Take control of Wi-Fi security: when it comes to Wi-Fi hotspots, such as those offered by coffee houses, hotels, and airports, "public" usually means "unprotected." Find out how to protect your data--even if your coffee house doesn't.AHH AHH AllHipHop.com (website) AHH Aryl Hydrocarbon Hydroxylase AHH Arizona Heart Hospital AHH Ace's Happy Homepage AHH Adaptive Hard Handoff , ANOTHER BRISK MORNING ON THE WAY TO WORK. YOU HOP OUT OF THE CAR AND SLIDE INTO THE LOCAL JAVA HOUSE TO GET YOUR KICK-START FOR THE DAY. You grab a muffin and a mocha Mocha (mō`kə), town (1990 est. pop. 2,000), S Yemen, a port on the Red Sea. It was noted for the export of the coffee to which it gave its name but declined as a trading port in the late 19th cent. with the rise of Hodeida and Aden. and notice a sign advertising high-speed wireless access. Who needs a desk? You decide to give this technology a try. You fire up your laptop and jump onto the Internet. After checking the news and weather, you get your e-mail. You skim a few messages from family and delete some advertisements. But, one ad catches your eye: zero interest for six months on a credit card. You could really use the zero interest right now, so you fill out the credit application. After completing the application--and your muffin--you wrap things up and leave for work. Upon arriving at your desk, an article about wireless security catches your eye. As you skim the article, an unsettling un·set·tle v. un·set·tled, un·set·tling, un·set·tles v.tr. 1. To displace from a settled condition; disrupt. 2. To make uneasy; disturb. v.intr. feeling hits you. The history of wireless security has been rocky. The fundamental change in the physics of network communication creates some serious security challenges for wireless networks. With a switched network, such as the one in your office, a user's communication with the outside world stays fairly isolated and communications travel along closed pathways to their destination. Going back to the design of the cafe's network, the wireless service distributes every packet of data onto the cafe's wireless network before going to the Internet. The very nature of wireless networks results in the "broadcast" of data in all directions for hundreds of feet. This makes the content of every packet viewable by anyone in the vicinity who's inclined (and skilled enough) to peek. This proximity effect Proximity effect may refer to:
Popular protocols for e-mail encryption include:
In response to this information, your heart starts to pump a little harder, and a question lingers: Why didn't the coffee house inform you of these dangers? With thoughts of shady characters reading your e-mail, you dig into Verb 1. dig into - examine physically with or as if with a probe; "probe an anthill" poke into, probe penetrate, perforate - pass into or through, often by overcoming resistance; "The bullet penetrated her chest" the complex arena of wireless security. A security article on encryption explains how Wired Equivalent Privacy Wired Equivalent Privacy or Wireless Encryption Protocol (WEP) is a scheme to secure IEEE 802.11 wireless networks. It is part of the IEEE 802.11 wireless networking standard. (WEP (Wired Equivalent Privacy) An IEEE standard security protocol for wireless 802.11 networks. Introduced in 1997, WEP was found to be very inadequate and was superseded by WPA, WPA2 and 802.11i. ) is vulnerable. As a result, the industry is shifting to Wi-Fi Protected Access (networking, security) Wi-Fi Protected Access - (WPA) A security scheme for wireless networks, developed by the networking industry in response to the shortcomings of Wired Equivalent Privacy (WEP). (WPA WPA: see Work Projects Administration. WPA in full Works Progress Administration later (1939–43) Work Projects Administration U.S. work program for the unemployed. ) until it develops a more robust solution. Of course, none of this helps you because it's unlikely the cafe uses any protective measures anyway. More dangers You didn't know it, but you were also vulnerable to a direct attack. With direct attacks, a nefarious user in the cafe tries to take over another computer by exploiting vulnerabilities in the laptop's security. These security vulnerabilities exist due to weaknesses in the operating system's default configuration. For example, the default settings for Windows lets a wide variety of information leak out Verb 1. leak out - be leaked; "The news leaked out despite his secrecy" leak get around, get out, break - be released or become known; of news; "News of her death broke in the morning" to others on the same network. Bad guys can gather user names, program types, operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. version information, and other data by using a variety of publicly available tools, then use this information to launch a direct attack. Fortunately, there are relatively few remote exploits for the desktop versions of Windows (XP/ME/NT/98/95). However; in December 2001, researchers from eEye security published information on a vulnerability resulting from how Windows XP The previous client version of Windows. XP was a major upgrade to the client version of Windows 2000 with numerous changes to the user interface. XP improved support for gaming, digital photography, instant messaging, wireless networking and sharing connections to the Internet. handles the Universal Plug and Play (UPnP) feature. This feature's weakness lets another user take control of an XP laptop without needing any passwords or user names. They only require access to the same network segment the target laptop is using, and for that laptop to be running the default installation of UPnP. Another threat stems from the vulnerability of wireless connections to man-in-the-middle attacks, where a cracker imitates the central communications huh or access point (AP). The AP acts as the funnel for all traffic on the wireless network. All Web and e-mail information coming or going to a wireless laptop passes through the AE When a cracker successfully impersonates this central communications point, he can see most Web traffic, even if it's protected by Secure Socket Layer (SSL (Secure Sockets Layer) The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data. ) encryption. SSL protects information by establishing encrypted tunnels between Web sites. You can spot SSL-protected Web sites by the lock that appears in the lower right corner of the Web browser The program that serves as your front end to the Web on the Internet. In order to view a site, you type its address (URL) into the browser's Location field; for example, www.computerlanguage.com, and the home page of that site is downloaded to you. . Although SSL encryption is usually good protection, in the case of an advanced man-in-the-middle attack, even SSL won't protect you. Because there aren't any sources gathering statistics on man-in-the-middle attacks, it's hard to know how common they are. However, if you'd known SSL wasn't a bullet-proof way of protecting your wireless data, you might have thought twice about entering your personal information in that online credit card application--zero interest or not. No safe haven 1. Designated area(s) to which noncombatants of the United States Government's responsibility and commercial vehicles and materiel may be evacuated during a domestic or other valid emergency. 2. Researching this article made me curious about how many coffee houses offering hotspots leave their networks wide open, so I did some informal research. My small sample consists of the wireless coffee shops I pass on a daily basis. Of these cafes, three advertise wireless services. To my surprise, when I asked about wireless security, none of the cafe's employees knew anything about security. Each cafe uses an outside service to manage their wireless network. To get details, I had to call 800-numbers provided by the cafes. The wireless service representatives for all three cafes informed me that these wireless networks provide no extra security. Keep in mind the coffee house's core competency A core competency is something that a firm can do well and that meets the following three conditions specified by Hamel and Prahalad (1990):
Defending your data One option for protecting your data is the relative safety offered by Virtual Private Networks (VPNs). When properly configured, these encryption shields protect wireless users from eavesdroppers. You can find VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. solutions from many vendors, including Cisco, Checkpoint, SonicWall, and Netscreen, to name a few. When analyzing these offerings, it's important to look for a mutual authentication Mutual authentication or two-way authentication refers to two parties authenticating each other suitably. In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both feature and a built-in client firewall. In my experience, it's common for users to start up their VPN software without installing a personal firewall on their own. Because these firewalls provide a key piece of protection, many VPN vendors began integrating firewalls into the VPN client software. These client firewalls range in complexity and capability, but most support the ability to automatically launch the firewall when the VPN client starts. This added piece of protection generally reduces security risk. Another risk mitigation strategy focuses on VPNs with tunnel-based, mutually-authenticated encryption. For solid protection, you should look into extensible authentication protocols such as EAP-TTLS See EAP. and EAP-PEAP. Both use a complex process of verifying identity at lower network layers before moving to higher-level authentication. (If this solution interests you, visit http://www.mtghouse.com for a more technical view.) Personal firewalls offer a high level of protection when configured correctly. Fortunately, some software companies offer reliable free versions for home users. Two free firewalls I recommend looking into are Outpost and ZoneAlarm. Many commercial vendors also offer firewalls with advanced features. One feature-rich firewall, called Senforce, offers rules that automatically adapt to your environment. The Senforce firewall dynamically changes the protective rules as you roam from various networks. For example, if you move from a wireless cafe to the office, the firewall adapts to optimize the rules for each environment. See the sidebar on personal firewalls for more information. BYOS BYOS Build Your Own System (computer hardware) BYOS Bring Your Own Shovel BYOS Bring Your Own Stereo (Jimmie's Chicken Shack Album) BYOS Bring Your Own Soda BYOS Build Your Own Software : Bring your own security Wireless computing presents some serious security issues. If you aren't going to take any measures to protect your data, your best bet is to use public hotspots only for reading the news and sending non-sensitive information. To protect your information from simple attacks--for example, someone else reading your e-mail or seeing information you enter into a Web form--you should use SSL for sensitive Web connections. This keeps most bad guys from listening to the traffic crossing wireless airwaves and gathering information. However, SSL can't protect you from more advanced attacks. The next level is to implement a properly configured VPN to add protective encryption. You can also add another layer of protection: a personal firewall. A good firewall and up-to-date system patches should hold off most direct attacks. Lessons learned It's a shame that a few unscrupulous people can create so much work for everyone else trying keep their information safe. However, built-in information safety should gain momentum as the wireless industry matures and security standards evolve. In the meantime Adv. 1. in the meantime - during the intervening time; "meanwhile I will not think about the problem"; "meantime he was attentive to his other interests"; "in the meantime the police were notified" meantime, meanwhile , you should take a little extra time to make sure you're using wireless technologies safely. A feeling of serenity fills you as you lean back Verb 1. lean back - move the upper body backwards and down recline lean, tilt, angle, slant, tip - to incline or bend from a vertical position; "She leaned over the banister" fall back - fall backwards and down in the chair and sip your coffee. With java in hand, you go back to reading the latest news, a little wiser from your experience. MOBILE BUSINESS BENEFITS Wi-Fi has taken off like wildfire, but its security features haven't evolved as fast. If you or your employees are doing business on the road via Wi-Fi connection, there are security threats you should be aware of. Here's what to watch out for and how to protect your data. RELATED ARTICLE: Personal firewalls. Personal firewalls act as shields, blocking hostile incoming traffic while allowing your traffic out. NOTE: Some firewalls behave unpredictably; for example, you might shut down the firewall, yet the firewall remains in place, invisibly denying traffic. This happens because traffic-blocking on these firewalls happens at lower layers and is somewhat complex. Due to this complexity, firewalls present a small learning curve to configure and operate correctly. However, after proper configuration, they will operate transparently. The following list distinguishes between home-use and enterprise firewalls. One of the chief differences between the two is that enterprise firewall solutions let a system administrator manage the configuration. This ability to manage the firewall policies on all systems from one location is a huge benefit. Many enterprise firewalls also offer more advanced protection than home versions, including features such as Trojan blocking and registry protection. When considering a enterprise solution, look for strong central management, ease of deployment, and transparency to the user. Agnitum Outpost Outpost firewall is a feature-rich free alternative for the home user. It's easy to use and configure. Agnitum also offers Tauscan, a powerful Trojan Horse See Trojan. Trojan Horse hollow horse concealed soldiers, enabling them to enter and capture Troy. [Gk. Myth.: Iliad] See : Deceit (application, security) Trojan horse detection and removal engine. http://www.agnitum.com Senforce Shield Senforce Shield integrates with your network card's hardware driver to block traffic at a much lower layer. The client software also offers useful features for seamlessly roaming from wired to wireless LANs. Senforce Shield's enterprise edition also allows centralized administration. http://www.senforce.com Sygate Personal Firewall Sygate Personal Firewall provides unobtrusive, configurable rule-based security. Policies regarding applications, trusted IP addresses, ports, protocols and scheduling can be customized to support and secure any network configurations or requirements. http://www.sygate.com Symantec Norton Personal Firewalls 2003 Norton Personal Firewall automatically controls inbound and outbound Internet connections, examines the content of Internet traffic Internet traffic is the flow of data around the Internet. It includes web traffic, which is the amount of that data that is related to the World Wide Web, along with the traffic from other major uses of the Internet, such as electronic mail and peer-to-peer networks. for attacks and prevents confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead from being sent through e-mail, Instant Messaging Exchanging text messages in real time between two or more people logged into a particular instant messaging (IM) service. Instant messaging is more interactive than e-mail because messages are sent immediately, whereas e-mail messages can be queued up in a mail server for seconds or services and Microsoft Office Microsoft's primary desktop applications for Windows and Mac. Depending on the package, it includes some combination of Word, Excel, PowerPoint, Access and Outlook along with various Internet and other utilities. attachments. http://www.symantec.com McAfee Personal Firewall McAfee Personal Firewall lets you to securely "fingerprint" trusted applications. Application fingerprinting helps prevent malicious spyware and trojans from sending data from your PC directly to a hacker. It also records intrusion attempts. http://www.mcafee.com Zone Labs ZoneAlarm ZoneAlarm popularized the free personal firewall concept. It's a robust product with many features similar to Agnitum Outpost. The commercial version of ZoneAlarm offers centralized administration. http://www.zonelabs.com John Eder gained invaluable consulting experience working for years as a security consultant. While consulting, he also earned his Cisco Certified Network (CCNA See Cisco certification. ) and Certified Information System Security Professional certifications. John now works as a system security consultant for Experian Corporation. He is active in the security community, frequently presenting and writing about wireless and information security. John's latest research focuses on methods for cryptoanalysis and vulnerability management. johneder@solaero.com. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion