WiFi Security for Small Businesses

Good Tool for Secure Access at WiFi Hotspots

noreply@blogger.com (wifi security blogger) — Mon, 14 Dec 2009 02:22:00 +0000

Even if you secure your own WiFi Network, you can still face the challenge of getting a secure network connection on a public WiFi network (WiFi hotspot). Because it's so easy to capture an e-mail username and password on an unsecured WiFi network (look over the shoulder of a wireless hacker, you should never connect to a public WiFi network without a secure connection One way to effectively deal with this is to make sure that your e-mail connection uses an SSL connection. Many e-mail providers will provide you the SSL connection ports if you poke & prod them enough for the information. Another alternative is to use a personal VPN like that available from WiTopia. The personalVPN works in the background to seamlessly secure your sent and received data via an encrypted tunnel to WiTopia's Internet gateways. Works with any and all applications including email, instant messaging, and web surfing.

WiFi Security is Essential for Small Business Networks

noreply@blogger.com (wifi security blogger) — Wed, 25 Nov 2009 17:26:00 +0000

Over 60% of the wireless networks used by small and mid-sized businesses are unsecure, leaving the door wide open to hackers to steal personal identity and confidential corporate information, access computer networks, and launch attacks from the business networks. Many businesses do not understand how vulnerable they are to attack over their WiFi networks.

WiFi Security is essential - using WPA or WPA2 technology. Set it up and use it. There are a number of small business WiFi Security Servers out there (based on RADIUS technology) that can hide many or most of the technical details. Don't let hackers pull your passwords, business and personal information off your wireless networks.

6 Common Fallacies of Wireless Network Security

noreply@blogger.com (wifi security blogger) — Wed, 07 Oct 2009 18:15:00 +0000

No one wants to get into my WiFi network, and if they get a free ride on the internet who cares? Unfortunately, we live in a world where crimes and vandalism is common place, even more so when the crime can go undetected. Many hackers or disgruntled employees are merely looking to compromise someone's systems whether or not there are huge payoffs – these vandals break in simply because they can. Through your open WiFi network, and intentional hacker can destroy the network and every PC on the network. Imagine the cost to your organization if a hacker launches a virus directly into your network or re-initializes the hard drives on every PC they could access.

I don't have any important information that anyone would want to access. Many people believe that their electronic information is not at risk or of little value to anyone who sees it. This is dangerous thinking. With simple sniffing software, (look over the shoulder of a Wi-Fi hacker) every packet of data you send or receive over the WiFi network can be read and stored to disk. Most users don't realize that when they access their e-mail from a POP3 account over WiFi, their e-mail account user name and password are readable over the air. Imagine the access to personal and confidential information a hacker can have after capturing your e-mail password and having unrestricted access to your e-mail account for months on end without being detected.

There's no one within 300 feet of my building, and WiFi can’t reach beyond that point. Many users falsely believe that they are secure because none of their neighbors are within 300 feet of their home or office. In fact, with a $100 directional antenna hackers can access your WiFi network traffic and PC data from as far as a mile away, making it very difficult to pinpoint the hacker at all. Another common WiFi hacker trick is to leave an unmonitored PC in their car, hotel room, or other temporary location. The PC can be connected to aantenna pointing at your office or home and collects gigabytes of network traffic for off-line analysis after the PC is retrieved. It is nearly impossible to detect a hacker listening to your WiFi network.

If I put in a WiFi network, no one else will find it. War driving is the practice of finding & logging WiFi networks. With a high powered antenna, GPS, and a laptop, war drivers can detect and plot your WiFi network on a global grid. These war drivers then file the location of your network into a permanent database on the web. Once an unsecured WiFi network is found by these war drivers, anyone can pinpoint the exact location of your WiFi network (complete with road maps) on the internet. Go to www.wigle.net to see if your WiFi network is already one of the 9,300,000 Wi-Fi networks that have been logged already.

MAC address filtering can do the job. MAC address filtering is dangerous because it provides a false sense of security to the unsuspecting. Many WiFi access points and routers allow MAC address filtering – a low level check on the MAC address or identifier of your WiFi interface – to determine if a particular PC should be allowed access on the WiFi network. There are 2 significant problems with MAC address filtering. First, it doesn’t prevent passive attacks. A hacker can still capture and listen to your WiFi network traffic without ever being seen. And second, if hackers want access to your network, they need only listen for a valid MAC address, and change the MAC address on their PC to match a valid address. This can be done in less than a minute.

WEP Security is good enough. WEP (Wired Equivalent Privacy) uses common 60 or 108 bit key shared among all of the devices on the network to encrypt the WiFi data. Unfortunately, WEP is a very weak form of security. Hackers can access tools freely available on the internet like WEPcrack, Aircrack, and Airsnort that can crack a WEP key in as little as 15 minutes. Once the WEP key is cracked, the WiFi network traffic instantly turns into clear text – making it easy for the hacker to treat the WiFi network like any open network.

4 Free WiFi Software Downloads To Take Advantage Of Wireless Networks

noreply@blogger.com (wifi security blogger) — Fri, 21 Aug 2009 17:02:00 +0000

This article covers 4 free WiFi software downloads that will help you better exploit any Wi-Fi network you may come across, whether it’s at home or connected to a Wi-Fi hotspot anywhere in the world. (Of course, LucidLink is the first free tool they mention).

Michigan Data Center Web Sites

noreply@blogger.com (wifi security blogger) — Sun, 05 Apr 2009 02:56:00 +0000

Security is a key aspect for data centers - both physical and network security. Here are a couple of data centers in Michigan worth paying attention to: - Gentech Michigan Colocation - Online Tech Dedicated Server and Server Hosting - Michigan Data Centers And some Blog relating to Data Centers & Colocation: - Michigan Colocation - Dedicated Server Hosting - SearchDataCenter

Web Sites for Colocation, Dedicated Server Hosting & Data Centers

noreply@blogger.com (wifi security blogger) — Sun, 25 Jan 2009 02:32:00 +0000

On the heals of a spectacular year for Online Tech, they decided to invest in a new look and feel. Their new website explains colocation, dedicated server hosting and managed data center service offerings, and does very good job of presenting the IT disaster recovery options.

They also have a brand new datacenter blog. Their latest posting is an optimistic viewpoint on datacenter business in Michigan.

The company also has a new logo and new company name. Online Tech now replaces “Online Technologies Corporation” which better reflects who they are and what we do as a managed data center operator.

So, with that said – Congratulations to our data center partner Online Tech! The same team with the same focus on providing the best colocation, dedicated server hosting and Midwest data center solutions.

Beyond Network Security, Consider Disaster Recovery

noreply@blogger.com (wifi security blogger) — Mon, 13 Oct 2008 12:58:00 +0000

Learn How to Keep IT Running When a Disaster Strikes

Disaster recovery has become a hot topic in the IT world. A University of Texas study found that 43% of companies experiencing a catastrophic data loss never recover and over half of them go out of business within two years. The Disaster Recovery seminar will cover key issues for companies to consider when they design their DR strategy.

Online Tech, a managed data center operator, announces a free educational seminar on disaster recovery and electronic backup for CIOs and IT Managers. Online Tech has partnered with UHY Advisors, Coretek Services, and Capricorn Diversified Systems, Inc. to deliver the seminar. The seminar will run from 10AM to 1PM on October 16^th, 2008 and will include lunch.

Online Tech is the leading Michigan Data Center operator. They help companies manage their growing demand for data and computing capacity through our highly secure and reliable data centers across Michigan.

With a full range of colocation, dedicated server hosting and managed data center service options, industry leaders trust Online Tech to ensure their servers are always on, always online, and always safe.

More on the seminar can be found at this Michigan Colocation site.

Automatic protections don't make you safer online

noreply@blogger.com (wifi security blogger) — Fri, 01 Feb 2008 17:18:00 +0000

Automatic protections don't make you safer online, MSU researchers say: Threats to online privacy and security continue to plague Internet users, and the protections from Internet providers are only part of the answer, according to a national survey conducted by Michigan State University researchers. Professors Robert LaRose, Department of Telecommunication, Information Studies and Media, and Nora Rifon, Department of Advertising, Public Relations and Retailing, are co-directors of the survey sponsored by the National Science Foundation. Spam is the biggest problem, report 66 percent of Internet users, followed by spyware, cited by 42 percent; computer viruses, cited by 35 percent, and fraudulent e-mail or phishing attempts, reported by 34 percent. Nineteen out of 20 users have spam and virus protection. But 15 percent of the respondents have no protection against spyware, 28 percent have no defenses against phishing, and similar numbers are unaware of spyware or phishing defenses. Three-fifths of those surveyed use at least one of the default protections from their Internet provider, and a similar number update protections automatically.

However, those who use Internet service provider protections or automatic updates feel no safer than those who do not. "Those who set up their own protections regarding Web site verification receive less spam than those who rely on the Internet provider's protection and far less than those who don't have spam protection at all. It pays to do it yourself to avoid a false sense of security," LaRose said. "People who manually activate a scan of their system to look for updates and problems rather than letting the program automatically scan receive far fewer phishing e-mails and experience far fewer problems with spyware." While 87 percent of the respondents feel personally responsible for online safety to some degree, 66 percent are sometimes overwhelmed by the complexity of protecting themselves, and only about one in 10 users is confident that he or she can stay safe online. Only 40 percent of Internet users agree that online safety should be their sole responsibility, 74 percent assign responsibility to Internet providers, 75 percent to software companies and 47 percent to the government. And, many users still endanger themselves online by opening unexpected e-mail attachments (24 percent), clicking inside pop-ups (27 percent), clicking on links in e-mails (64 percent), failing to read the "fine print" before downloading files (72 percent) or registering at a Web site (58 percent). Fifteen percent of the respondents post personal information or pictures of themselves on sites that could be accessible to strangers. "Clearly there is a need for continuing user education. Online safety should be a required part of every computer literacy course," Rifon said. The survey was completed by 557 home Internet users contacted by phone in November and December of 2006. The survey has a margin of error of plus or minus 4 percent. The fieldwork was completed by Schulman, Ronca, and Bucuvalas Inc. of Silver Spring, Md. Additional results can be found online at www.msu.edu/~isafety.

Wi-Fi Users, Beware: Hot Spots Are Weak Spots

noreply@blogger.com (wifi security blogger) — Thu, 17 Jan 2008 02:12:00 +0000

From Wall Street Journal

Next time you are sitting in a hotel lobby checking email on your laptop, be careful: The "businessman" in the next lounge chair may be tracking your every move.

Many Wi-Fi users don't know that hackers posted at hot spots can steal personal information out of the air relatively easily. And savvy criminal hackers aren't settling for just access to credit cards, bank accounts and other personal financial information; they love to sneak into your company's network, too.

Whether you're using a Wi-Fi hot spot at a hotel, airport or cafe, "you've got to assume that anything you are doing is being monitored," says Shawn Henry, deputy assistant director of the Federal Bureau of Investigation's cybercrimes division.

Home Wi-Fi networks are vulnerable, too, but it is far more fruitful for a hacker to pitch his tent in a busy hotel lobby or convention-center lounge where he can collect data from dozens of users. And Wi-Fi hot spots have proliferated, multiplying the potential targets for hackers. There were 66,921 hot spots in the U.S. last year, up 56% from 2006, according to advertising firm JiWire Inc. T-Mobile USA Inc. has 8,700 hot spots across the nation in such places as Starbucks and Borders Books & Music. AT&T Inc. has 10,000 hot spots in places like McDonald's, Barnes & Noble and Coffee Bean & Tea Leaf.

Mr. Henry says businesses that offer Wi-Fi, like hotels, often don't know that their networks have been breached and many times don't report incidents they know about for fear of bad publicity. Users are frequently unaware they have been hacked. As a result, there aren't solid figures on the number of wireless-hacking incidents. But the FBI for several years has received reports from educational institutions, private security companies and other federal and local law-enforcement agencies about such attacks.

While the chances any one person will be hacked aren't high, the payoff for criminals can be great, says Tom Brennan, a manager for AccessIT Group, which assesses companies' security vulnerabilities.

In early 2006, when he was working for a different firm, Mr. Brennan helped a financial institution determine how its data network had been breached. An employee working on a laptop in Midtown Manhattan's Bryant Park used what he thought was a publicly available Wi-Fi signal to get Internet access. In fact, the signal he used had been set up by a hacker. When the employee reached his company's network, the hacker nabbed the employee's corporate user name and password.

Prosecutions involving wireless hacking have been few, though there have been some high-profile cases. In September, Max Butler, known on the Internet as "Iceman," was indicted on charges of wire fraud and identity theft. Mr. Butler allegedly went "war driving" -- searching for unprotected Wi-Fi networks -- and stole user names and passwords that gave him access to several banks' networks, according to the U.S. Department of Justice. Mr. Butler hasn't entered a plea yet, and his lawyer declined to comment.

Doppelgängers

Hackers have an assortment of tools in their bags to filch your personal information.

Two popular methods are the "evil twin" and "man in the middle." Using either one, the hacker can monitor and record everything you do on the Web, including the input of credit-card numbers, user names and passwords. The hackers often sit or leave their equipment near other users but also can set up shop, say, out at the curb in a van.

A hacker might be able to completely take over the laptop, says Rick Farina, an engineer with AirTight Networks Inc., a wireless-security firm. The hacker can mine for vulnerabilities on your machine and search for user names and passwords. With access to your corporate user name and password, the hacker might be able to access your company's network to steal sensitive data.

The Bryant Park incident was an evil-twin attack; the hacker offered a wireless network posing as a legitimate signal. Once you're connected to the bogus network, everything you do on the Internet can be tracked.

In an evil-twin attack, the hacker might also direct users to a sham Web site, for example, one made to look like T-Mobile's. At that point, you're told to input credit-card information to purchase Wi-Fi access.

A man-in-the-middle attack is similar in that the hacker sets up a deceptive Wi-Fi signal. But once you connect to that, the hacker funnels you to the legitimate wireless network.

All of this happens behind the scenes undetected by the user. As a hacker, "the fact that you have come to me is 'Game over,' in most cases," says Amit Sinha, chief technology officer at AirDefense Inc, a Wi-Fi-security firm.

Some of the big Wi-Fi providers offer software that users can employ to protect themselves. T-Mobile offers a free download called HotSpot Connection Manager, which confirms that the user has connected to a genuine T-Mobile hot spot and not an evil twin. This extra layer of protection isn't mandatory to use T-Mobile's networks, and the company doesn't offer the software for Macs. Even with the added security, the company warns on its Web site, hot spots "may be subject to unauthorized interception and are not inherently secure."

Encryption Software

AT&T also offers a free download, called Connection Software, which offers authentication and encryption. It also has a feature that will automatically launch a virtual private network, or VPN, which is an encrypted means of sending data over the Internet that protects the data from interception. Many companies require use of a VPN for connection to the company network from a laptop. AT&T doesn't offer Connection Software for Macs.

Even with additional security, users shouldn't pass sensitive information over the Web at public hot spots. "It's the same thing as talking on a phone on a crowded bus, you probably don't want to give out your Social Security number," says Dennis Whiteside, vice president for broadband consumer marketing at AT&T.

Protecting Yourself

Stay current. Make sure your laptop is up to date. Don't use old versions of your operating system and Web browsers, says Mr. Sinha, of AirDefense. Keep your firewall, antivirus and antispyware software current, too.

Use a VPN. Virtual private networks can be set up for personal, as well as corporate, use. Do a Web search for "personal VPN" or try a software retailer. Karen Hanley, senior director of the Wi-Fi Alliance, a nonprofit industry trade group, says the chances of getting hacked using a wireless hot spot are slim. But "we need to remind people to practice safe computing."

Bank at home. Avoid conducting financial transactions at a hot spot. "Don't go sell your stocks or do any online banking," says David King, chief executive of AirTight Networks. Do all of your financial transactions at home, he says.

Name your home network. For your home network, don't use the generic name, called the SSID, that came with the wireless router, says Robert Richardson, director of the Computer Security Institute, an association of computer-security professionals. Hackers will often create Wi-Fi networks with names like "default" or "linksys" (named after a router manufacturer) because most laptops are configured to automatically connect to networks that they've used in the past.

Give Wi-Fi a rest. Turn off your laptop's Wi-Fi capabilities when you don't need to connect to the Internet. Most laptops search for Wi-Fi signals automatically and the connection stays open even if you don't boot up your Web or email application. If your laptop automatically connects to a Wi-Fi network run by a hacker, she might be able to search your computer for sensitive data, even information that would allow access to your company's network.

Wire up. John King, a 46-year-old engineer from Livermore, Calif., works for a company that mines computers for evidence in legal cases. He travels a lot for business and avoids Wi-Fi at hotels in favor of high-speed connections that plug into his laptop. He says he uses Wi-Fi to check email and stock listings if that's the only means available, but only if he's sure of the signal. "I won't go on a wireless access point that I'm not confident in," he says.

So You Think Your Wi-Fi Network is Secure?

noreply@blogger.com (wifi security blogger) — Tue, 01 Jan 2008 13:00:00 +0000

Wi-Fi networks deliver tremendous benefits. They provide the ability to connect to the Internet almost anywhere at anytime. You can connect in your home, office, or the coffee shop without being tethered to a wall jack, and Wi-Fi is built into most laptop PC's.

Wi-Fi is also easy to set up if you don't think about security. Out of the box, you can quickly turn on your wireless network, and connect your without much effort. Without security however, everyone else can connect to your network with the same ease. If you don't take the steps to secure your wireless network everything you do over the wireless network can also be seen by hackers up to a mile away.

Who Needs Wireless Security?

One of the common reasons why users don't secure their Wi-Fi networks is that no one wants access to their network or that there is no important information on the network to worry about. Hacking is less about joy-riding on someone else's network and more about the financial payoff that can be gained by stealing confidential or personal information over the network. In fact, over half of cyber crimes are now committed over Wi-Fi networks, because they provide anonymity that wired networks don't provide.

With a poorly secured Wi-Fi network, a wireless hacker can read your email, see the websites you visit, and even access files on your system that aren't properly secured. Your e-mail username and password are easily picked off an unsecured Wi-Fi network when every time your email is updated. Once your e-mail account is compromised, it becomes very easy to gain personal identity.

Another common misconception is that Wi-Fi can only be accessed from 300 feet away. With a $50 antenna, a hacker can access your Wi-Fi network from a mile away, out of sight and undetectable.

War drivers looking for unsecured networks, locate and record Wi-Fi networks. They then share those locations on websites such as www.wigle.net for other war drivers and hackers to find and user those networks.

Why Are So Many Networks Unsecured?

While setting up a Wi-Fi network is easy, turning on security takes some technical expertise and the ability to understand terms like WEP, WPA, 802.1x, and EAP. While wireless equipment manufacturers provide access to these security parameters, very few of them make it easy to understand, or easy to set-up.

Wi-Fi Security for Dummies

There are 4 basic levels of Wi-Fi security: "Open" (unsecured), WEP, WPA-PSK, and 802.1X. Let’s walk through these techno-acronyms and explain these basic levels of security in less technical terms.

"Open" is just that, open to all comers without any basic level of security. Like leaving your front door unlocked for anyone to enter, open networks are just a bad idea.

WEP is the lowest level of security available on most Wi-Fi networks. Unfortunately, WEP have fundamental flaws that make it easy to hack and software on the Internet can crack WEP security in 10 minutes. WEP is equivalent to locking your screen door; it may keep your neighbor out, but it takes little effort to break in.

WPA is the successor to WEP that is more difficult to crack. WPA is comparable to having a single lock on your front door, and giving a key to everyone you want to give access to. Keys can be shared or walked away with when someone leaves the network. The challenge with WPA is removing someone requires the entire network to be re-keyed and new keys re-distributed to valid users.

"802.1X" is called enterprise-level security because it provides the highest level of Wi-Fi security available. 802.1X is widely deployed by Fortune 500 companies and eliminates the common key problem by providing a unique key for each valid user every time they enter the network. This is analogous to the room key used in hotels. Each authorized user gets a new unique key every time they enter the network valid only for the time they are on the network.

802.1x typically requires a RADIUS server, which takes training and some technical work to deploy and maintain. This put the highest level of Wi-Fi security out of reach for most small and mid-sized businesses because of implementation costs.

Products like WiTopia's SecureMyWiFi Business Edition addresses the need for small and mid-sized businesses to quickly and easily deploy strong Wi-Fi security. It can deliver 802.1x enterprise level security for small and midsize business that can be set up in less than 15 minutes without any wireless or security expertise.

It's important that wireless network users understand the dangers of unsecured networks, and properly secure their networks. Open (unsecured) and WEP are poor approaches to Wi-Fi security. WPA, while complex, offers a base level of security, and 802.1x offers the best security available. Businesses are best advised to use 802.1x through either RADIUS server or the more simplified approach that WiTopia offers.

How Secure is Your Wi-Fi Network Against War Drivers & Casual Network Intruders?

noreply@blogger.com (wifi security blogger) — Tue, 16 Oct 2007 13:43:00 +0000

Did you know that your wireless Wi-Fi network can be accessed by hacker from over a mile away? With a laptop PC, Wi-Fi hackerware off the internet, and a $30 antenna, hackers can access your Wi-Fi network from much further away than your standard laptop can reach. If your network is unsecured or open, they have the capability to monitor every piece of information that is sent over the network, access your PCs, and if you're connected to a VPN, tunnel through to a corporate network.

War driving, the art of finding Wi-Fi networks, is becoming a popular game for many hackers. Armed with a PC, antenna, and GPS, hackers drive around their communities to locate wireless Wi-Fi networks, and can post them on popular war driving websites for all to access over the internet.

And finding unsecured networks is like shooting fish in a barrel:

Shipley, a computer security researcher and consultant, is demonstrating war driving. It doesn't take long to produce results. The moment he pulls out of the parking garage, the laptop displays the name of a wireless network operating within one of the anonymous downtown office buildings: "SOMA AirNet." Shipley's custom software passively logs the latitude and longitude, the signal strength, the network name and other vital stats After an hour, Shipley's black Saturn has crawled through rush hour traffic, and his jury-rigged wireless hacking setup has discovered eighty networks beaconing their location to the world.

http://www.securityfocus.com/news/8835

Walking down Yonge Street and Bay Street (heart of the Financial District in Toronto) one finds countless warchalking markings (warchalking refers to the "chalk marks" that people leave to indicate the proximity of open wireless networks). War driving, the act of looking for and using open, unsecure wireless networks is increasing with little-to-no legal action being taken. Until laws are set to deal with this, companies will need to deal with issues themselves.

http://www.enterpriseitplanet.com/security/features/article.php/3325971

Once wireless networks are identified by war drivers, they can be posted on numerous popular war driving websites. Many people are surprised to find out how easy it is to find their network up on a web site. To see if your network has been posted yet, try one of the more popular web sites:

http://www.wigle.net/gps/gps/GPSDB/onlinemap/

Type in your address & see what pops up.

When I put in my home address, my secure network wasn't found, but my neighbor's open Wi-Fi network was listed (unfortunately, his SSID was his last name) from the freeway which is over 1/2 mile from our house. His banking information and personal records were stored on his PCs on the network, and his POP3 e-mail account readily broadcast his username & password every time he received e-mail.

He has since secured his Wi-Fi network, but like many wireless users, he was under the misconception that because he couldn't get Wi-Fi access in his basement, hackers couldn't find his network. Not only did they find his network, they posted it on a web site along with the fact that it was not secured, the channel number, MAC ID, and the last time someone verified that it was still be open. Don't be a victim of hackers that want access to your personal & business information.

Best Practices to Secure Your Wireless Network

noreply@blogger.com (wifi security blogger) — Sat, 08 Sep 2007 19:05:00 +0000

The good news is that simple tools are available to properly secure your wireless network and avoid the dangers discussed above.

The Wi-Fi Alliance designated WPA (Wi-Fi Protected Access) as the recommended security practices for consumer & business networks. WPA comes in two forms: WPA-PSK which offers a lower-level security for consumers, and WPA-Enterprise which offers a higher level of security for enterprises. Solutions like Witopia and WiFi Login Pro deliver enterprise level security with the consumer-level simplicity that can be easily and quickly deployed in home offices, small offices, and medium businesses. WPA-PSK (Pre-Shared Key) - WPA-PSK provides a relatively secure solution for consumer networks. If you’re technically competent, and feel comfortable configuring the security parameters of your wireless access point or router, you can configure your wireless network to support WPA-PSK. By entering a common 64 digit hexadecimal key or an ASCII pass phrase into every device on the network you can properly encrypt all network traffic to and from the access point. The LucidLink WiFi Client can automatically detect if a network requires WPA-PSK and simplifies the client configuration.

WPA-PSK has fixed many of the problems associated with pre-shared keys used in WEP. While it is quite awkward to properly enter a 64 digit hexadecimal key into each device on the network, if done carefully, it can provide strong encryption of network traffic and ward off hackers. A random ASCII passphrase (random to avoid a dictionary attack) can be used to avoid the hexadecimal key entry.

One of the common complaints with WPA-PSK, however, is that it uses a common key across all of the devices and PCs on the network. If you, an employee, or your child innocently shares this key with anyone, the integrity of the network can be compromised. If any person leaves an organization or needs to be denied access to the network, every PC on the network needs to be reprogrammed with a new 64 digit pre-shared key. The need to re-key every device on the network if a single user is removed can become a heavy burden to maintaining a small business network.

WPA-Enterprise uses the same type of network security used by enterprises and ISP over the last decade to protect access to wired networks. Unlike WPA-PSK, each user accessing the network is given unique credentials. These credentials may be in the form of passwords or electronic certificates.

For a user to access the network, they provide the unique credentials which are verified by a designated PC providing access management using a security protocol called 802.1X. When the server acknowledges the user as having valid credentials, the user is given access to the network and given a new encryption key every time they enter the network. The encryption key is used to encrypt & secure the network traffic between the user's PC and the network access point. Without proper credentials, the user is denied access.

One of the benefits of WPA-Enterprise is that it offers a much higher level of manageability. User access can be controlled on a user-by-user basis. A user can be removed from the network without re-keying every device on the network.

Is Your Wi-Fi Network Listed on the Internet?

noreply@blogger.com (wifi security blogger) — Mon, 06 Aug 2007 14:32:00 +0000

Interested statistics from www.wigle.net where Wi-Fi hackers and and war drivers that capture Wi-Fi network information and post to the internet:

Total number of networks found: over 11,280,000

Percent of networks protected with WEP: 44.0%

Percent of networks not protected (without WEP): 40.5%

Percent of networks unknown: 15.4%

Pretty scary thought - somewhere between 40% and 56% of all Wi-Fi networks have no Wi-Fi security.

wigle.net is an interesting site. It's worth checking out to see if your network is on the hacker's radar screen. They have a great interactive map that allows you to type in your physical address and zoom into all of the networks (open and secured) that have been found by war drivers in your neighborhood.

Is your unsecured network listed on the Internet for everyone to see?

Wi-Fi Security for Dummies

noreply@blogger.com (wifi security blogger) — Sat, 30 Jun 2007 13:10:00 +0000

There are 4 basic levels of Wi-Fi security: "Open" (unsecured), WEP, WPA- PSK, and 802.1X. Let's walk through these techno-acronyms and explain these basic levels of security in less technical terms.

"Open" is just that, open to all comers without any basic level of security. Like leaving your front door unlocked for anyone to enter, open networks are just a bad idea.

WEP is the lowest level of security available on most Wi-Fi networks. Unfortunately, WEP have fundamental flaws that make it easy to hack and software on the Internet can crack WEP security in 10 minutes. WEP is equivalent to locking your screen door; it may keep your neighbor out, but it takes little effort to break in.

WPA is the successor to WEP that is more difficult to crack. WPA is comparable to having a single lock on your front door, and giving a key to everyone you want to give access to. Keys can be shared or walked away with when someone leaves the network. The challenge with WPA is removing someone requires the entire network to be re-keyed and new keys re-distributed to valid users.

"802.1X" is called enterprise-level security because it provides the highest level of Wi-Fi security available. 802.1X is widely deployed by Fortune 500 companies with a RADIUS Server and eliminates the common key problem by providing a unique key for each valid user every time they enter the network. This is analogous to the room key used in hotels. Each authorized user gets a new unique key every time they enter the network valid only for the time they are on the network.

How TJX Data was Stolen Over a Wireless Network

noreply@blogger.com (wifi security blogger) — Wed, 30 May 2007 13:25:00 +0000

The Wall Street Journal's article today - How Credit-Card Data Went Out Wireless Door - is a must read article for small and medium businesses using wireless networks. The article explains how hackers easily broke into the wireless network, sniffed out user credentials, and then used those credentials to get into the corporate network (presumable over a VPN) to access millions of customer credit card and social security numbers. The article talks about the devastating effect this breach had on TJX and it's customers and didn't even mention the impact it had on TJX's confidential internal data, which is probably something they don't want to talk about. This should be a call to action for any business using Wi-Fi. Make sure your Wi-Fi network is secure. A RADIUS server and 802.1X control that gives you control over individual access is best. At the very least, use WPA or WPA2 and make sure you change the encryption keys when employees leave the company. Witopia and DAZ Software provide great tools that makes RADIUS easy for small businesses. Companies like Interlink Networks provides a higher end RADIUS server that is better suited for larger enterprises and ISPs.

LucidLink WiFi Client Available at Download.com

noreply@blogger.com (wifi security blogger) — Wed, 02 May 2007 20:46:00 +0000

Wi-Fi Security can be hard. There are many options, many settings, and a lot of techno-babble in many WiFi clients that make it difficult for non-technical users to understand.

The LucidLink WiFi Client eliminates all of the clutter and only presents what you need to connect to the WiFi network. It automatically determines the WiFi security method being used on the network and requests only the information required to connect to that network.

LucidLink WiFi Client makes it easy to access Wi-Fi networks. It can be used to connect to home networks, office networks, or public hotspots. This client is easy to install, easy to use, and it solves an array of problems Wi- Fi users face connecting to different wireless networks. The LucidLink WiFI Client automatically detects network security settings, alerts users to incompatible settings and provides instructions for resolving them, ensuring that users establish connectivity rather than being left to wonder what is wrong. It detects and warns against suspected security problems such as the Evil Twin and potential Man-in-the-Middle Security Attacks. Supports networks secured with WEP, WPA-PSK, and open (unsecured) networks.

The Lucidlink WiFi Client in now available at Download.com.

New WiFi Security Product

noreply@blogger.com (wifi security blogger) — Fri, 27 Apr 2007 20:39:00 +0000

An interesting new WiFi security product is now in beta testing called WiFi Login Pro. I had the opportunity to review the product a few weeks back. It is quite a clever WiFi Security solution - it supports WPA & WPA2, but rather than requiring the user to set up certificates for EAP-PEAP or EAP-TTLS, it uses the POP3 mail server to authenticate the user and let them on the network. This WiFi security product supports up to 100 users, is cost effective ($199), and is targeted at small businesses that need the same level of WiFi security that large corporations use without the hassle of a full blown RADIUS server. WiFi Login Pro is actually a RADIUS server that runs on a Windows Vista, 2003, XP, or 2000 PC. Unlike the complex set up of a RADIUS server, WiFi Login Pro simplifies the set up with a straight forward wizard and allows you to use your pre-existing POP3 e-mail server to authenticate users access to the WiFi network. WiFi Login Pro is available as a beta version right now. If you're interested in seeing a beta copy go to their web site at www.dazsoftware.com and click onthe download link.

The Five Deadly Dangers of Unsecured WiFi Networks

noreply@blogger.com (wifi security blogger) — Tue, 03 Apr 2007 13:56:00 +0000

Once hackers have access to your WiFi network, they can readily capture personal and business information. There are two types of WiFi attacks. Passive attacks, where the hacker captures your network traffic, are almost impossible to detect because the hacker never joins your network. They can sit silently with their antenna tuned into your network and capture gigabytes of network traffic for off-line analysis at a later time. Active attacks, where the hacker joins the network, can be the most devastating because they can launch active attacks into the network and onto your devices on the network.

There are 5 attacks that WiFi hackers can very easily & readily perform on your wireless network with very little effort or expense. The first two are passive attacks, and the last 3 are active attacks. But make no mistake - all of these attacks can be deadly.

Deadly Attack #1: Account and Password Capture. There are several applications that send your account and passwords in clear text over the network. For example, every time a POP3 mail account checks for new e-mail, the account name & password are in the clear as part of the data transfer. Anyone sniffing the network traffic can easily get your e-mail account information. Once they have that information, they can access your e-mail account at their leisure, monitoring for personal information without leaving a trace. From there, any confidential information they can get from your account just escalates their attack.

Deadly Attack #2: E-mail, IM and Web Site Traffic Capture - It is very easy to monitor and capture all of the e-mail traffic sent over an unsecured wireless network. Since most e-mail is sent in clear-text, and instant messaging is sent in HTML, it's very simple to capture the traffic and mine the traffic off line for any “interesting” information at a later time. By monitoring your wireless traffic, all of the HTML data can be captured & reconstituted as web pages on the hackers PC to see exactly what web sites & content you are surfing over the wireless network.

Deadly Attack #3: Accessing Data on Your PC. Let's face it, it's pretty easy to turn file sharing on, and then forget to turn it off when you attach to an open WiFi network. Once file sharing has been left on or the personal firewall is mis-configured, a hacker can readily access you PC and hard drive across the wireless network. Firewalls are also easy to mis-configure or turn off, and forget to turn back on. With older versions of Windows (NT, W2K), if improperly configured, it's easy prey for a hacker to get in over the network, log-in as a null session and take over your platform.

Deadly Attack #4: Access to the Corporate Network. If you’re wireless network is connected to a corporate network through a site-to-site VPN, an open wireless network punches a hole through the network, and opens up both sides of the VPN to anyone attaching to the network. Another threat is with improperly configured client VPNs which can be more easily compromised to provide the hacker access through the VPN.

Deadly Attack #5: SPAM and Virus Launching over the Wireless Network. Unsecured Networks provide are an ideal launch point from which hackers can launch SPAM & Virus attacks because it is very difficult to track the source back to them. From a distance, the SPAMmer can launch the SPAM (from your e-mail account if he or she sniffed your e-mail account info) without repudiation. When the ISP or FBI tracks down the violator, the trail points to your network, and possibly your e-mail account. The liabilities to the owner of the unsecured network are still newly contended battlegrounds for the lawyers.

Hacking open networks isn't as hard as one may think. See this flash demonstration on the tools hackers use to crack WiFi networks.

The Benefits of Wireless Networks

noreply@blogger.com (wifi security blogger) — Mon, 19 Mar 2007 18:34:00 +0000

It seems these days that wireless networks are everywhere.With Wi-Fi capabilities built into most new laptop computers, and with relatively inexpensive network adapter cards, Wi-Fi is within reach of most PC users.

The freedom and benefits of an un-tethered connection to your network are very compelling:

Create your network when wiring isn’t practical. Many office and warehouse spaces find it very difficult or impossible to lay wire for networking. Wi-Fi is a cost-effective and convenient alternative to a wired network.
Expand your network with no additional wiring costs. This is especially beneficial in home offices that aren’t pre-wired for Ethernet, or for small businesses that are rapidly expanding, or frequently reconfiguring their office layouts.
Information at your fingertips anywhere you work. The ability to access your e-mail, the Internet, and network-based applications in a conference room or another office gives you additional degrees of productivity and convenience.

Doctors can carry patient records on a laptop or tablet PC to each exam room and stay connected all the time.
Lawyers can bring their lap tops into depositions and conferences and fact check or access networked data instantly.
Project members can collaborate in team meetings each with instant information available across the wireless network to accelerate decisions with immediately available information.
Wireless at home means delivers the ability to work anywhere in the house, or deck. The ability to be around your family when you’re catching up on e-mails is truly convenient.

Beware the Dark Side

Despite the benefits, there is a dark side to wireless. Without the proper security measures in place, your business and personal information can easily be retrieved over the wireless network. With a $100 directional antenna and free software available on the internet, hackers can access your network traffic and PC data from as far as a mile away.

In June 2004, a world-wide “war drive” event among the hacker community uncovered over 230,000 wireless networks and posted their positions on the Internet. A startling 61.6% of all the networks they surveyed had no security whatsoever, and the majority of the other networks had the weakest form of security that can be cracked in under 15 minutes.

Wireless Security has tremendous benefits, especially when secured and properly managed. Pay attention to the security and gain the benefits without the risks.