WLAN: Cheap, Cool and Dangerous
For that reason, security experts have always been leery of WLANs. Anyone with the right hardware can eavesdrop on network traffic or freeload Internet access. More seriously, a hacker could gain network access not just to the Internet connection but also to network resources. (Best Buy, for example, stopped using its 802.11b wireless cash registers this past spring after a hacker claimed to have stolen credit card information from the systems.)
The IEEE tried to solve those problems by building security into the 802.11b standard (also known as Wi-Fi), with an optional encryption capability known as wired equivalent privacy (WEP). The first problem was that the majority of WLAN users didn’t bother to even turn on WEP. Then, last February, three researchers from the University of California at Berkeley announced that even when used properly, WEP was insecure because the security algorithm had weaknesses. A hacker who captured as little as 10 to 20 minutes of network traffic could decode the encryption scheme. That done, he could read all the network traffic he had captured and, until the next time the WLAN user changed the WEP key, he could also gain network access.
After the announcement, organizations with high security stakes?the Army, for example?banned WLANs without additional security, and everybody expected WLAN sales to collapse, at least until the IEEE hammered out new security protocols. But sales didn’t drop off. In fact, quite the opposite has happened. The Meta Group predicts that by the end of 2002, 75 percent of Global 2000 companies will have trial WLANs.
The good news is that there’s no reason for WLAN security flaws to keep most businesses from enjoying the convenience of WLANs. But first, CIOs must know what they’re dealing with.
The Hunt for Rogue WLANs
Joseph Magee used to be a CIO’s most irksome problem: an MIS guy who brought WLAN equipment into the office just to play with. "Little does [that person] know that that signal sitting right there on his desk can easily be sniffed," says Magee, referring to the process of monitoring the airwaves for WLAN traffic.
"I was that guy once," admits Magee, a former chief security officer at an online brokerage who is now CSO at Top Layer Networks, a network security company in Westboro, Mass. "I looked at what I plugged into on my screen, and a big financial corporation’s name popped up on my laptop, and I looked across the street and saw their building. It freaked me out."
$firstKeyword
Everything BlackBerry with tips, news and reviews from our mobility expert Al Sacco.
