuals running less-than-secure WLAN equipment, or worse still, to gain access to confidential company information and data.
-War-dialling" is basically the process of dialling a certain range of telephone numbers with a modem until another computer system with a modem answers and then utilising that system for whatever capabilities/resources it has to offer. War-chalking is the process of marking buildings and footpaths to signify to those in the know that there is a wireless network accessible in that vicinity. Once an area has been war-chalked, anyone with the knowledge and a device capable of accessing any WLAN can come along sit themselves down, match their settings to those marked, and start surfing either the Internet or, with little more effort, the local area network. Unlike fixed wired Local Area Network (LAN) cards and software, wireless LANs generally do not prompt you for user authentication. Initially it was thought that having and matching the Set Service Identifier (SSID) was enough authentication.
There are also several well-documented cases that provide a wealth of information on individuals chartering planes and using readily available tools such as a notebook PC with a WLAN card, a high-gain antenna, and a GPS to fly around cities and map wireless access points (http://arstechnica.com/wankerdesk/3q02/warflying-1.html). And when you have finished reading the US article, if you think it can only happen in America, then think againâ€"the first people to lay claim to war-flying were in Perth, WA. And they picked up many unsecured WLANs, but here is the shocking information: almost half of the access points (APs) were still set with their default factory service set identifiers (SSIDs)â€"this may indicate to a would-be attacker that the passwords are also set to factory default values. But wait, there's more, only 102 of them had any form of Wired Equivalent Protocol (WEP) enabled. Even flying over Silicon Valley over 500 APs were detected and only 33 percent had WEP enabled.
Enemies at the gateways
|
Worry-free wireless
Introduction 1. 3Com Wireless Lan AP 8000 2. Bluesocket WG-1000 3. Cranite Software Suite 4. D-Link AirPlus DI-614+ 5. Netgear FVM 318 Specifications Editor's choice About RMIT |
Before we continue much further let's dispel the myth that WEP is really as good as it was once claimed to beâ€"as secure as your wired network infrastructure. The changes from 40-bit to 64-bit, 128-bit, and now 256-bit keys have been relatively quick. Needless to say, this protocol is generally accepted as being little more than an irritation for any hacker keen to access the data. And from the information gathered in Perth and San Diego only around 22 percent of companies actually have WEP enabled anyway.
| 30 percent of all companies may have some form of WLAN product which could be exploited by hackers. |
But amongst all this doom and gloom, several vendors have now decided that to continue providing wireless solutions and equipment or to augment existing wireless installations they need to tackle these wireless security issues first. It is very interesting the range of methods that have been employed. We can say that no two products in this review lineup are the sameâ€"each employs different features and security measures, some even employ multiple measures to ensure the securest use of WLAN equipment possible today. And with the majority of them, you don't need to be an engineer to install and configure it to provide a reasonable amount of security.
As the particular devices submitted for this review are so diverse in their specification, operation, and client market, there is no real benefit in doing a head-to-head performance comparison. We have instead opted to include realistic capabilities for each product in their individual write ups. Furthermore, the bandwidth/capabilities of WLAN equipment is relatively limitedâ€"if you have a WLAN running at a full 11Mbps (sending, receiving) and there is only one user connected then they will get the whole 11Mbps; two or more simultaneous users must share that bandwidth. Note that this is not the number of users connected to the WLANâ€"you could have 50 WLAN users within range of the AP and if none of them are sending or receiving data then very little bandwidth will be utilised; they must be sending or receiving data at the same time to slow the resource down. Also the further a WLAN user gets from the AP, or if there are physical structures in the way, the connection speed drops from 11Mbps to 5.5Mbps to 2Mbps. You need at least 1Mbps for a connection to exist. Apply to this a data encryption protocol and your maximum individual WLAN bandwidth on an 11Mbps WLAN drops to around 4 or 5Mbps due to the overheads required in processing the data (encrypting, sending, receiving, decrypting).
But let's look at how the units in our comparison performed.
1%
4%
