Home > Security

Computerworld - For most people, summer is about taking a vacation with family or heading to a secluded place to get away. Earlier this year, I read an article about the number of wireless hacks that were increasing globally. What I found interesting was that the hacks were pretty basic and that most of the information on how to break into default systems, how to look for Wired Equivalent Privacy (WEP) being enabled and other wireless steps could be found in a Google search.


I had decided at the beginning of the summer that I wasn't going to take any downtime or a vacation per se. Instead, I would validate through "war driving" in five cities that wireless networking isn't ready for prime time. My itinerary involved Omaha, Chicago, Ann Arbor, Mich., Denver and Atlanta. War driving is driving around an area with a laptop computer and an 802.11 network card to identify the presence of wireless networks.


One common thread through this mission was that the cities involved had some aspect of high-tech or higher education with an emphasis on IT security. Another common thread was that I had friends and family in these cities, so I had a place to stay.


Let me preface my experience with wireless networks. I embrace new technologies and try to understand how to make the workplace safe with security controls. It's not uncommon for individuals or organizations to speed up the process of implementation and not put security controls in place. I've been involved with many aspects of security and try to be proactive by educating. In my opinion, wireless security can be implemented safely, effectively and efficiently.


While on this mission, it was critical for me to identify if the following could be picked up from the war drive:

1. If WEP was enabled. The WEP encryption method was designed to provide wireless networks with the same security available in wired networks; however, there are some challenges with this standard.


2. The presence of the service set identifier (SSID), the name assigned to a wireless network. Usually, the SSID comes by default using the vendor's name and should be changed to something nondescript.

With these two pieces of information, an unauthorized user could be able to acquire access to a wireless network. Think about it. You're surfing the Net at home or in the office, and someone just hops onto your network connection. With information about whether or not WEP is disabled and SSID default settings, an unauthorized user could access your documents, financials or other sensitive information.