Wireless Networks Against Intruders
2005 - Wireless devices, such as a laptop computer or a personal
digital assistant (PDA), make it easy to stay in touch and
organized, and are a tremendous boost to productivity. They
are also, however, a prey to Internet thieves. Wireless security
is one area where hackers are several steps ahead of their
weakness of wireless devices lies in the access points on
wireless networks. These access points transmit a continuous
radio signal that anyone can intercept using only a laptop,
a wireless adapter, and wireless scanning software. When
intruders find a wireless unit with a four-digit password,
they can generally break into it in less than 60 seconds.
Once inside, they can steal the user’s PINs and other
financial information, or use that wireless unit to break
into the organization’s main computer system and gain
access to proprietary financial information. Some of these
intruders may be industrial spies attempting to steal trade
secrets and other competitive information, but statistics
show that most intruders are hackers looking for credit
card PINs and other financial data.
hackers are more interested in an organization’s communications
than its money. For example, they might hijack the firm’s
e-mail and take over its website. The next morning, the
staff discover that a hacker based somewhere in Patagonia
is sending out spam and redirecting the website to a pornographic
wireless security problems is a challenge. To connect to
the firm’s computer network, a wireless device requires
a wireless network adapter. There are just a few vendors
of wireless network adapters, so if a user does not change
the default name to a secure code—and most don’t—it
can be easy for an intruder to crack the default code and
intercept the user’s communications.
firms recognize this problem and insist that users change
their default settings. But if just one person fails to
do so, the entire system may be wide open. For this reason,
some organizations have installed wireless virtual private
network (VPN) access points.
VPN access point lets users access the system only if they
are properly authenticated by a custom-generated encryption
key, which is a code that is generated automatically and
changed periodically. Although scanners can still detect
the presence of a wireless network, they cannot break into
it without a verifiable encryption key.
hacker can crack most access-point encryption keys, so some
organizations also require users to authenticate themselves
with passwords. These passwords should have at least eight
characters, including numbers, symbols, and both upper-
and lower-case letters.
problem with complicated passwords is that users have trouble
remembering them, so they write them down on a slip of paper
and tape the paper to their laptop. To counter this kind
of negligence, a few organizations require users to present
two forms of identification, typically something only the
user knows (such as a PIN) and something only the user has
(such as an authentication token).
authentication token is simply a device that authenticates
the identity of a user. One type looks like a key fob with
a string of LCD numbers. To get into the system, users enter
their PIN and the number on their token. To make this approach
almost uncrackable, each employee has a different token
number, and the individual numbers change every 60 seconds
or so, in synch with a master server at the company’s
are some commonsense steps firms can take to reduce risks
Educate. The biggest threats
to computer security are often an organization’s
own employees. They use their laptops in public places
where snoops can read their screens and steal their passwords,
they leave their notebooks and PDAs behind in hotel rooms
and taxicabs, and they fail to keep their antivirus protection
up to date. It is critical to teach employees how to use
wireless computers safely.
Practice eternal vigilance.
Just one slipup can open the firm to a computer disaster.
Treat all remote users as though they are unknown and
must be authenticated.
Patch bugs promptly. Software
bugs, such as those commonly found in Microsoft’s
Internet Explorer, can open computers to spyware that
covertly gathers data, including passwords, and sends
it off to thieves or competitors. Vendors provide security
patches to deal with these bugs, but the patches are not
always passed on to wireless users quickly enough.
Prevent viruses. While most
networks are protected with the latest antivirus software,
the same cannot be said about wireless computers. To date,
few viruses have been found on PDAs, but it is only a
matter of time before virus writers target them, and through
them, reach the company’s computer system.
Limit access. Allow access only
to authorized folders and not to the hard drive.
Encrypt. Encrypting communications
puts another obstacle in front of hackers and spies.
Firewalls. Maintain the strongest
security policy possible on the network firewall, limiting
open ports to the absolute minimum.
Assess vulnerability. Run automated
vulnerability assessments on a regular basis as part of
a proactive security maintenance procedure.
Take charge. To prevent employees
from ignoring security measures, remove responsibility
for wireless IT security from end users and manage it
Hanna is president and CEO of TOSS Corporation, Framingham,