Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

David Ramel

RamelCast

What wireless security problem?

14 comments

IT TOPICS:Mobile & Wireless, Networking, Security

So I went war driving and found a bunch of unencrypted networks.

Big deal. Who cares? Nobody hacks wireless networks anymore.

Companies aren't stupid enough to allow easy access (change a couple default settings and you're all set) and home users don't have anything worth stealing.

As I wrote in an article for a special report, you'd practically have to beg someone to steal from you.

There is no wireless security problem, but Computerworld and the other trade pubs keep spitting out the same hyped-up stories about how you'd better secure your WLAN right now or the world will come to an end.

I asked a Computerworld columnist and author of such a story if there really was a problem and he reveled in my ignorance -- but didn't sway me with any hard facts.

Recently I chided a coworker for installing a "rogue" AP in a conference room. Someone's going to access that, I said. "And do what, surf the 'net?" he retorted.

Exactly.

I can get Internet access on all these open networks, but how do you do anything else, like browse files or find bank account information? No one seems to know. But they sure talk a lot about how dangerous these open nets are. Lots of vague references to sniffers and crackers and frame generators and traffic injectors and men in the middle.

Who does this stuff?

Please, someone, help me overcome my ignorance! Inform me how easy it is to steal something valuable from someone (no, I'm not really going to do it) or tell me about a real wireless security breach within the last year or so.

I'm waiting.

Email this

Digg this

What People Are Saying

Add new comment

I've needed internet access

Submitted by Remote Support Software on May 31, 2006 - 10:01 A.M.

I've needed internet access while on the road and many times have turned nto a residential area and jumped on a wireless network. I think it's great for people like myself just need to hitch a connection for a short operiod of time to get directions or some other peice of important information. I don;t know why people don't use the basic form but effective wireless security and use MAC filtering to protect themselves from unwanted guests.

Report this comment

After my original post on

Submitted by K~ on May 27, 2006 - 9:21 P.M.

After my original post on Posted on Sun, 05/14/2006 - 12:56pm I was delighted to come back and see come kind of conversation.

David, any comment?

Report this comment

Top things most likely to be

Submitted by Anonymous on May 25, 2006 - 5:18 P.M.

Top things most likely to be done to you in the first week in a major metro area:
1- not much as you say, maybe just a passive scan and you get added to a database as a sucker
2- then maybe you'll attract attention and you'l get a nice root kit installed
2- then comes the keylogger
3- if you have nice equipment you'll be used to send spam and host illegal files
4- if you have new or old equipment they'll still forward your keylogger to an port somewhere and scan it periodically for any keywords like financial institution web addresses. they'll keep you in various databases that get traded as zombies.

If you are rural, maybe you'll just get some kids looking to hide the source of their traffic. Maybe you'll be extra lucky and go a year or two with not so much as a ping in either case, but why-o-why would you walk around with a "kick me" sign on your back ?

Report this comment

I like what the last

Submitted by Anonymous on May 24, 2006 - 7:46 A.M.

I like what the last commentor wrote. Yes, there's a low probability that someone's going to break into YOUR house. The probability remains low *until* it happens to you. Probability theory says we can never entirely remove the risk, only reduce it. Locking the doors reduces it that much more. Same with network security.

Report this comment

Lots of nice theory here,

Submitted by Anonymous on May 16, 2006 - 8:51 P.M.

Lots of nice theory here, but the reality is that I've had my WAP open for years (I like to call it a community service). My laptop has never been hacked. I've been attacked. Until I started using NATing, my personal firewall would catch several scans/pings per day (but I'm not certain if those are coming from the wireless network or from the ISPs network). Since NATing, I rarely see anything.

My biggest problem doesn't come from the outside, it comes from the inside (like most major corporations). I'll log my teenage cousin or some computer-barely-literate friend on to my laptop and they download the latest spyware/virus from their Hotmail account. Of course, I'm protected and the malware gets caught, but still....

Report this comment

My parents leave their house

Submitted by Anonymous on May 17, 2006 - 9:20 A.M.

My parents leave their house unlocked all the time - for years - and no one has robbed them. All of the damage to their house has come from them and the people they've had over too. So what?! That's not even the beginning of an argument against locking your doors....

Report this comment

I think Ramel's original

Submitted by Anonymous on May 16, 2006 - 12:40 P.M.

I think Ramel's original post raises a good point about how we react to computer security and vulnerability problems in general. Vendors often play on our fears needlessly, but we'd all be fools to ignore what is needed and every network or workplace or home situation is different. And many home users really don't load a lot of sensitive data just because they can't assess how vulnerable they really are. And keeping up with home computer security can be really time consuming. It's not directly related, but IT managers who are being assigned the task of preparing for increased telecommuting with a possible bird flu pandemic are saying they don't want to be seen as chicken little, while they also see the need for more home-based vpns, etc. you might say that the ultimate question constantly facing IT guys and computing technologies is how deeply to pursue any technology.

Report this comment

In the example of installing

Submitted by Anonymous on May 16, 2006 - 11:12 A.M.

In the example of installing an access point in a corporate conference room on the corporate network, I'd be very concerned with someone accessing internal servers. Who cares about surfing the net, but what if the conference room network has special access rights to ERP and other internal mission critical servers? OK, maybe there are other layers of security in place (security as an onion) but why eliminate one layer? And will your internal IDS/IPS help if you've just handed the keys to your internal network to a war driver?

I think the key is that you're opening one door that may lead to a series of other open doors. That is why blocking access at the edge is preferable in case one of those other doors (file shares, etc.) is left open.

Report this comment

Here's a concrete example of

Submitted by Martin McKeay on May 15, 2006 - 4:55 P.M.

Here's a concrete example of how wireless was used to compromise Lowes Hardware a couple of years ago. http://www.securityfocus.com/news/10138

This is still happening. Just because you don't see it in the news on a daily basis doesn't mean it's not happening. Your post was obviously meant create some contriversy, not to be a serious example of good reporting.

Martin McKeay
martin_cw@mckeay.net
http://www.mckeay.net/secure/
Voicemail: 916.231.9479

Report this comment

Let me take a moment to

Submitted by Anonymous on May 15, 2006 - 3:37 P.M.

Let me take a moment to revel in the ignorance. Please, open up your home network. Let me drive by, or if you're on a hill, let me point a nice yagi at your window from a half mile away. Let me zombify your home box. Let me lift your license keys for your software. Let me snag your acount numbers from Quicken. Your identity and property data from turbotax will fetch enough coin to make it worth my time. Let me pound gigs of expensive pirate software up to Usenet from your fixed IP, and drag gigs of illegal bondage, snuff, and child porn films back down. Let me install a darknet client on your box and make you into another 10GB stop on the unseen parts of the info highway until you re-install Windows to get rid of the slowdown. Just because you're not the target of a major heist doesn't mean you won't get mugged in a way that makes you out to be a perp.

Report this comment

Wi-Fi security: It's a good time to be a bad guy

How reliable is YOUR wireless network?

What your mother never told you about VPNs

Wi-Fi encryption "cracked in 60 seconds"... time to panic?

LIVE Nov 10, 2009 12:00 PM ET

Architecting Business Intelligence Applications for Change: The Open Solution

LIVE Nov 12, 2009 02:00 PM ET

Forrester Consulting - Optimizing Users and Applications in a Mobile World
Learn how to successfully deploy a WAN optimization solution that is specifically tuned for a mobile environment!

Managing Laptops Outside the Office
Learn how you can reduce costs by tracking mobile computers no matter where they are located.

WAN Application Delivery for Executives
Learn how to simplify server and application administration without creating performance problems for distributed users.

4G Ahead Video Program
Uncover the features and benefits of the two leading 4G technologies for enterprises considering future deployment.

Applying Remote Support Technology for Maximum Impact
Download Now!

Complimentary Webcast: Taking a Strategic Approach to Enterprise Mobility
Download This Webcast Today!

All White Papers | All Webcasts

Computerworld Reports

RIM/Lotus Collaboration and Mobility: More than Business Value

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

All Computerworld Reports

Receive the latest technology news and information.

	Computerworld Daily News (First Look and Wrap-Up)
	Computerworld Blogs Newsletter
	The Weekly Top 10

View all newsletters

* E-mail Address:

* Industry:

* Job Title:

* Company Size:

* Country:

* State:

I would like to receive offers via e-mail from Computerworld partners.

David Ramel's Archive

IT Topics

Sponsored Links

Play NetApp's New Data Defense Game.

How Do You Rank as an Innovation Leader? Download Recent Study.

Play NetApp's New Data Defense Game.

Extraordinary times demand Brocade Extraordinary Networks.

No Payments for Up to 6 Months on Orders over $500.

NetScaler VPX : Harness the Power of Virtualized Web App Delivery

64-page prescriptive guide to security, compliance, and IT operations.

Streamline IT Costs. Boost Performance with WAN Optimization

Enterprise Network & Server Monitoring Software. Cross over to Traverse...

Keep your IT expertise up to date. Join the Intel Premier IT Professionals.

Crystal Reports Server: More options. Not more money.

Parallelism is not just for HPC. Create rich apps from desktop to device. Get the eval.

Tolly Performance Report "Citrix NetScaler with nCore Outperforms F5 BIG-IP"

Save up to 61% plus Free Cheesecake

Find IT jobs in the Healthcare industry on Dice.com

With the NEW KODAK i700 Series Scanners get full speed at 300dpi!

Not All QSAs Are Created Equal: What You Should Know Before You Buy

The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability

The AMD Virtual Experience Virtual Trade Show

New DW Options and Price Points. View Teradata Platform Family Data Sheet.

See how AT&T can help protect your network.

3 Innovations. 3 Free Downloads. Free trials of Windows 7, Windows Server 2008 R2 and Exchange Server 2010.

Take the Netezza TwinFin TestDrive!

Citrix NetScaler with nCore Outperforms F5 BIG-IP - Learn More

New Analytical Platform Options. Download Data Sheet and More.

Get more enterprise mobility value for up to 25% less.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.

NYUs M.S. in Management and Systems. Offered Online and On-site.

Increase UPS efficiency without sacrificing protection

Crystal Reports Server: Single server access to reports & dashboards

Create new opportunities. See business making progress now

ESET NOD32 with ThreatSense(R) - Get your free trial now!

Looking to add Unix/Linux functionality to Windows?

Join the conversation about the hottest IT trends with Computerworld on Twitter.

ITwhitepapers.com - Access thousands of white papers on 300+ technical topics.

Leverage Your Cisco infrastructure for Superior Application Performance

Learn about the AMD Virtual Experience

Introducing: Project Icebreaker

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map

CIO

Computerworld

CSO

DEMO

GamePro

Games.net

IDC

IDG

IDG Connect

IDG Knowledge Hub

IDG TechNetwork

IDG Ventures

IDG.net

InfoWorld

ITwhitepapers

ITworld

JavaWorld

LinuxWorld

Macworld

Network World

PC World

The Industry Standard

Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.

What wireless security problem?

What People Are Saying

I've needed internet access

After my original post on

Top things most likely to be

I like what the last

Lots of nice theory here,

My parents leave their house

I think Ramel's original

In the example of installing

Here's a concrete example of

Let me take a moment to

Related Posts

Today's Top Stories

Hot Posts

Recent Comments

White Papers & Webcasts

Computerworld Reports

Newsletters

David Ramel's Archive

IT Topics

Sponsored Links