Thursday, June 21, 2007
Wireless (Wi-Fi) Networks Increase the Challenges of Internet Security
Like so many technologies before it, wireless TCP/IP networks (especially WiFi/802.11 networks) were implemented and marketed without much consideration for the increased computer security risks that broadcasting your network traffic to the world might entail.
As any code-breaker knows, one of the best ways to reverse engineer coded messages is to compare lots of these messages to find common patterns. Early WiFi security, specifically WEP encryption, fell to this well known technique, because it re-used encryption keys. As any spy worth his martini and Aston Martin knows, you should never reuse your encryption keys if you want to keep your secrets safe.
Yet, WEP did exactly this, so a patient hacker needs only to listen in on your WEP traffic long enough to discover the (reused) encryption keys. At least WEP prevents casual computer users with no expertise from logging into your network by simply posting up close enough to your base station to detect your WiFi signal. Just add a Pringles potato chip can to your setup, and you can detect Wifi signals hundreds of meters from the source. That's not a problem in any urban (and most suburban) areas.
In short, wireless networks have only increased the challenges of internet security by introducing a huge "back door" into your network. No longer do hackers need physical access to your network to steal your secrets. Nor do they have to defeat a well-secured firewall. Now, they can simply eavesdrop on network traffic beamed out into the ether by your new unsecured WiFi base station.
Over the next few weeks, we'll look closely at the different ways you can reduce computer security risks by implementing basic wireless internet security techniques. Stay tuned, or grab our RSS feed.
Subscribe to:
Post Comments (Atom)
5 comments:
Well said. It goes to show why wireless network security is such an important topic at this time.
BTW, the car is "Aston Martin" not Austin Martin. You're thinking of Austin Powers, international man of mystery (who would definitely have a good network security tool kit at his disposal to breach a network).
Keith, thanks for the notes on the Aston Martin -- I've corrected the spelling and added a link to the Aston Martin site. As I recall, didn't Austin Powers drive an Aston Martin?
You got me curious so I checked. He drove a Mini Cooper (http://www.idcow.com/etl2038.html) and of course, the Shaguar (http://shopping.msn.com/specs/shp/?itemId=29109578).
I guess he had a Corvette too (http://www.minimodelcars.co.uk/diecast-model-car/model-chevrolet-corvette-austin-powers-ert33517)
It was James Bond who drove the Aston Martins, before he switched to BMW's in the more recent movies.
WPA is a MUST. Defcon ate WEP like Doritos then mapped out all the unprotected systems in Las Vegas. Its was a happy time. :)
WEPs still slightly better than nothing.
I couldn't agree more: WEP is worthless. Don't use it. Perhaps that's a bit extreme -- but if you care about security, you should avoid WEP.
Post a Comment