Monday, January 15, 2007

Worried about Wi-Fi security?

Even for IT professional Matthew Ingrassia, keeping a home Wi-Fi network safe from outside threats is close to a full-time undertaking.

The technical coordinator for Washington, D.C.-based law firm Thompson Coburn harbors apprehensions that someone may be able to infiltrate the wireless network he set up in his Maryland home, despite all the training he brought to it. And he's pretty sure there are a lot of less-experienced people out there with no clue just how vulnerable their wireless systems may be.

"Running a home network with no security is akin to unlocking your door and hanging a sign on your house inviting thieves inside to steal," Ingrassia said. "It's easy to see how for someone with no real training, figuring out how to protect yourself might seem nearly impossible."

As Wi-Fi networks become popular in American homes, more people are exposed to dangers such as spyware, and the need to secure systems against those threats becomes more urgent. But for many ordinary owners, the complexity of dealing with a wireless network is leading them to put security on the back burner. If technology providers can't come up with products that will change that attitude, then the problem can only get worse.

People often struggle with installing their networks, causing them to think twice about putting in additional security measures or starting again from scratch to close potential vulnerabilities, experts said.

On top of this, the incompatibility between networking products from different sources, changing industry security standards and the growing number of devices people want to link to their wireless systems also daunt less-tech-savvy owners.

Networking industry executives say that as a result, getting consumers to use the security capabilities already built in to their wireless products is a struggle.

"Ease of use is a big problem. You can have the best encryption out there, but if someone can't set it up easily, it won't ever be used," said Mani Dhillon, the senior manager of product marketing at networking gear maker Linksys. "We've tried to make security an integral part of the (networking) setup process, but beyond that it's difficult to force people to use it. There's only so much that hardware manufacturers can do."

Plenty to lose
Studies suggest that an overwhelming majority of America's home wireless networks lack sufficient protection from outside intruders. According to figures from Gartner, some 80 percent of U.S. residential wireless local area networks, or WLANs, will classify as "unsecured" by 2007. The Stamford, Conn.-based research company contends that 70 percent of successful attacks on home wireless systems through 2006 will be the direct result of improperly configured WLAN access points and mismanaged client software.

And at a recent focus group session held in San Francisco, Tom Powledge, director of product management at security software maker Symantec, was amazed when four out of five people at the event admitted their wireless networks were not protected by any technology safeguard.

For some of those people, the idea of offering open Internet access via their home network was novel and nothing to worry about, Powledge said.

"Some people really don't care too much if people are logging on secretly, using their wireless connection. They feel they're providing free Internet to neighbors," Powledge said. "But what these people don't understand is that if someone else starts using your network to browse whatever they want on the Web, it's going to come back to your IP address."

That means people can surf unsavory content from your unique, traceable Internet location--and slow your Internet performance down at the same time.

Those whose wireless systems can be penetrated are exposed to other serious threats too, Powledge pointed out. For example, attackers could implant malicious programs, including spyware, adware and Trojan horse applications, directly onto a computer. That could open the door to more serious problems such as online fraud or even identity theft, he said.

In one instance, a Los Angeles man pleaded guilty in September to distributing pornography spam e-mails, sent out using other people's Wi-Fi connections, which he accessed from inside his car. And in 2003, a man in Toronto was arrested for downloading child pornography using other people's unsecured wireless networks.

The practice of cruising around town to look for unguarded wireless networks has become so popular that the phenomenon has even

acquired its own name, "wardriving." And some industry experts point out that the day of sitting outside someone's house to steal their bandwidth is being outdated by signal-boosting technology that lets individuals get onto a network that's miles away.

"A signal enhancer available at your local RadioShack can give someone access from as far as 50 miles away," said Drew Carter, product manager for strategic opportunities at security software maker McAfee. "It's not just your neighbors that you need to worry about anymore."

In fact, extending the range of wireless technologies is a popular pastime of hobbyists and researchers. The 300-foot range of most wireless networking technology for the home is set more by government and manufacturer decree than by limits to the technology. The University of California at San Diego's High-Performance Wireless Research and Education Network (HPWREN) has extended Wi-Fi to 72 miles using power amplification and improved antennas. And hackers at the Defcon conference created a wireless sniper rifle that could target Bluetooth phones a half mile away, extending that technology's range almost 100-fold.

Help on the way
Because of the growing threat, everyone from third-party software vendors to networking-gear makers is developing technologies to try to help consumers cover their backs.

Security software maker McAfee is developing a free diagnostic tool that lets people survey their computer using a Web interface to determine the security of the network the machine is registered on. Dubbed McAfee Wi-Fi Scan, the application is already undergoing beta testing and is set for release in mid-February.

"Even if you can successfully deploy the security tools that come with wireless hardware, I think a lot of users get a false sense of protection from it," Carter said. "People think a simple firewall secures all their communications, while the reality is that though your connection in and out of that device is partially secured by the firewall, the actual connection between that device and your computer...may not be secured at all."

Hardware manufacturers are taking a different route. Earlier this month at the Consumer Electronics Show in Las Vegas, Linksys, a division of networking giant Cisco Systems, said it was launching a joint effort with chipmaker Broadcom and IT behemoth Hewlett-Packard to create a push-button security system for home wireless products. The system, to be called SecureEasySetup, promises to provide coverage that meets the Wi-Fi Protected Access, or WPA, industry standard for security.

Jeff Abramowitz, senior director of wireless LAN marketing at Broadcom, said SecureEasySetup represents the kind of basic security system consumers can understand easily.

"The technology allows you to set up a very secure Wi-Fi network without having to know any of the technical ins and outs," Abramowitz said. "All you do is hit a button on your router or Wi-Fi access point and push a corresponding button on a PC or another device, and they find each other and establish a secure connection."

Linksys has agreed to start building SecureEasyStep into its networking products by the beginning of 2005. HP will add the tool to certain notebook and desktop PCs and to some of its networked printers. Abramowitz said a number of other well-known technology companies are also working with the application.

In one less-conventional approach, Force Field Wireless has begun marketing latex house paint it claims will block wireless radio waves from escaping through the walls of a home. Known as DefendAir, the paint is laced with bits of copper and aluminum that help form an electromagnetic shield around your house, Force Field said. The paint, which sells for $69 a gallon, is certified nontoxic and lead free, and comes only in one color--gray.

Those products promise a safer future. The problem right now is those people who remain oblivious to the existing vulnerabilities in their systems. Analysts point out that there are a number of ways to secure these, from making sure basic firewall technology in the wireless router is installed to buying as many components as possible from the same vendor. There are also more complicated measures home network owners can take, such as swapping out the default service set identifier, or SSID, number--a form of unique identification for each wireless local area network--for the devices and making sure security systems have been updated to meet all the latest wireless specifications.

Jonathan Penn, an analyst at Forrester Research, feels that in requiring so much attention to be made secure, wireless networks will remain something of a hassle for consumers until more effective, easy-to-use methods of self-defense are created. He argues that consumers should not have to face the challenge of dealing with technology defaults and keeping up with industry standards.

"If the gear manufacturers, Internet service providers and software makers seriously want people to come online, they can't make it so hard on their customers," Penn said. "People are being told that they need to worry about antivirus software, antispam tools, wireless security and all sorts of malicious threats online. At a certain point, unless things become easier to handle, some people might just say, 'Forget it.'"

0 Comments:

Post a Comment

<< Home

Who links to me?