Understanding the Threat


Make no mistake, the threat is real. If you compare a wireless network with a conventional wired network, the security risks posed by the two are essentially the same with one big additional risk for the wireless network.

The big additional risk is that a wireless network provides no physical security. Essentially, anyone can tap in to a wireless network. In comparison, to hack a wired network, you need a physical connection to the network's wiring, generally meaning that you must have access to the premises, implying an inside job of some sort.

Attacks from the Internet are, of course, a threat to both wired and wireless networks. But in stark contrast to wireless networks, no one can attack a wired network without gaining admittance to your premises. Wireless networks are vulnerable to attacks from people who are not on your physical premises. This means that protection cannot be obtained by physical security measures, but only by implementing appropriate internal management and security measures. A lock on your door should inhibit someone who would like to access your wired network, but it is meaningless to the security of your wireless network.

Another facet of the problem is that the default setup for a wireless access point/router just gets your Wi-Fi network up and running. It doesn't step you through the process of adding any security features, such as encryption, to your network. (See Chapter 15 for this information.)

An astounding percentage of private Wi-Fi networkssome estimates are as high as 80%are run without any security features turned on. When I scan the immediate neighborhood of my house, I find about a dozen wireless networks (other than my own). Most of these are open, meaning that they require neither authentication nor encryption to use. Judging by the names of the wireless networks ("Linksys," "Netgear," and so on), my neighbors who set them up just used the factory default settings (and haven't read this book). This is a huge security hole.

It's also worth noting that public hotspots typically don't feature any security besides basic user authenticationif even thatbecause the people running the hotspot want to make it as easy as possible for people to log on.

I don't want to exaggerate the problem. You might quite rightly feel that you have no secrets and that you don't care about giving away access to your files to strangers.

There's some merit to this position. It's likely that no one would really care about most of my files (or your files). In any case, it's probably worth a lot less effort to guard, say, driving directions to your favorite restaurant than, say, the firing sequence for a nuclear warhead.

Every security management issue comes down to a balancing act: Is that which is being secured worth the cost (in time, trouble, and money) of more stringent security? But everyone has something worth safeguarding. For example, you probably really don't want to hand out your Quicken or Microsoft Money data files to strangers. Personally, I don't even want to share pictures of my kidsexcept those I post on my website myselfwith strangers.

The most stringent security of all would ban wireless networking and indeed networking altogetherbecause whenever there is communication in and out, there is a potential risk. As with human social interactions, every interaction between computers is a risk. That's why truly locked down security measures include removing all physicalwired and unwirednetwork connectivity (as well as all access to removable media).

But, for most people, taking that kind of step would be not worth the cost. It would be such a nuisance to try to work without connectivity that the security is just not worth it. In a similar fashion, Howard Hughes was probably right that shaking hands with people can spread illnesses, but the extreme measures he took to cut himself off from peoplerubber gloves, becoming a hermitwere not worth the putative benefit of freedom from the flu.

To more fully be able to perform the security balancing act, I'd like to step back for a minute and look at just what the security threat to your Wi-Fi network is.

If your Wi-Fi network is open, or completely unsecured, someone (whom I'll call the "nefarious evildoer") within broadcast range of your access point, but probably outside your physical perimeter, can become a node on your network. This is sometimes called penetration or intrusion.

As a node (or client) on your network, the nefarious evildoer can access files on your network.

Access to the file systems on your computers means more than that the nefarious evildoer can read the files. The nefarious evildoer can also alter and delete them. If the nefarious evildoer is really malicious, your entire system could be wiped out.

TIP

See Chapter 17, "Protecting Your Mobile Wi-Fi Computer," for information about turning file sharing off so that accessing files, even with network access, is harder to accomplish.


The nefarious evildoer, depending on how you have things set, can also change your network administrative settings. You could get locked out of your own network!

If you haven't changed the password in your access point, the nefarious evildoer could open its administrative panel, assuming (as most access points do) that it uses Web-based administration. The settings could then be changed to defeat whatever security measures are in place.

Of course, most penetration is relatively innocent and is done to obtain Internet access. Yes, the nefarious evildoer just might not have Internet access and want to piggyback (without paying) on yours.

Before you throw up your hands and say, "I don't care. I'm happy to share my Internet connection: it's not going to cost me any more. Besides, sharing is in the spirit of open source, Wi-Fi, and all those good things," you should think about a couple of ramifications.

By sharing your Internet access in this way, you are probably in violation of your agreement with your ISP. Okay, so I don't care much about this technicality either. But if some real nefarious evildoer does use your ISP account to launch a Web attackusing a virus or a denial of service campaignyou could be held responsible. At the very least, it could lead to the ISP shutting down your account. Also, if others are using your Internet connection, there's no doubt your connection speed will slow. I don't know about you, but even broadband isn't fast enough for me. I don't want freeloaders gumming up the works even more.

File-Sharing Risks

Concerns about losing bandwidth are particularly valid in the case of file sharers.

Another concern in this respect is that file sharers are almost certainly trading in copyrighted information (songs), and the person who is the owner of the connection to the Internet is the one who the RIAA (Recording Industry Association of America) is going to track down.

Child pornography is a lesser concern simply because fewer people traffic in that, but it's still something to think about.

In other words, if you leave your network open, you might be liable (both civilly and criminally) for the actions of freeloaders who use it, as well as the somewhat lesser issue of suffering from diminished bandwidth.


Before you say it's okay with you to have others use your Internet connection because it doesn't cost you anything more, think about whether you would leave the front door to your house open with a note saying, "Come in; use the phone: Local and long distance minutes are free!"



Anywhere Computing with Laptops. Making Mobile Easier
Anywhere Computing with Laptops. Making Mobile Easier
ISBN: 789733277
EAN: N/A
Year: 2004
Pages: 204

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net