Wireless offices--a hacker boon?

"We came across a company with one of these networks. All their source code, everything was available," said Thubten Comberford of White Hat Technologies, a wireless security firm.

"This network was beaconing, 'log onto me'...It basically had its Rolls-Royce parked in the driveway, engine running, with a sign saying 'steal me.'"

If you think your company doesn't have to worry, you might want to double-check. According to Gartner Dataquest, about 30 percent of all companies with a computer network have some kind of wireless network, either official or rogue. Furthermore, if the business or cafe next door has a wireless network, you might be in trouble.

Information travels unprotected through the air on these networks, and a hacker with a reasonable amount of knowledge can intercept it. Hackers say it would be tough, but not impossible, to use this open door to ride the network all the way into a company's main computer.

These small, inexpensive networks have already proven popular at hotels, conference centers, coffee shops and airport lounges--not to mention neighborhood networks--which offer a free, fast and easy way to log on to the Net if you are within a few hundred feet of an access point.

Now businesses are catching up, quickly installing these networks to increase productivity by allowing employees to carry a laptop into a meeting, the lunchroom or a colleague's office. Where there isn't an official network in place, curious employees are creating rogue ones, getting the increasingly cheap equipment at outlets such as Fry's Electronics, which has entire aisles of so-called 802.11 products.

Closing the door
The security problems are enough to deter some businesses from setting up wireless systems, said Inder Gopal, CEO of ReefEdge, a New Jersey-based seller of wireless network equipment.

"A lot of companies had plans, and yes, a few have become gun-shy," Gopal said. "But a lot of IT guys are saying, 'Look, either I do it, or my employees are going to take the law into their own hands and set up a rogue access point.'"

Security issues, such as sending unencrypted data over insecure airwaves, are nothing new to wireless networks. But there are solutions available today, or in the near future, that can limit the problem.

Sniffers: devices that can sense where 802.11 networks are and whether they are transmitting.

Encryption: breaks up information into a code, then sends it over the airwaves and reassembles the data when it reaches its proper target.

802i: new wireless standard due out this year that may be able to stop at least 10 percent more network break-in attempts.

Virtual private networks: impenetrable electronic shafts between a person and a network that are increasingly being used to secure 802.11 networks.

Because security is such an important factor, companies are trying to set up official networks and discourage rogue ones. You can improve security by using "sniffers" to detect the networks, whether rogue or simply ones innocently set up at a nearby office or cafe. Companies can ensure their wireless networks only send encrypted data or use virtual private networks. Additionally, there is a new standard for a way these networks shower areas with access, one that is said to be able to stop at least 10 percent more break-in attempts.

Cisco Systems, the biggest seller of wireless access points for 802.11 networks, says its latest gear has better encryption, according to Vice President Ron Willis.

"We have made security a priority," said Willis, who downplayed some of the threat, noting that while it's one thing to get onto a wireless network, it's quite another to have the savvy to unlock the company's secrets.

At Cisco's campus in San Jose, Calif., where employees can buy 802.11 gear at the company store, the employees started building the network before the company did. Willis said they decided to see who was using the gear a few months after the equipment was first available.

"It wasn't much of a step" to stretch the self-built wireless network to cover the entire Cisco campus of about 45 buildings, he said.

IBM, which operates a corporate wireless network for its employees and sells them to clients, uses sniffers to locate rogue networks or other security breeches, said Guy Denton, an IBM wireless security consultant.

Executives agree these networks can greatly increase productivity. At a large warehouse operation, a wireless network used to assign tasks to the employee physically closest to the job increased productivity by 30 percent, according to Gopal.

A threadbare security blanket
But security experts have repeatedly shown that these networks can be intruded upon. The main problem is that the information travels over a free-to-use and unregulated piece of radio frequency not protected by any kind of encryption.

This week, wireless network vulnerabilities were exposed at two airports, where security is now a top priority. Computerworld magazine reported that two wireless security firms were able to access a wireless baggage check-in network used by American Airlines at both the San Francisco and Denver airports. From there, a person could manipulate systems set up to meet new federal requirements regarding baggage control.

"We thought what we'd really find were all these networks interfering with each other," because there are numerous 802.11b networks set up by various airlines, all using the same radio frequency, said Jonas Luster, chief architect at D-Fensive and one of the specialists involved in testing the airport systems. That same frequency, 2.4GHz, is also crowded because it is used for cell phones and microwaves, and at some point the heavy traffic can knock people off the network, garble phone calls, or bog down the system.

"I could very easily become a node on this network and from there, it wouldn't have been easy, but I could jump into more fruitful parts of the American Airlines airport network," said Luster, who said he also detected and accessed the wireless network set up by American Airlines at the San Jose International Airport.

An American Airlines spokesman said the company was already addressing the issue, although the networks remain in place. He refused further comment, saying the airline does not want to divulge its security plans.

Concerns over wireless networks security has forced one air travel company to change its plans.

Aeronautical Radio is moving away from using 802.11 for an airport's more important tasks, like tracking baggage or passing check-in information from curbside stands to departure gates, said Vice President Joe Weiss. The wireless service provider is owned by the major airlines and sells only to airlines.

"802.11 is easy...It's straightforward to put in some cables, some access points, and you're online," Weiss said. "Because of its commercial success, lots of folks have figured out how to listen in and circumvent such systems. You can actually buy programs on the Net that can decrypt and tell what's going on."

The problems also give pause at corporate campuses or in business parks where there are many businesses cheek-by-jowl in the same building.

"It's the nightmare of the IT manager," Gopal said. He said he runs into "a lot" of wildcat wireless networks, even at companies where he's trying to sell his products.

"We go and talk to IT managers. These guys say wireless is interesting, but we're just not going to do anything now," Gopal said. "We're telling them they are doing it right now."