Security /

Less wires, more connections

By Mark Gibbs
Network World, 10/29/01

Where did we leave it last week? Oh yes, driving around town snooping for 802.11b wireless Ethernet networks. We discovered 12 unencrypted networks, and we suspect that most were left open by accident rather than by intention.

Wireless networks are often left unsecured because people simply don't understand what they're doing. The default setup for the majority of wireless network products doesn't include security. This means outsiders can connect simply by bringing their wireless-enabled PC within range and, if the networks are using Dynamic Host Configuration Protocol, refreshing the dynamic IP lease (see column).

If the networks aren't using DHCP, with knowledge you gain using Netstumbler (see column), you can try the default addresses offered by the vendor of the discovered 802.11b network access point, or try scanning likely IP address ranges. Finally, you can "sniff" passing wireless data with a protocol analyzer to find out what address ranges are being used (we'll discuss this next week).

So are improperly secured wireless networks a problem? According to Gartner, by the end of next year 30% of companies will "suffer serious security exposures from deploying WLANS without implementing the proper security."

Yep, we can believe that. Particularly as wireless LAN cards are plummeting in price (they are less than $100 now) letting corporate users easily install unsecured WLANs at their houses that expose everything on their work PCs when they are home! Or even more dangerously, they bring their wireless-enabled PCs into their offices and plug into the corporate net.

This is where wandering around with a copy of Netstumbler regularly, say, once per week, might just let you plug a gaping wireless hole in your corporate network. You should also consider updating your acceptable use policy to highlight and define the issues of wireless networking. Even consider running briefing sessions for the staff so they can't say, "Gee, I didn't know . . ." after they make your sales plan and corporate budgets available to the competition simply by parking outside your offices for 10 minutes.

But while many wireless networks may get left open by accident and negligence, there is an important social trend emerging: public access wireless networks. These are networks that are intentionally left open and unencrypted as either a for-fee or for-free public service.

For-fee wireless nets are now in many hotels and other public places, including many Starbucks locations, particularly in the Northwest (See list ).

Leading vendors in this market are Mobilestar (which supplies the Starbucks connections) and Wayport. Pricing for unlimited use of Mobilestar connections is $59.95 per month, while Wayport charges $49.95 per month for unlimited access. Unfortunately, Mobilestar has hit a financial iceberg and looks to be sinking.

On the other hand, Wayport seems to be doing well. We tried a Wayport connection at the Four Seasons Resort in Santa Barbara, Calif. and were very impressed. When you first connect to the Wayport network, any URL you request returns a default page letting you log on.

Once authenticated, the Wayport system assigns you an IP address and lets you browse the Web, get and send e-mail, and use, as far as we could determine, pretty much any IP protocol. Very slick.

But as we noted earlier, there are many networks that are not only open but also provide completely free access. That's right, completely free! Why? Because they want to. Just as people put up free dial-up bulletin board systems in the late '80s and early '90s, so gearheads everywhere are now providing free 'Net access for passersby.

Groups encouraging and sponsoring the free wireless nets are springing up all over. There's NYCwireless in New York, Bay Area Wireless User Group, Seattle Wireless, Consume the Net in the U.K. . . . the list is getting pretty long. See Personal Telco for lots of links and news on what we believe will be a huge trend.

A word of caution: If you use one of these public networks makes you disable all of your Windows shares and run something like Zonealarm (see www.nwfusion.com, DocFinder: 6668). If you can see the network, the network can see you, and you wouldn't want just anyone messing around with your files.

Next week, diagnostics and antennas . . . connect for free at gearhead@gibbs.com.