I’m sitting with my ThinkPad in a Starbucks near Akasaka. The cafe isn’t advertised as a WLAN hot spot, so I’m pleasantly surprised to find myself enjoying high-speed Internet access courtesy of some nearby wireless network.
I open up the WLAN properties on my XP-equipped notebook and have a look. The network name that appears is a cryptic collection of alphanumeric text that doesn’t lend any clues as to the source, but as there’s no encryption key for the network I’m able to enjoy unrestricted, anonymous access to it.
Further giving in to curiosity, I browse the Windows network and discover a domain called WORKGROUP. Browsing further I find two computers inside and eventually I have unrestricted access to the entire file system of the remote computer.
Without really trying, I have tapped into a fully exposed wireless network serving two equally exposed Windows computers, and I’m just getting started. Next I make a note of the IP address that’s been assigned to my computer and guess at the IP address of the wireless access point.
I get it right on the first try (nothing like default settings to keep things easy) and am presented with the administration screen for an AirStation WLAR-128 wireless access point. On a whim I click the configuration button and, predictably, a login window appears. I try logging in using the administrator account with a blank password and . . . bingo. Just like that, I’m in.
Were I the malicious type, and not simply exploring the vulnerabilities of a poorly configured WLAN, I could wreak more than a little havoc at this point. Similarly, I could do nothing, leave things just as they are and wait for something interesting to appear on the exposed computers.
Numerous options are available to me as I sit here enjoying a tall Americano, but in the end I track down the location of the access point — a shop on the same floor of this building — and inform the manager there of the security problems I just discovered.
This example is typical for the simple reason that it’s possible for just about anyone today to set up a WLAN. Wireless networking products can be purchased off-the-shelf at any computer store, and generally come preconfigured to make setup as easy as possible. The unfortunate byproducts of all this user-friendliness are WLANs that are woefully insecure. In other words, just because anyone can set up a WLAN doesn’t mean they should.
The most important reason for this has to do with the nature of wireless networks themselves. Unlike traditional cable networks, wireless works wherever the signal is present. If the signal exists across the street from your home or office, well, so does your network. And if this network isn’t properly secured, your network and all the resources connected to it are now exposed to anyone with a wireless card and moderate technical ability.
Wireless Encryption Protocol was developed to protect wireless networks from just this type of unauthorized access. WEP encrypts the data transmitted between access points and wireless stations such as PCs, printers and PDAs. The latest WEP version supports strong, 128-bit encryption, which is recommended for maximum security. While WEP doesn’t completely protect against hackers using sophisticated packet analysis tools and network “sniffers,” it is still adequate for most applications.
“Filtering,” or restricting access to wireless access points using MAC addresses is another means of protecting wireless networks. A MAC address is a hard-coded identifying address assigned to network interface cards, and wireless access points can be configured to allow only connections from systems with registered MAC addresses.
However, like WEP, MAC address filtering does not offer complete protection from skilled hackers armed with the right hardware. This has led to the development of new security and encryption protocols that assign access points an authentication server such as Radius.
In addition to steps mentioned above, protecting wireless access points should include changing the default network ID and administration password during the initial configuration.
Although retaining a qualified security consultant is advisable if you are publishing sensitive information via a WLAN, the best solution for most home and corporate users without especially stringent security requirements is to use a combination of the protective means available.
Check out www.80211-planet.com for more information on wireless networking security and technologies.
Send questions and comments for Michael Rollins to firstname.lastname@example.org
The Japan Times: May 15, 2003