Wi-Fi security tips - let's take care out there

A lot of crossover between two of tech's hottest areas

A lot of crossover between two of tech's hottest areas

The need for end-to-end security and users' laziness are the key obstacles blocking widespread adoption of Wi-Fi wireless LAN technology - but they are being overcome. There is always a trade-off between security and convenience in any network set-up, according to Mark Stevens, senior VP network security at WatchGuard, but the "biggest threat [to the spread of Wi-Fi] is ignorance". The boom in Wi-Fi networks - those that use the 802.11b standard - in offices, homes and at public 'hot spots' has caught many IT departments and companies by surprise. The latest figures from telecoms consultancy Analysys forecast that there will be 57,000 European and American public hot spots by 2007, up from 4,800 in 2002, generating around $5.5bn in revenue. In general, user organisations must overcome issues related to office-bound Wi-Fi usage, problems while on the road and those that face teleworkers at home. Unplanned usage is perhaps the biggest headache for the first category. "If you have a policy that says you are not going to use 802.11 [in an office] then I guarantee it's being violated," said WatchGuard's Stevens. "You do have those illicit access points." But assuming a corporate policy is successfully implemented there are hazards for those away from their desks. "A lot of people are still unaware of the security risks," said Jose Lopez, senior analyst at analyst house Frost & Sullivan. He said users may feel they have a secure connection at a coffee shop, only to find someone can get into their laptop when it isn't connected to the WLAN because their PC card is still openly broadcasting. Or they may feel the standard WEP encryption for Wi-Fi is good enough, even though programs such as WEPCrack and AirSnort show it isn't. WEP is being dropped by the Wi-Fi Alliance, a not-for-profit industry body, and Wi-Fi Protected Access (WPA) is coming in. But Frost & Sullivan's' Lopez added: "There'll always be someone who's going to try to break what you have." An answer is to use encryption over the air. A VPN is a must for corporate connectivity and even smaller client devices such as PDAs and ultra-thin laptops have enough processing power to support triple-DES encryption without slowing connections to a crawl. According to Andy Buss, an analyst at Canalys, there are third-party applications available to secure devices, but they have yet to mature. In general, the experts are pushing equipment vendors to build security into products so they are safe 'out of the box', though this is not always feasible. In the meantime, here is some other advice for WLAN users of all hues: - If you're in an IT department, have a clear corporate policy on what can and can't be downloaded onto mobile devices. - Decide who is responsible for privately bought devices such as PDAs, or whether they should be allowed on a corporate network at all. - Think about end-to-end security using PPTP (Point-to-Point Tunneling Protocol), IPSec, firewalls (even at the intranet level) and persistence applications that allow for areas of patchy or no coverage. In the meantime, use WEP - it's better than nothing. - Position corporate access points in such a way as they are less likely to 'leak' out of a building, if possible. - For home users, lock down which MAC addresses - used to identify each piece of hardware on a network - are allowed access to your WLAN. Think about using a static IP address and turning off DHCP, used for assigning IP addresses. Always use a VPN for corporate connectivity and realise that an insecure WLAN will only allow someone onto the wireline network to get access back to your office. - Remember, 'wireless hacking/cracking' fears are exaggerated and you're as likely to lose valuable corporate information via a stolen or lost laptop as have someone maliciously break in to your network. Protect devices by password protecting and encrypting files on hard drives. And by just being careful.