Computerworld - Editor's note: Computerworld editors Preston Gralla and David Ramel disagree on the security threat posed by wireless networks. In this article, Gralla presents his case that wireless networks are indeed a serious vulnerability. He also provides tips on how to secure a wireless network.
In "Why worry about wireless?" Ramel alleges that the threat is overhyped, that it's now trivial to secure wireless nets and that IT pros have far more serious security concerns they should be addressing, while home users have little to lose even in the remote chance someone tries to breach their networks. Both editors wrote their articles without having read the other's.
Please weigh in on the issue in article comments section below and by voting in our QuickPoll.
If you've got a wireless network at home or at your business and don't take special care to protect it, well, you're playing Russian roulette -- and the chamber is loaded with multiple bullets.
Even if you're protecting your network, you may not go far enough. For example, you may use easily crackable Wired Equivalent Privacy (WEP) encryption rather than the more powerful Wi-Fi Protected Access (WPA). (See "How to protect your wireless network" for details.)
If you're still not convinced, read on -- I give you five reasons to take the extra effort to protect your Wi-Fi network, whether it's a small one at home or part of a larger, enterprise network.
 Sound off on wireless security
|
Reason No. 1: You may be aiding criminals
There's a new type of wireless piggybacker out there -- people looking for a convenient, unprotected Wi-Fi network to hop onto in order to do something illegal, quasi-legal or just downright nasty. They won't be breaking in to your PCs, but they'll be using your bandwidth and IP address for nefarious purposes.
Local, state and federal law enforcement officers report a sharp increase in criminal use of unprotected Wi-Fi networks, according to The Washington Post. After doing an investigation, the newspaper noted, "an increasing number of criminals are taking advantage of the anonymity offered by the wireless signals to commit a raft of serious crimes -- from identity theft to the sexual solicitation of children."
For example, in Arlington County, Va., police tracked down the IP address of a suspected pedophile who traded child pornography online. Armed with a warrant, police knocked on the door of the person who used the IP address and found an elderly woman who they quickly realized wasn't the suspect. Someone had hopped onto her wireless network to do the deed.
Even if you don't have moral qualms about someone using your network for trading child pornography (and you certainly should), do you really want police knocking on your door to investigate if you're a pedophile?
Reason No. 2: Wireless is the weakest link in your enterprise
You may use high-powered security in your core enterprise network, but if you've got even a single, poorly protected wireless access point somewhere -- even hundreds or thousands of miles away from corporate headquarters -- you're at risk. Invaders intent on stealing customer records or private data or merely doing mischief can easily make their way from that single access point right into the heart of your network. And if you're a large company, it could cost you millions of dollars.
It happens more frequently than you might imagine. For example, two 21-year-old Michigan men found an unprotected wireless network at a Lowe's retail store in Southfield, Mich. They hopped on to the network, "which gave them access to Lowe's central computer system in North Wilkesboro, N.C., and to other computer systems located in Lowe's stores around the country," according to a Computerworld article. Armed with that access, they installed malware at a number of Lowe's retail stores in order to steal the credit card information of customers making purchases.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
