Wi-Fi security a concern for users

May 09, 2002|By Joel Obermayer

There is no question that Wi-Fi has caught on in a big way. Wireless access points are showing up in droves in homes, businesses and even airports and coffee shops. Starbucks, for example, has installed Wi-Fi in many of its outlets.

The majority of these networks are installed with factory settings, which do not employ encryption or any other security measure, leaving them largely open to intruders.

Usually the wireless signal extends beyond the building where the network is installed and any person who can grab the signal can use it for Net access. But often intruders can use Wi-Fi as a back door into the owner's computers and any networks to which the Wi-Fi network is attached.

"That's the thing, if a business or agency has a wireless access point. And if it's unprotected, you might as well throw out all the firewalls and everything else they've got," says David Wilburn, a computer security expert for a consulting firm.

Just last week, electronics retailer Best Buy stopped using portable Wi-Fi cash registers after a report that a hacker had intercepted a customer's credit card number.

Ken Dulaney, who covers mobile computing for the Gartner Group, says companies often do not realize they have a security problem. For example, an employee may hook up a Wi-Fi access point to the office network without telling higher-ups.

"If you took the Fortune 1000 companies and ran a test, I bet you'd find every one of them had [unsecured] access points hooked up to their network without their knowledge," Dulaney says.

Dulaney, Wilburn and other experts say enabling the basic encryption built into Wi-Fi will thwart casual intruders. That scheme is known as Wireless Encryption Protocol, or WEP. The user manual for most Wi-Fi base stations should include instructions for how to install WEP. A good resource is Linksys, a networking equipment company that makes wireless access points (www.linksys.com/edu/vpn wireless.asp).

But Wilburn cautions that WEP has a flaw that knowledgeable hackers can easily exploit. A new version, with better encryption, won't be available until next year. So, for the foreseeable future, techies with laptops will continue to enjoy free, high-speed Internet rides, courtesy of those who don't protect their wireless systems.

That's what brought 20 people together at an Inner Harbor coffee bistro Friday night.

According to Baltimore Wi-Fi enthusiast Rob Carlson, who attended the meeting, one of his fellow techies used an antenna fashioned from a Pringles chip can to pick up and concentrate the signal from a nearby business. Without anyone being the wiser, he says, the techie set up a network for the entire group that piggybacked on the unsuspecting business' network.

With Wi-Fi access points dropping in price, some idealists have been trying to set up free networks in public places such as parks and libraries. Those efforts are farthest along in tech-heavy places like San Francisco and New York. But Baltimore does have its own group trying to set up something here. Maryland Wireless (www.marylandwireless.org) was organized this spring.

For those interested in wireless networks, online resources include:

How Stuff Works: www. howstuffworks.com/wireless -network.htm

HomeNetHelp: www. homenethelp.com/802.11b/

Free Networks: http://freenetworks.org/

80211b Networking News: http://80211b.weblogger.com/

802.11 Planet: www.80211 -planet.com/

Baltimore Sun Articles
|
|
|
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.