Worried about Wi-Fi security?

By Matt Hines
Staff Writer, CNET News.com Published: January 19, 2005 4:00 AM PST

Tools

Related Stories: Password juggling no more?
January 14, 2005; Commentary: Who'll conquer the digital home?
January 6, 2005; Wi-Fi gets ready for next-generation Net
October 26, 2004; T-Mobile adds security measure to hot spots
October 5, 2004; 'Wardriving' conviction is first under Can-Spam
September 30, 2004; Safety: Open networks pose dilemma
February 4, 2003; Insecure networks could lead to lawsuits
July 1, 2002

acquired its own name, "wardriving." And some industry experts point out that the day of sitting outside someone's house to steal their bandwidth is being outdated by signal-boosting technology that lets individuals get onto a network that's miles away.

"A signal enhancer available at your local RadioShack can give someone access from as far as 50 miles away," said Drew Carter, product manager for strategic opportunities at security software maker McAfee. "It's not just your neighbors that you need to worry about anymore."

In fact, extending the range of wireless technologies is a popular pastime of hobbyists and researchers. The 300-foot range of most wireless networking technology for the home is set more by government and manufacturer decree than by limits to the technology. The University of California at San Diego's High-Performance Wireless Research and Education Network (HPWREN) has extended Wi-Fi to 72 miles using power amplification and improved antennas. And hackers at the Defcon conference created a wireless sniper rifle that could target Bluetooth phones a half mile away, extending that technology's range almost 100-fold.

Help on the way
Because of the growing threat, everyone from third-party software vendors to networking-gear makers is developing technologies to try to help consumers cover their backs.

Security software maker McAfee is developing a free diagnostic tool that lets people survey their computer using a Web interface to determine the security of the network the machine is registered on. Dubbed McAfee Wi-Fi Scan, the application is already undergoing beta testing and is set for release in mid-February.

Five tips for clean air

Easy ways to improve protection for your wireless network.

Turn on wireless router firewall software

Use firewall software for individual devices on a network

Use third-party software to test for network vulnerabilities

Use monitoring software to detect potential intrusions

Change passwords after allowing access to someone new

Source: CNET News.com research

"Even if you can successfully deploy the security tools that come with wireless hardware, I think a lot of users get a false sense of protection from it," Carter said. "People think a simple firewall secures all their communications, while the reality is that though your connection in and out of that device is partially secured by the firewall, the actual connection between that device and your computer...may not be secured at all."

Hardware manufacturers are taking a different route. Earlier this month at the Consumer Electronics Show in Las Vegas, Linksys, a division of networking giant Cisco Systems, said it was launching a joint effort with chipmaker Broadcom and IT behemoth Hewlett-Packard to create a push-button security system for home wireless products. The system, to be called SecureEasySetup, promises to provide coverage that meets the Wi-Fi Protected Access, or WPA, industry standard for security.

Jeff Abramowitz, senior director of wireless LAN marketing at Broadcom, said SecureEasySetup represents the kind of basic security system consumers can understand easily.

"The technology allows you to set up a very secure Wi-Fi network without having to know any of the technical ins and outs," Abramowitz said. "All you do is hit a button on your router or Wi-Fi access point and push a corresponding button on a PC or another device, and they find each other and establish a secure connection."

Linksys has agreed to start building SecureEasyStep into its networking products by the beginning of 2005. HP will add the tool to certain notebook and desktop PCs and to some of its networked printers. Abramowitz said a number of other well-known technology companies are also working with the application.

In one less-conventional approach, Force Field Wireless has begun marketing latex house paint it claims will block wireless radio waves from escaping through the walls of a home. Known as DefendAir, the paint is laced with bits of copper and aluminum that help form an electromagnetic shield around your house, Force Field said. The paint, which sells for $69 a gallon, is certified nontoxic and lead free, and comes only in one color--gray.

Those products promise a safer future. The problem right now is those people who remain oblivious to the existing vulnerabilities in their systems. Analysts point out that there are a number of ways to secure these, from making sure basic firewall technology in the wireless router is installed to buying as many components as possible from the same vendor. There are also more complicated measures home network owners can take, such as swapping out the default service set identifier, or SSID, number--a form of unique identification for each wireless local area network--for the devices and making sure security systems have been updated to meet all the latest wireless specifications.

Jonathan Penn, an analyst at Forrester Research, feels that in requiring so much attention to be made secure, wireless networks will remain something of a hassle for consumers until more effective, easy-to-use methods of self-defense are created. He argues that consumers should not have to face the challenge of dealing with technology defaults and keeping up with industry standards.

"If the gear manufacturers, Internet service providers and software makers seriously want people to come online, they can't make it so hard on their customers," Penn said. "People are being told that they need to worry about antivirus software, antispam tools, wireless security and all sorts of malicious threats online. At a certain point, unless things become easier to handle, some people might just say, 'Forget it.'"

Previous page
Page 1 | 2

More from News.com on this story's topics: Networking
Create an email alert | RSS feed; Security applications/tools
Create an email alert | RSS feed; Security
Create an email alert | RSS feed; 802.11/Wi-Fi
Create an email alert | RSS feed; Hewlett-Packard
Create an email alert | RSS feed; McAfee
RSS feed; Broadcom
Create an email alert | RSS feed; Cisco Systems
Create an email alert | RSS feed

See more CNET content tagged:
back burner, Broadcom Corp., Wi-Fi security, focus group, WLAN

19 comments (Page 1 of 2)

Complicated measures?
by aemarques January 19, 2005 4:31 AM PST: You say "There are also more complicated measures home network owners can take, such as swapping out the default service set identifier, or SSID". However, changing the defauld SSID - or, better yet, blocking its broadcast - is one of the most simple and efective security measures one can make in a Wi-Fi network!; Reply to this comment View reply
Processing

re; WiFi Security
by djysrv January 19, 2005 4:57 AM PST: Cudos to Belkin on this issue. When I set up an 802.11g home network, I knew I'd be lighting up the entire neighborhood. Belkin's technical support staff walked me through setting up the router, changing the SSID, setting up 64-bit WEP encryption, strong password, and installing a USB wireless node. Everything Belkin said would work did. When I changed one of our home computers, and had to re-install the wirless node, Belkin's instructions were flawless, and the new PC got connected right away using the same secure methods.; Reply to this comment View reply
Processing

If you aren't sure, take a class, ask questions
by jeaninej January 19, 2005 5:13 AM PST: I took C/Net's free Wireless Home Networking classes before I even had equipment. They proved valuable sources of planning and security information when I did acquire my LinkSys equipment and set it up. I don't broadcast my SSID, have 64-bit encryption and definitely changed my IP addressing structure. If you aren't sure what you are doing, then you shouldn't be doing it. GET EDUCATED!; Reply to this comment

The guy is an IT pro and he's scared?
by Not Bugged January 19, 2005 6:43 AM PST: Okay, I'm not in IT but man it seems like I should be. If you set your filters to allow only specific MAC addresses, disable SSID broadcast, use a proprietary technology, mine is the D-Link which uses 256-bit encryption, don't use default settings there is no way anyone is getting in. Other steps is make sure to strategically place the wireless router where it has the hardest time broadcasting outside of the home, like say in the basement. Can someone break the encryption? Possibly, but that is why you change the keys (make sure it's shared) every couple of weeks or maybe once a month.; Reply to this comment View all 2 replies
Processing

SSIDs are not unique, thats part of the problem.
by January 19, 2005 7:38 AM PST: The article states: "such as swapping out the default service set identifier, or SSID, number--a form of unique identification for each wireless local area network" That's good advice, but I'd just like to point out that SSIDs are not unique. For example the default SSID for some Dlink wireless routers is WLAN, if your router is broadcasting its SSID (another default setting for easier connection) then an atacker will be able to guess what wireless router you're using. And since you haven't bothered to change any of these settings the chances are that the administration password for the router has been left on the default value too! My advice, call in a proffesional or read up on it and do it yourself. If you get stuck you'll find plenty of free support in newsgroups and forums (that is as long as your internet connection's still working).; Reply to this comment

Radiuz Networks to the rescue!
by January 19, 2005 7:45 AM PST: Radiuz Networks (www.radiuz.net) offers a solution to the problem that's easy to setup, and lets you control your home WiFi network to match your preferences for security and sharing. If you want a locked down network you can. If you want a fully shared network you can. You can even cooperate with your neighbors - its all monitored so you've always got the security of that audit trail. Go check it out - I was surprised not to see it in their write up as its a innovative new take on the problem.; Reply to this comment

Microsoft Wireless Security & SSID Broadcast
by freebedj January 19, 2005 8:14 AM PST: One security measure that I take in regards to wireless, is turning off the SSID broadcast. However, with a new laptop that was running Windows XP and an internal 802.11g wireless card, it depended on Windows Wireless Zero Configuration service. I was having problems with connectivity and the resolution posted on the Microsoft site was that not broadcasting the SSID was not a viable security mechanism. The MS recommendation was to turn on SSID broadcast. So basically I have a choice to make: Turn on SSID broadcast so that my new laptop can connect using the internal card Buy a PCMCIA card that has management software that can connect if the SSID is not broadcasted.; Reply to this comment View reply
Processing

First step NOT last
by shadowself January 19, 2005 1:00 PM PST: In your suggestions as to what to do... "As a final security precaution, consider limiting access to network adapters with specific MAC addresses." For a home system ... and any business system which does not have a large number of visiting users ... this must be the first step, not the last. Anyone who has a WiFi network which does not have a large number of visiting users that does not restrict access to specific MAC addresses has an idiot for an administrator. Period. Any system (base station, etc.) that does not allow a relatively easy means (with proper, verified authorization of course) to add and/or delet MAC addresses must be avoided at all costs. This is the most basic means of protecting your network. Of course other layers need to be added too in order to maintain data confidentiality when you are using the network, but restricting the network usage to specific MAC addresses is the first step, NOT an optional last step.; Reply to this comment

Thank you!
by January 19, 2005 2:23 PM PST: You are all, mostly, correct. Limit the access to your wireless LAN by using MAC address filtering. Close your networks (in AirPort lingo or disable SSID broadcasting for you PC folks) and use the built-in encryption/security features of your router/access point. At the very least connect to your router's web-administration page and change the default password for the admin account!!! Or just leave your network open for all to use freely. The choice its yours. If you're still unsure, switch back to hardwired Ethernet connections... that's a REALLY secure connection! My neighbor is lucky I found their network first and not some unscrupulous person. They left the admin passwords at the default and are running two routers! All without any security enabled! Great for me, but they should know better or go all hardwired. Take a few mintues to read the manual, it's all in there!; Reply to this comment

What's with the puritanical technofear?
by January 19, 2005 3:38 PM PST: "attackers could implant malicious programs, including spyware, adware and Trojan horse applications, directly onto a computer". How would they do that without an unprotected computer? This has nothing whatsoever to do with open wireless networks, a machine open enough to allow this to happen over wifi would have it happen with any internet connection. The only real threat in the entire article is totally bogus! As to the rest, it gives people on your little corner of the net anonymity which the can use or abuse to do things you don't approve of. Good! I don't want to police what others do and if someone abuses the facilities to the point where the network slows down I simply put a block on their IP address (which is logged on my machine so it's not the masked intrusion you make it out to be). At my home base is an open WIFI connection and in my RV is a signal booster for the same. Share and enjoy!; Reply to this comment

1 | 2 | Next 10 Comments >>

RSS Feeds: Add headlines from CNET News.com to your homepage or feedreader.; Google; Yahoo; MSN; More feeds available in our RSS feed index.

Today's Top Stories: GM keeps building cars on XP; GIS exec works to unlock hidden geo data; Hackers go after restaurants, markets; EarthLink ditches Philly Wi-Fi network; Craigslist files lawsuit against eBay

Most Popular Stories: Welcome to the social mess?; HP in talks to buy EDS; HP to acquire EDS for $13.9 billion; Mac Office sales soar on Apple's gains; 'Grand Theft Auto IV' nets Guinness record

Markets: Hewlett-Packard (-5.47%) -2.56 44.27; McAfee (0.60%) 0.22 36.80; Broadcom (3.04%) 0.81 27.47; Cisco Systems (0.19%) 0.05 25.89; Dow Jones Industrials (-0.34%) -44.13 12,832.18; S&P 500 (-0.04%) -0.54 1,403.04; NASDAQ (0.27%) 6.63 2,495.12; CNET TECH (-0.06%) -0.99 1,744.82