Take control of Wi-Fi security: when it comes to Wi-Fi hotspots, such as those offered by coffee houses, hotels, and airports, "public" usually means "unprotected." Find out how to protect your data--even if your coffee house doesn't.
You fire up your laptop and jump onto the Internet. After checking the news and weather, you get your e-mail. You skim a few messages from family and delete some advertisements. But, one ad catches your eye: zero interest for six months on a credit card. You could really use the zero interest right now, so you fill out the credit application. After completing the application--and your muffin--you wrap things up and leave for work.
Upon arriving at your desk, an article about wireless security catches your eye. As you skim the article, an unsettling feeling hits you. The history of wireless security has been rocky. The fundamental change in the physics of network communication creates some serious security challenges for wireless networks. With a switched network, such as the one in your office, a user's communication with the outside world stays fairly isolated and communications travel along closed pathways to their destination. Going back to the design of the cafe's network, the wireless service distributes every packet of data onto the cafe's wireless network before going to the Internet. The very nature of wireless networks results in the "broadcast" of data in all directions for hundreds of feet. This makes the content of every packet viewable by anyone in the vicinity who's inclined (and skilled enough) to peek.
This proximity effect is exacerbated by the tact that the cafe probably failed to use encryption on its network. And, you know your e-mail client doesn't support encryption. The use of e-mail encryption is the exception rather than the rule. IBM Lotus Notes natively supports encryption, but most other messaging software requires special setup. (However, even Lotus doesn't encrypt messages when you send them from outside the office.) Unfortunately, this lack of protection means anyone listening on the cafe's network could see those e-mails to and from family and friends.
In response to this information, your heart starts to pump a little harder, and a question lingers: Why didn't the coffee house inform you of these dangers?
With thoughts of shady characters reading your e-mail, you dig into the complex arena of wireless security. A security article on encryption explains how Wired Equivalent Privacy (WEP) is vulnerable. As a result, the industry is shifting to Wi-Fi Protected Access (WPA) until it develops a more robust solution. Of course, none of this helps you because it's unlikely the cafe uses any protective measures anyway.
You didn't know it, but you were also vulnerable to a direct attack. With direct attacks, a nefarious user in the cafe tries to take over another computer by exploiting vulnerabilities in the laptop's security. These security vulnerabilities exist due to weaknesses in the operating system's default configuration. For example, the default settings for Windows lets a wide variety of information leak out to others on the same network. Bad guys can gather user names, program types, operating system version information, and other data by using a variety of publicly available tools, then use this information to launch a direct attack.
Fortunately, there are relatively few remote exploits for the desktop versions of Windows (XP/ME/NT/98/95). However; in December 2001, researchers from eEye security published information on a vulnerability resulting from how Windows XP handles the Universal Plug and Play (UPnP) feature. This feature's weakness lets another user take control of an XP laptop without needing any passwords or user names. They only require access to the same network segment the target laptop is using, and for that laptop to be running the default installation of UPnP.
Another threat stems from the vulnerability of wireless connections to man-in-the-middle attacks, where a cracker imitates the central communications huh or access point (AP). The AP acts as the funnel for all traffic on the wireless network. All Web and e-mail information coming or going to a wireless laptop passes through the AE When a cracker successfully impersonates this central communications point, he can see most Web traffic, even if it's protected by Secure Socket Layer (SSL) encryption.
SSL protects information by establishing encrypted tunnels between Web sites. You can spot SSL-protected Web sites by the lock that appears in the lower right corner of the Web browser. Although SSL encryption is usually good protection, in the case of an advanced man-in-the-middle attack, even SSL won't protect you. Because there aren't any sources gathering statistics on man-in-the-middle attacks, it's hard to know how common they are. However, if you'd known SSL wasn't a bullet-proof way of protecting your wireless data, you might have thought twice about entering your personal information in that online credit card application--zero interest or not.
No safe haven
Researching this article made me curious about how many coffee houses offering hotspots leave their networks wide open, so I did some informal research. My small sample consists of the wireless coffee shops I pass on a daily basis. Of these cafes, three advertise wireless services.
To my surprise, when I asked about wireless security, none of the cafe's employees knew anything about security. Each cafe uses an outside service to manage their wireless network. To get details, I had to call 800-numbers provided by the cafes. The wireless service representatives for all three cafes informed me that these wireless networks provide no extra security.
Keep in mind the coffee house's core competency is brewing good java. In an ideal world, coffee houses would deploy relatively secure hotspots; but, in reality, their focus is on good beans and great flavor. It's also a problem that the technology still needs to evolve. Until then, you should assume your cafe leaves the security door unlocked. The upshot? Take extra steps to protect your information.
Defending your data
One option for protecting your data is the relative safety offered by Virtual Private Networks (VPNs). When properly configured, these encryption shields protect wireless users from eavesdroppers. You can find VPN solutions from many vendors, including Cisco, Checkpoint, SonicWall, and Netscreen, to name a few. When analyzing these offerings, it's important to look for a mutual authentication feature and a built-in client firewall.
In my experience, it's common for users to start up their VPN software without installing a personal firewall on their own. Because these firewalls provide a key piece of protection, many VPN vendors began integrating firewalls into the VPN client software. These client firewalls range in complexity and capability, but most support the ability to automatically launch the firewall when the VPN client starts. This added piece of protection generally reduces security risk.
Another risk mitigation strategy focuses on VPNs with tunnel-based, mutually-authenticated encryption. For solid protection, you should look into extensible authentication protocols such as EAP-TTLS and EAP-PEAP. Both use a complex process of verifying identity at lower network layers before moving to higher-level authentication. (If this solution interests you, visit http://www.mtghouse.com for a more technical view.)
Personal firewalls offer a high level of protection when configured correctly. Fortunately, some software companies offer reliable free versions for home users. Two free firewalls I recommend looking into are Outpost and ZoneAlarm.
Many commercial vendors also offer firewalls with advanced features. One feature-rich firewall, called Senforce, offers rules that automatically adapt to your environment. The Senforce firewall dynamically changes the protective rules as you roam from various networks. For example, if you move from a wireless cafe to the office, the firewall adapts to optimize the rules for each environment. See the sidebar on personal firewalls for more information.
BYOS: Bring your own security
Wireless computing presents some serious security issues. If you aren't going to take any measures to protect your data, your best bet is to use public hotspots only for reading the news and sending non-sensitive information.
To protect your information from simple attacks--for example, someone else reading your e-mail or seeing information you enter into a Web form--you should use SSL for sensitive Web connections. This keeps most bad guys from listening to the traffic crossing wireless airwaves and gathering information. However, SSL can't protect you from more advanced attacks.
The next level is to implement a properly configured VPN to add protective encryption. You can also add another layer of protection: a personal firewall. A good firewall and up-to-date system patches should hold off most direct attacks.
It's a shame that a few unscrupulous people can create so much work for everyone else trying keep their information safe. However, built-in information safety should gain momentum as the wireless industry matures and security standards evolve. In the meantime, you should take a little extra time to make sure you're using wireless technologies safely.
A feeling of serenity fills you as you lean back in the chair and sip your coffee. With java in hand, you go back to reading the latest news, a little wiser from your experience.
MOBILE BUSINESS BENEFITS
Wi-Fi has taken off like wildfire, but its security features haven't evolved as fast. If you or your employees are doing business on the road via Wi-Fi connection, there are security threats you should be aware of. Here's what to watch out for and how to protect your data.
RELATED ARTICLE: Personal firewalls.
Personal firewalls act as shields, blocking hostile incoming traffic while allowing your traffic out.
NOTE: Some firewalls behave unpredictably; for example, you might shut down the firewall, yet the firewall remains in place, invisibly denying traffic. This happens because traffic-blocking on these firewalls happens at lower layers and is somewhat complex. Due to this complexity, firewalls present a small learning curve to configure and operate correctly. However, after proper configuration, they will operate transparently.
The following list distinguishes between home-use and enterprise firewalls. One of the chief differences between the two is that enterprise firewall solutions let a system administrator manage the configuration. This ability to manage the firewall policies on all systems from one location is a huge benefit. Many enterprise firewalls also offer more advanced protection than home versions, including features such as Trojan blocking and registry protection. When considering a enterprise solution, look for strong central management, ease of deployment, and transparency to the user.
Outpost firewall is a feature-rich free alternative for the home user. It's easy to use and configure. Agnitum also offers Tauscan, a powerful Trojan Horse detection and removal engine.
Senforce Shield integrates with your network card's hardware driver to block traffic at a much lower layer. The client software also offers useful features for seamlessly roaming from wired to wireless LANs. Senforce Shield's enterprise edition also allows centralized administration.
Sygate Personal Firewall
Sygate Personal Firewall provides unobtrusive, configurable rule-based security. Policies regarding applications, trusted IP addresses, ports, protocols and scheduling can be customized to support and secure any network configurations or requirements.
Symantec Norton Personal Firewalls 2003
Norton Personal Firewall automatically controls inbound and outbound Internet connections, examines the content of Internet traffic for attacks and prevents confidential information from being sent through e-mail, Instant Messaging services and Microsoft Office attachments.
McAfee Personal Firewall
McAfee Personal Firewall lets you to securely "fingerprint" trusted applications. Application fingerprinting helps prevent malicious spyware and trojans from sending data from your PC directly to a hacker. It also records intrusion attempts.
Zone Labs ZoneAlarm
ZoneAlarm popularized the free personal firewall concept. It's a robust product with many features similar to Agnitum Outpost. The commercial version of ZoneAlarm offers centralized administration.
John Eder gained invaluable consulting experience working for years as a security consultant. While consulting, he also earned his Cisco Certified Network (CCNA) and Certified Information System Security Professional certifications. John now works as a system security consultant for Experian Corporation. He is active in the security community, frequently presenting and writing about wireless and information security. John's latest research focuses on methods for cryptoanalysis and vulnerability management. email@example.com.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Wi-Fi Security|
|Publication:||Mobile Business Advisor|
|Date:||Aug 1, 2003|
|Previous Article:||Dantz Development Retrospect: laptop backup made easy.|
|Next Article:||3G: more than just speed: third-generation (3G) wireless technology promises a host of new services and applications.|