We are familiar with wireless communication because of the
ubiquitous radio and the mobile phone. However, the first
application of wireless was actually for data transfer, when
Marconi invented wireless telegraphy, which was used for
transmitting Morse code.
Today, wireless data transmission is as ubiquitous as the radio and
the speed for data transmission is increasing daily. From wireless
local area networks (LANs) with pitiable speeds such as 1 - 2 Mbps,
we now have wireless LANs with speeds up to 54 Mbps.
And the best part—no wires means no restriction on movement.
You can take your computer anywhere and the wireless network
follows you. This has tempted all of us, from home users to
corporate users. The cost and hassle of wiring up a place is now a
thing of the past. Just get a couple of access points, set them up
in convenient locations and your wireless network is up and
running. The wireless NIC (network interface card) is a built-in
component for every notebook PC. So you just boot your computer,
order a cup of coffee and surf the internet, download e-mails or
chat with your friends using the free wireless hotspot provided by
the considerate coffee shop.
What are the risks?
As always, there are strings attached to anything that is free,
easy and convenient. Wireless networks were designed to be easy and
convenient for genuine users. However, malicious users quickly
learnt to exploit the vulnerabilities of such a network.
Wireless designers provided basic security features to make the
wireless equivalent to a wired network. This was done through WEP
(Wired Equivalent Privacy). WEP was achieved by elementary
cryptography. Hackers promptly learnt how to break this, and now,
any network which is just WEP-enabled, is as good as insecure. So a
hacker can listen to all communication, record it, alter it, replay
it, change user names, send e-mails from an e-mail account, etc.
Further, the wireless network spills across your physical
boundaries. So a malicious user does not even have to be in your
premises, or cut any wires. Sitting in his car, across the road, he
can still hack into your wireless network. This has been the basis
of some of the most spectacular cyber crimes like stealing millions
of credit card details from TJ Max super market chain.
What should we do?
The right thing to do is to avoid using free hotspots. Do not click
on a network that is so temptingly available. If you do, there is
every possibility of your computer being hacked and all information
stolen.
While setting up your own wireless network, make sure you use the
latest wireless security standard which is WPA-2 (WiFi Protected
Access-2). WPA-2 provides confidentiality to your wireless
communication by using AES (Advanced Encryption Standard) with
strong key. It provides integrity to messages by using strong
integrity- checking algorithms.
WPA-2 authenticates the person logging into your network by using
EAP (Extensible Authentication Protocol). Implementing these
security standards requires technical discipline and
investment.
Without such security measures, all your information is visible,
accessible, and alterable. Your network may be used, not only to
break in to your notebooks and servers; but also to send malicious
messages that can be traced back to you. You may be criminally
implicated if a terrorist uses your home or office network to carry
out their activities. You may also be sued by your clients for not
protecting their information.
Avinash Kadam is Director, COO and Head of Delivery at MIEL
e-Security. He can be contacted at awkadam@mielesecurity.com.