The Case Against...Wireless

While wireless networks free up workers to work anywhere, transmitting data across the airwaves poses an enormous security risk

Proponents of wireless networks will always conjure up images of workers relaxing in deckchairs by the side of the company fountain quietly replying to their e-mails. The sun always shines and there is an inevitable glass of cola or a double-skinny-latte-over-easy coffee to hand.

Wireless LANs do offer great flexibility and convenience for users, but at what cost? System security is the biggest headache when talking about wireless LANs. By definition if you are transmitting data across the airwaves it is far easier to intercept than if you are transporting data around a private, cabled network. The IT industry is to blame for many of the problems with wireless LANs, as was ably demonstrated when the Wired Equivalent Privacy (WEP) algorithm was finally exposed for being a weak data protection technique for wireless LANs.

WEP was the mainstay of wireless LAN security for many years. Indeed, many systems still enable WEP by default, including a lot of home wireless routers. WEP can be broken in a few minutes using simple programs available from the Internet. Thankfully Wi-Fi Protected Access (WPA) has replaced WEP, but at the cost of a lot of data being put at risk.

Piggyback debate
The ease of setup of wireless LANs has become a real issue for network managers. It is difficult enough to keep track of hard-wired networks as additional subnets and spurs are added without being properly documented. This problem is made worse by enthusiasts buying wireless routers in their lunch breaks and then adding them to the corporate network “to make life easier for the department”.

This has caused a lot of pain for IT departments that need to educate users about the security risks of wireless LANs.
Speak to any organisation that deals with sensitive data and they will laugh at any suggestion that they use wireless networks. The security risk is just too great. Even with a wired LAN they will protect themselves with electromagnetic screening to prevent remote eavesdroppers from viewing monitors or sniffing the airwaves for interesting data snippets.

Over the years wardriving and piggybacking have become synonymous with accessing wireless LANs illegitimately. Wardriving is the act of driving around an area scanning for wireless LANs using an appropriate PC with an attached cantenna. The latter is an aerial made from a converted tubular tin such as a Pringles can. With basic modifications it can be made into a very simple directional antenna for picking up wireless LAN signals. Once a signal has been found, the wireless LAN can be piggybacked or connected to without the owner’s permission.

There is great debate about the legality of piggybacking a wireless LAN. In some countries it is considered legitimate, especially if the wireless LAN is not protected by a security key. In other countries it is deemed illegal and could result in significant penalties for the offender. Legalities aside, the fact that these networks can be intercepted so easily using simple equipment should reinforce the message that wireless LANs should be treated with the utmost caution.

Wireless LANs have become popular in public hotspots or connection points. These may be in a hotel lobby, a coffee bar or even in the street. They allow users to connect to the LAN, browse the Internet and write their e-mails. Unfortunately, these public hotspots have very little to guarantee the user that they are secure. They may even have been put up by a criminal gang: by creating a free-of-charge hotspot, such gangs can quietly monitor the traffic searching out passwords, user logins and banking details. This is completely transparent to the users – the first they know of a problem is when their accounts have been fleeced.

Wireless LANs can be a terrific boon to a business as they free users from their desks and allow meetings to be conducted almost anywhere. On the other hand, wired LANs offer a much stronger physical security model, and with good management they are a lot easier to protect from intruders.

Now where did I put my double-skinny-latte-over-easy coffee?