Mid Atlantic Software System’s White Paper:
A Discussion of Mid Atlantic’s view of Wireless Security for Home Networks
David Emanuel
Vice President of Technology
Mid Atlantic Software Systems
August 1, 2004
Wireless Networks
The explosive growth in wireless networks over the last few years has been very similar to the rapid growth of the Internet within the last decade. The benefits of home wireless networks are significant, especially to individuals that have tried pulling CAT5 network cable between floors in their homes.
During the beginning of the commercialization of the Internet, corporations and individuals connected to the net without concern for the security of their system or their network. Over a short period of time, it became dangerously apparent that some form of Internet security was required to prevent hackers from infiltrating and exploiting the connected resources. To protect networks and data supported by the networks, corporations began installing and supporting sophisticated Internet firewalls which provided the required protection for most commercial (hard-wired) networks.
When the current wireless networks were first being installed, it became readily apparent that there was a much larger security problem than existed in early Internet connections. This was due to the open nature of the wireless signal. In essence, the broadcasted wireless signal acted like a radio station broadcasting its programming. Anyone with a receiver, i.e. a wireless Internet interface card could access the network. Most IT people assumed that the security provided by the wireless routers was sufficient to prevent unauthorized access and use. As wireless networks expanded to the home arena, this attitude continued. Unfortunately, this thought process was incorrect then, and even more dangerously incorrect now. As a result most home owners with wireless networks are not aware that they are vulnerable to unauthorized use of, and access to, their internal computer network and computer data.
Wireless Security for Home Networks
Drive through a few neighborhoods in your area with a WiFi-enabled laptop or PDA and one thing will become quite clear: there are a lot of wireless networks out there. But take a closer look at those networks and a more disconcerting trend will become obvious: people don’t know how to - or just choose not to - secure their wireless networks.
A recent Associated Press article detailed an 800-mile drive in the San Jose, Calif. area in which over 3,600 wireless access points were detected. According to the article, nearly 40 percent of those networks were completely wide-open. “Wardriving”, as it’s called, is a popular hobby with several Websites devoted to the subject. These websites provide free of charge the download software that can have a Hacker up and running in minutes. Wardriving is nothing more than driving around neighborhoods, with a wireless laptop or PDA (Personal Digital Assistant i.e. Palm Pilot) looking for and documenting unsecured wireless networks. The software typically works in conjunction with a GPS so the exact location of the unsecured wireless network can be accurately conveyed to the general public. But while most wardrivers do it for amusement, unchecked access to a wireless network can cause quite a bit of damage. CNN even ran a recent report about “warflying” – flying over populated areas to detect wireless hotspots. In the report, they detailed a warflying trip in which over 3,000 wireless networks were detected and over 67 percent of the networks did not have any encryption enabled.
Security is Your Business
The footprint of an 802.11 wireless network can usually extend beyond a residential home or small business and into a street or neighboring property. Because of this, neighbors or a hacker on the street can easily detect and access your WiFi network. With access to an unencrypted network, someone could easily utilize it for malicious and/or illegal activity.
If you share folders across your network, anyone accessing that network can have access to all of your documents. This means credit card information, social security numbers, pictures, work documents, personal information, financial documents, Web browser cookies and any other sensitive data you have on your computer. Further, of much great concern, not only can they view this information; they can easily save it to their own computer for perusal at a later time. However, even without actively sharing folders, unsecured networks still give hackers many different avenues for intrusion into your private information.
Malicious acts can be just as troublesome as someone accessing your data. If your wireless router password is left as the factory default or you changed it to something easy to guess, someone can change or alter your network as they wish. This could mean completely locking you out of your network and the Internet. And if your router logs network activity, they can view logs of all of the Websites you have visited.
But beyond these privacy issues, someone with anonymous access to a wireless network can use it for much more menacing, and even illegal, activities. A wardriver could use your unprotected wireless network to surf the Web and visit any site they wish on the Internet, without the fear of someone finding out who they are. This could mean posting incendiary remarks in Web forums or even writing threatening remarks about government officials or public figures. They could also send 1,000’s of spam messages from your network upload or download copyrighted music or movies, send out computer viruses, or even worse, upload illegal content to the Web such as child pornography – all from your public IP address. If this happens, the culprit is usually anonymous and all activity can be traced back to you because they’ve used your Internet connection for their illegal activities.
Part of the problem of unsecured wireless networks can be traced back to the manufacturers. Most retail WiFi products are shipped with all security options turned off by default. The manufacturers due this to minimize their support cost. Without having to support wireless security, there are fewer calls to their help desk systems, which means they need less people and can keep the prices of the equipment more competitive. Since most routers work fine out of the box, many users may not feel a need to explore more thoroughly the setup options. This is most likely due to the intimidation many people feel about accessing their router and router settings. Once a network is up and actually working, many people are afraid to “mess” with the settings for fear they’ll “break” the setup. Further, the security options can be cryptic, confusing, and generally not clear and concise.
Another fact that is not widely disseminated by the router manufacturers is that an unencrypted wireless network is not just a security risk to the owner of the network, but potentially to everyone on the Internet. Once someone has anonymous access to a wireless network, they can do whatever they want on the Web with total anonymity. Do yourself and your fellow Net citizens a favor and take the steps to secure your network. Mid Atlantic Software Systems, Inc. can correct this serious problem.
Our Solution
Mid Atlantic Software Systems, Inc. takes a common sense, practical approach to network security. We believe that properly implementing the built-in security systems will make your wireless home network significantly more secure, while at the same time keeping it easy to use and expand. In practical use, any system that claims ‘unbreakable’ security is questionable at best and will be too unnecessary complex to operate and maintain. Our goal is to recognize that criminals and hackers will most often take the path of least resistance. Just like the carjacker is going to steal the car with the keys in the ignition before he or she breaks into another car with a security system enabled, the hacker will look for an open network to exploit first. Right now, your system is like the car with the keys in the ignition. It’s open and available for theft. We want to secure your wireless network and make it like the luxury automobile: closed, locked, with security system active. This makes your system a much greater challenge to hackers, forcing them away from your network and into one of the hundreds of other unsecured wireless networks in your area.
|
