From the February 2002 issue of Entrepreneur

Who's reading your e-mail? Hackers? Competitors? If you're among the companies that have set up an 802.11b-or Wi-Fi-Wireless LAN (WLAN), you may have more people downloading files from your network than you have on your payroll. Some may even be planning to sabotage you.

Crackers (expert hackers) have begun "war driving"-that is, cruising neighborhoods using sniffer programs on Wi-Fi-equipped portables to find WLAN nodes. They're also developing software to exploit 802.11b's weak 40-bit Wired Equivalent Privacy (WEP) encryption and other vulnerabilities.

"Right now, they're doing some experimental looking and touching to see what they can access," says Elias Ladopoulos, chief strategy officer at Digital Frameworks Inc. in Forest Hills, New York. "The next step is to develop applications that will take advantage of these vulnerabilities."

At the very least, hackers might read your e-mail, download files and hitchhike on your fast Internet connection. At worst, they might steal secrets, plant viruses, deface Web pages or enlist your network's resources in distributed denial of service (DDOS) attacks.

But you're not defenseless. There are products and practices to safeguard your wireless net from intrusion.

Not the Same Ol' Security

For starters, WLANs need different kinds of software and mechanisms than those protecting your wired network, Web connections or portables. Unfortunately, most Wi-Fi security conventions are neither robust nor well-implemented.


30%
of businesspeople surveyed could be classified as pirating software and content off the Internet.
SOURCE: The Software & Information Industry Association & KPMG

Not only is the 40-bit WEP algorithm easily cracked, but it's rarely used anyway, notes John Pescatore, Gartner Inc.'s research director for Net security. A 128-bit, military-quality AES encryption algorithm should be in place by year-end, but weak encryption keys and initialization vectors will still leave networks vulnerable. Says Pescatore, "WEP is broken, and it's really not going to be fixed."

Actually, WEP was never intended to be more than baseline security for noncritical networks, says David Cohen, former chair of the Wireless Ethernet Compatibility Alliance. Standards bodies expect product providers to add tougher security themselves, says Cohen.

That's just what high-end vendors like 3Com, Agere Systems, Cisco and Proxim do-although in slightly different ways. For example, each user on a 3Com or Cisco WLAN is assigned a unique 128-bit encryption key that changes every session to deny hackers the time they need to figure out network traffic patterns. Proxim's Harmony 802.11b Wi-Fi products let administrators configure keys to change several times per session.

Unfortunately, none of the companies' security schemes works in networks with equipment from a variety of vendors. Besides, says Ladopoulos, some of their methods can slow down performance by as much as 50 percent.

Tunneling In

Another approach favored by both Digital Frameworks and Gartner is to protect network traffic in a Virtual Private Network (VPN) tunnel. High-end Wi-Fi devices like those mentioned above support VPN technology from brand names like Blue Socket, Citrix, Colubris Networks, Crossport Systems, eTunnels, Netilla Networks and OpenReach. The tunnels work for mixed-product networks and cover wired and wireless network nodes.

But in most cases, you'll need to buy a separate VPN server for each Wi-Fi access point-and that still doesn't solve your main vulnerability: human beings. Most security breaches involve simple mistakes that can only be addressed by rigorous security procedures administered centrally, says Pescatore, as opposed to relying on employee diligence.

Automatic log-on options and crib sheets for log-on information are out. Devices such as portables and home PCs have to be secured 24/7. Says Ladopoulos, "They always go for the weakest link, and any security process has many weak points."

Few organizations audit their networks frequently enough to detect such an intrusion, he adds. Besides, an ad hoc Wi-Fi workgroup can tap in to the company network in a matter of minutes, largely unnoticed even in relatively small companies. Ironically, if users enable WEP, hackers' presence can be difficult to detect without using a sniffer program.

Ladopoulos and Pescatore agree that the mere presence of wireless users means companies must rethink the traditional perimeter security model. You still need that "high wall" of antivirus, firewall and intrusion-detection software. But sensitive areas need added hardening with advanced encryption, VPN tunnels, restricted access-perhaps even biometric access controls.

Your current security perimeter may look like the Great Wall of China, says Ladopoulos, but ill-intentioned brainiacs are out there building hot air balloons to give away to the barbarian hordes. Network security has to adjust to the times.

PLUG THE HOLES:10 ways to secure your wireless network:

1. Deploy traditional network perimeter security measures.

2. Isolate sensitive areas on switches protected by dynamic encryption, VPNs and so on.

3. Audit for unauthorized WLANs weekly, or at least monthly.

4. Set all WLAN connections to utilize security automatically.

5. Centrally control access.

6. Avoid security practices that depend on user decision-making.

7. Equip employees with secure wireless devices.

8. Show employees how publicized security breaches could impact your company.

9. Reward security compliance and punish noncompliance.

10. Have an outside consultant set up and test your network security procedures.


Mike Hogan is Entrepreneur's technology editor. Write him at mhogan@entrepreneur.com.