BTopenworld is warning of the dangers of operating insecure wireless local area networks, claiming that warchalking can encourage malicious hackers to break into corporate networks.
In a guide released this week, the ISP says that the rise of warchalking -- where enthusiasts mark the presence of Wi-Fi networks so that other users can enjoy free wireless Internet access -- shows that companies must pay more attention to the security of their wireless networks.
"Whilst the general idea of sharing your bandwidth with the outside world may seem like a clever idea to some, there are of course security risks associated with it," cautioned BTopenworld.
"Whilst many people externally accessing your network may simply be doing it to use your bandwidth rent free for a short period of time the effect may also slow down your network and create significant security issues if your network is not secure," the ISP added.
Warchalkers insisted that their activities are not harmful, and have strongly rejected the claim that gaining unauthorised access to a WLAN is theft.
According to warchalking.org -- which also points out that some warchalking symbols are actually drawn by the person who owns or operates the wireless network -- the activity is not dangerous.
"Using someone's wireless network doesn't take anything -- they still have everything they had previously. Nor does it prevent them from using their network; in most cases (they're not likely to) notice," wrote one warchalker last week.
BTopenworld, though, insists that an unprotected network is vulnerable to attack from malicious hackers. "Companies need to ensure that no unauthorised person can 'eavesdrop' onto data traffic and gain unauthorised access onto corporate networks," said BTopenworld.
The warchalking phenomenon sprung up in response to the proliferation of insecure corporate Wi-Fi networks, as many companies installed WLANs but failed to set up the necessary security.
Because of this, BTopenworld has laid out the security measure that companies should take. The measures are reproduced below, but BTopenworld warns that its guide is for information purposes only, and should not be used as a substitute for specialist advice on a company's network security.
At the initial set-up phase of your WLAN, you should implement at least this basic security:
- Change the default SSID (Service Set ID or network name) and encryption keys.
- Filter MAC addresses at the access point to allow access to known users only.
- Enable WEP (Wired Equivalent Privacy - see below) at the highest level possible and change regularly.
- Limit folder/file sharing to the minimum with password protection.
- Install firewalls on all connected PC's.
- Install an updatable virus checker.
Businesses who wish to protect themselves from professional hackers should implement additional security measures such as those listed below:
- Ensure all access points are outside the firewall (i.e. treat the WLAN as external to the corporate LAN).
- Use IPsec or SSH encryption
- Consider RADIUS authentication procedures
- Use separate secure logon methods for access to the corporate LAN
- Locate access points in the centre of the building -- minimising radiation of the signal outside the building
- Remove "rogue" -- unauthorised -- access points from the network.
- Password protect all files and folders.