Editor's note: Computerworld editors Preston Gralla and David Ramel disagree on the security threat posed by wireless networks. In this article, Gralla presents his case that wireless networks are indeed a serious vulnerability. He also provides tips on how to secure a wireless network.
In Why worry about wireless? Ramel alleges that the threat is overhyped, that it's now trivial to secure wireless nets and that IT pros have far more serious security concerns they should be addressing, while home users have little to lose even in the remote chance someone tries to breach their networks. Both editors wrote their articles without having read the other's.
If you've got a wireless network at home or at your business and don't take special care to protect it, well, you're playing Russian roulette -- and the chamber is loaded with multiple bullets.
Even if you're protecting your network, you may not go far enough. For example, you may use easily crackable Wired Equivalent Privacy (WEP) encryption rather than the more powerful Wi-Fi Protected Access (WPA). (See "How to protect your wireless network" for details.)
If you're still not convinced, read on -- I give you five reasons to take the extra effort to protect your Wi-Fi network, whether it's a small one at home or part of a larger, enterprise network.
Reason No. 1: You may be aiding criminals
There's a new type of wireless piggybacker out there -- people looking for a convenient, unprotected Wi-Fi network to hop onto in order to do something illegal, quasi-legal or just downright nasty. They won't be breaking in to your PCs, but they'll be using your bandwidth and IP address for nefarious purposes.
US Local, state and federal law enforcement officers report a sharp increase in criminal use of unprotected Wi-Fi networks, according to The Washington Post. After doing an investigation, the newspaper noted, "an increasing number of criminals are taking advantage of the anonymity offered by the wireless signals to commit a raft of serious crimes -- from identity theft to the sexual solicitation of children."
For example, in Arlington County police tracked down the IP address of a suspected pedophile who traded child pornography online. Armed with a warrant, police knocked on the door of the person who used the IP address and found an elderly woman who they quickly realized wasn't the suspect. Someone had hopped onto her wireless network to do the deed.
Even if you don't have moral qualms about someone using your network for trading child pornography (and you certainly should), do you really want police knocking on your door to investigate if you're a pedophile?
Reason No. 2: Wireless is the weakest link in your enterprise
You may use high-powered security in your core enterprise network, but if you've got even a single, poorly protected wireless access point somewhere -- even hundreds or thousands of miles away from corporate headquarters -- you're at risk. Invaders intent on stealing customer records or private data or merely doing mischief can easily make their way from that single access point right into the heart of your network. And if you're a large company, it could cost you millions of dollars.
It happens more frequently than you might imagine. For example, two 21-year-old Michigan men found an unprotected wireless network at a Lowe's retail store. They hopped on to the network, "which gave them access to Lowe's central computer system, and to other computer systems located in Lowe's stores around the country," according to a Computerworld US article. Armed with that access, they installed malware at a number of Lowe's retail stores in order to steal the credit card information of customers making purchases.
Even worse was perhaps biggest data breach in history, when hackers stole 45.6 million credit and debit card numbers over a year and a half from The TJX Companies. Once again, poor wireless security at a single access point was at fault. Hackers sat outside a Marshalls discount clothing store in Minnesota. Using a directional antenna and cracking software, they intercepted data being sent over the store's wireless network, which was protected by notoriously easy-to-crack WEP encryption, rather than the stronger WPA.
Once they broke into the small, local network, they gained access to TJX's main corporate network and stole the 45.6 million records over the next 18 months. See How to protect your wireless network for details on how to turn on WPA encryption on your network.