ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > Resources > Articles > Features

Compliance Toolkit

Hackers use Wi-Fi invisibility cloak

Michael Sutton ZDNet US

Published: 25 Jul 2002 12:02 BST

Out of the box, Wi-Fi hardware is designed for ease of use and not security. Basic Wi-Fi implementations include some security controls, and while far from perfect, they do provide a deterrent to hackers. However, unless the security controls are turned on, they're about as useless as a screen door on a submarine.

Wi-Fi also completely changes the concept of physical security. In a wireless world, security guards and surveillance cameras count for very little.

Consider the following scenario:

You're a network administrator at a midsized company moving into a new office who needs to establish network access quickly on a minimal budget. After procuring the necessary hardware, you set up a wireless access point for a Wi-Fi network. It works like a charm and employees can now access company resources while working outside in the courtyard.

Security has never been a problem for the company, but a week later the FBI shows up investigating a hacking attempt at a defense contractor 3,000 miles away. After conducting an extensive forensic investigation, the bureau is convinced the attack originated from your network.

Here was the weak link: The network administrator mistakenly assumed that the physical security controls put in place to protect the wired LAN would also do for the Wi-Fi network. Bad assumption. If employees can access these resources from outside the building, the chances are that hackers can too.

When conducting an attack, hackers employ various methods to cover their tracks. Another approach is to hide behind the use of someone else's network. Attackers don't need to be subtle or care whether the attack gets traced back to its source because the source isn't theirs.

During a recent 15-minute cab ride in Manhattan, 77 of the 106 Wi-Fi networks I found used no encryption. If attackers use a Wi-Fi network as a launching pad, there's very little chance that they'll be caught. As with traditional attacks, log files will lead authorities back to the source network. Once they arrive, the hacker will be long gone.

It's a corporate nightmare scenario: All signs point to your network as the source even though you have no knowledge of any wrongdoing. Even if an outside perpetrator is suspected, the network owner may not be able to escape liability. After all, he or she still provided the resources used by the attacker.

1 2

Did you find this article useful?
22 out of 37 people found this useful

More In Compliance

Loading Video Player ....

Featured Talkback

There will be further activation issues to watch out for as Microsoft plans to offer a similar service to independent software vendors whereby they can "control" licensing through activation and other measures similar to the Software Protection Platform.