Wireless Uses and Security

                The wireless network first came about with little or no thought given to security. It was first an add-on card for desktop computers and a PCMCIA card for old Laptop Expansion ports. With data speeds limited to 11 Mbps and a shared connection mechanism it was only useful for web browsing low-bandwidth sites and limited numbers of computers on a single Wireless Access Point (WAP), usually around 20 or fewer devices. This original wireless was called 802.11b (802.11a was reserved for long distance wireless connections between networks.) and was mildly useful in business and school environments. It had a myriad of problems most stemming from it’s lackluster security available, called WEP (Wireless Encryption Protection) (Brown). This system used many bad systems for security including limiting the number of “Keys” to 4 and broadcasting these keys with EVERY packet, thereby making it fairly easy to intercept and decrypt the needed key. With the advent of wireless devices came a host of possible uses that started being filled in the industry, scanning library books with a hand-held unit and having a WiFi link to the central computer to record the transactions, as well as Point of Sale terminals for small stores, portable internet access on laptops for mobile users, (coffee shops and stores being the first to offer WiFi). As well as a host of hotels that are now offering the WiFi services. It seemed that the future of easy access to the internet was within our reach at last.

With these great possibilities came a host of attempts to bypass security. The WEP encryption scheme was broken fairly quickly and now anyone can download a small program to do it automatically without even knowing anything about hacking or network engineering. (Berghel and Uecker) These early systems came with VERY limited ranges to contact the base stations. The WAP’s had more powerful transmitters and longer antennas than the early add-in cards and were able to send further. Thus your laptop would connect to a WAP but you could not get it to send any data….in other words your laptop transmitter didn’t have the power to reach the WAP full-time, so the Manufacturers claims of “150” ft range were grossly exaggerated. There were many intervening device technologies sold over the years, 802.11g, n and ac being the current. Often devices were sold before the standards were fully adopted so if you had a Pre-adoption 802.11n access point it might not connect at full speed to a Post adoption 802.11n laptop. The manufacturers also came out with their own versions of the standard to increase sales…Like the 802.11g + or turbo offered by some claiming up to 108Mbps but failing to mention that you only got that speed if all your devices were their brand.

With the problems plaguing the industry there came solutions to solve them. Security has been a main problem since the earliest days of the Wi-Fi initiative. (Berghel and Uecker)The current solution for home users is to use WPA-2. There are more secure solutions, but they usually involve using a RADIUS server, not something available to a so-ho (small office home office) user. As solutions come out there are also new attacks and hijacks, like Fire sheep sidejacking. (Garcia) These all combine to make it a difficult if not impossible task to completely secure your computer and network, but that does not mean that you should not devote the little time and energy it takes. The threats are real, like the common threat of piggybacking, documented here (Schaefer), where an unsuspecting family has a child pornographer piggybacking on their home network. These tactics are employed often by people who want to do illegal or immoral activities, or just don’t want anything traced back to them. The will drive around residential neighborhoods (war driving) scanning for open WAPs or ones with simple WEP security enabled. Either can be broken easily. Even the better WPA version 1 is not very secure if you have a short access key.

Even with the best security available you cannot keep all hackers out of your networks, but you don’t have to. To defeat these hackers it is not necessary to install RADIUS servers and Triple-sec security. It is only necessary to make it not worth their time. With a short sessions with the software and hardware as you install it and following the directions you can easily set up a home security that will keep script kiddies (people who download programs to hack your network with no knowledge of how they work) and any but the best hackers from your networks. These procedures involve using WPA-2 with the Maximum key length that your software allows, usually 63. Occasionally check your router at home for the devices entries list that access your network. It is not unusual to see 15 or 20 devices that access your WiFi list, after all I have 12 devices that daily use mine (and 10 others that come and go, friends laptops and cells, etc.) For even better network security you can set your access point to only talk to devices you specifically tell it to by enabling the MAC (Media Access Control) Address Filtering and entering the list of MAC address of the devices in your network. While this too can be hacked it takes far more knowledge and time. Too much wasted time and they will go to easier targets, there are always open WAP’s.

As we move forward the future holds unlimited possibilities and dangers, in 2008 there were estimated to be 53 million wi-fi devices in Europe alone. (Anslow). Even the claims of dangers from the radiation broadcast from the devices, (Anslow) has not seemed to slow their explosive growth across the globe, just look at the smart phone industry around the world. The US FCC has even gotten into the debate and argument with their plan to create a super WiFi network across the nation, one that would reach consumers everywhere and allow them to make cell calls on VOIP phones and use the internet for free. (Kang) This idea has enraged cell phone carriers who are lobbying to keep their 178 Billion Dollar business to themselves while Google and Microsoft and other tech giants think that it would create an explosion of new devices that would help everyone, especially the poor. And how would we secure this new boom of devices? Well If Intel has it’s way, we’ll wave at them to log on. (Randewich)

Bibliography

Anslow, Mark. “The Gathering Brainstorm.” Ecologist Jan 2008: 43-48.

Berghel, Hal and Jacob Uecker. “WiFi Attack Vectors.” Communications of the ACM (2005): 21-28.

Brown, Karen. “WiFi Network Security Gains notice, Upgrade.” Multichannel News (2002): 137-138.

Garcia, Andrew. “Fighting sidejacking.” eweek (2010): 38.

Kang, Cecilia. “FCC Plan Envisions WiFi for the Masses.” Washington Post 4 Feb 2013: A.6.

Randewich, Noel. “With the wave of a hand, Intel wants to do away with passwords.” Reuters 13 09 2012.

Schaefer, Mari A. “Wireless Signals Draw ‘Piggybackers’.” Philadelphia Inquirer 7 Feb 2008: n.p.