Frankly Speaking: Thanks, warchalkers

Computerworld - This version of the story originally appeared in Computerworld's print edition.

Warchalking? I'm for it. I think it almost qualifies as a public service. No, I don't trust the hackers who ride around with antennas made from coffee or snack-food cans, mapping out wireless access points to corporate networks. They're looking for ways to connect to our networks without authorization, so by definition they're not to be trusted.

But when those hackers mark the locations of wireless networks with chalk on the outside of buildings, that makes our work easier.

It removes any possible argument against better wireless network security.

Face it, security costs money. And like a lot of other things corporate IT departments should be doing, wireless network security isn't in the budget this year. And CEOs won't be in any rush to approve it for next year either.

That means far too many IT shops are depending on the time-honored strategy of "security through obscurity." We all know how that kind of wishful thinking goes: Maybe, if we're lucky, no one will notice any unsecured wireless access points in our networks.

Warchalking demolishes that strategy. Warchalking advertises wireless access points for all the world to see. And hosing off the chalked-up wall won't even work as a stopgap measure, because if you leave the security hole in place, the warchalkers will return -- again and again.

So, what do you do when you discover warchalking symbols on or near your company's facilities?

You get a camera -- fast, before the maintenance guys get a chance to clean it off. You take lots of pictures: close-ups so the chalking is clearly visible, longer shots so there's no doubt whose wall those chalk marks are on.

Next, you take those pictures to your CEO. You explain that this isn't ordinary graffiti. You explain, as simply as possible, what it is -- a sign letting hackers know that your networks are ready and waiting to be compromised.

You point out that cleaning it off won't really help because the hackers already know where your wireless nets are -- and if you don't secure them, they will be hacked.

Then you bullet-point your plan for wireless security. That includes how you'll inventory your site's wireless nets, what tools you'll need and what it will cost.

Finally, you ask for your CEO's full support on this. You'll need it, because there are probably wireless access points you don't know about, and you'll need clout to deal with non-IT managers and executives who really like the wireless nets they've slipped into their offices and warehouses below IT's radar.