Risks of an Unsecure Network

 

The risks of having an unsecure wireless network connection are many.  Unknown individuals can use your wireless network to access the Internet for the purposes of sending spam emails, sending harassing or threatening emails, cyber-stalking, illegally downloading movies and music, or even downloading child pornography.

 

Such activities can be traced back to YOU via the unique IP, or Internet Protocol, address assigned by your Internet Service Provider.  This address, like your physical address, is unique in the world and everything you do online has this address attached to it.  The problem is that all computers that access the Internet from your personal network will share this address.  If law enforcement, or the RIAA (Recording Industry Association of America), or the MPAA (Motion Picture Association of America) track illegal activity back to your IP address, it will be you who has to answer charges in civil and/or criminal court.  The real perpetrator will be long gone; and finding them, or even finding out who they were, will be all but impossible.

Another risk of an unsecure network is that anyone using your network becomes a peer to every other computer on your network.  A significant amount of computer security is directed at keep intruders from hacking into your computer from the Internet.  However, many computers are also setup to share files with each other if they are on the same network.  The assumption is made that any computer on your LAN, or Local Area Network, is trusted.  Even if you have private files that are not setup to be shared within your local network, the intruder already has a foot in the door, and can often exploit this to force even greater access to your private data.

 

Let us now take a look at the common wireless security measures, and the pros and cons of each.

 

 

MAC Address Filtering

Every network device has a unique identification code that is literally burned into the hardware; it is known as the MAC (Media Access Control) address.  It doesn't matter whether it is an internal network card, a USB network adapter, a cable modem, a router, a Playstation 3, an Xbox 360… every network device has one.  It appears as series of 6, two-digit letters or numbers separated by dashes or colons, and looks something like this: 00:22:E5:C0:3C:D0.

 

Most wireless routers allow you to collect a list of authorized MAC addresses, and to deny a connection to any device that isn’t on its list.  On the surface, this seems like a great form of security since, as mentioned above, every device has one and it is unique.  Unfortunately, just because an intruder’s network card has an address that isn’t on your router’s list, doesn’t mean it can’t be made to lie!

 

As with SSID broadcast disabling, the problem with MAC address filtering as a form of security is that the address is broadcast, by your authorized wireless device, in the clear (meaning it is not encrypted or secured in any way).  All a would-be intruder needs to do is monitor the broadcast traffic for a brief period of time until the MAC address is transmitted (which happens frequently).  They can then set their computer to use your MAC address instead of their own.  Your router, seeing a MAC address that is on its approved list, will then gladly allow the intruder access to your network.

 

MAC address filtering, therefore, is good if it is used to augment WPA2 encryption.  However, by itself, it is completely inadequate for securing your network.

 

 

SSID Broadcasting Disabling

Quite simply, this is weakest form of wireless security there is.  Every wireless AP or Access Point, sends out a signal, like a beacon, that announces its presence and identifies itself by either a default name, or by the one you have assigned.  You have the option to disable the broadcasting of the router’s name, or SSID (Service Set IDentifier).  Of course, your router still announces its presence, just not its name.  And without the name, a person can’t connect.  However, when someone is legitimately connected, the name of the router is routinely transmitted to the wireless user.  These transmissions are neither encrypted, nor restricted to just the router and the user (i.e. they are transmitted in the clear).  A would-be intruder can monitor the communications between router and user, and very quickly determine the SSID, thus allowing the person to gain access to your router.

 

Think of it like having a building with a hidden entrance.  That entrance is the only way in and out of the building.  The fact that it’s hidden is all well and good, except that someone sitting in a car out in the street need only wait for someone to go inside to discover the location of the hidden entrance.  This is an example of security by obscurity.  Unfortunately, this sort of security is never as good as we would like, and is usually bad in that it lulls people into a false sense of security.

 

The bottom line is that, having the SSID broadcasting disabled is good when used in tandem with WPA2 encryption.  But by itself, it is almost useless as a security measure.

 

 

WEP Security

WEP or Wired Equivalent Privacy is an encryption algorithm designed to secure wireless networks from unauthorized use.  It is the most widely used method of wireless security; which is unfortunate, because it has been known to have numerous fatal weaknesses.  Encryption algorithms protect your network by requiring some form of authentication, such as knowing a password.  Once connected, your router communicates using a secret code.  Anyone attempting to observe the data traffic would see what looks like gibberish.  However, the WEP protocol has significant flaws which were first identified back in 2001. These flaws allow an observer to basically watch the network traffic for a while, and then use a readily available program to analyze the traffic in order to break the code.  In fact, these publically available cracking tools work so well, that in 2005 a group from the FBI’s cybercrime unit gave a demonstration where they broke into a WEP protected network in 3 minutes!  And that was four years ago.  Suffice it to say, WEP is completely inadequate to the task of protecting your wireless network.

 

 

WPA/WPA2 Security

WPA or Wi-Fi Protected Access is the most comprehensive, non-proprietary, implementation of the wireless network security standards detailed in IEEE 802.11i (the standards for wireless network security established by the Institute of Electrical and Electronics Engineers)

 

Among other things, it implements a much stronger encryption algorithm and a more secure and robust procedure for handshaking and key exchange (the process where a wireless device contacts the access point and requests network access). While not invincible, the use of WPA2 to secure a wireless network creates a significant enough road-block that it would be ill-conceived for an adversary to invest the time and effort to even attempt to penetrate the network; especially considering the number of weakly-secured, and even unsecured, wireless networks that are in operation.

 

E-mail: john@sentinelcomputers.com