In the February 27 edition of Mobile & Wireless UPDATE, I wrote about my experiences using Netstumbler.com's Mini Stumbler on a Pocket PC to conduct a neighborhood site survey of 802.11 wireless networks. (To read the original article, go to http://www.mobile-and-wireless.com/articles/index.cfm?articleid=38174 .) My findings struck a nerve with readers: More than a dozen shared their experiences, which were generally similar to mine. In short, 802.11 networks are extremely common and most of them are unsecure.
Chris Mohan wrote from London to tell me about an impromptu survey he started from the back of a cab after his notebook "started popping up messages reporting the availability of a wireless LAN \[WLAN\]." Mohan continued, "I flipped on Network Stumbler and left it running. During the hour-long cab ride, I picked up more than 30 WLANs. More than half of them weren't encrypted and used Service Set Identifiers \[SSIDs\] such as 'wireless' or their company's name. Even scarier, three of these WLANs belonged to banks in the heart of the London financial district." Mohan also uses Network Stumbler in his office to search for unauthorized WLANs. Although he hasn't found any at his company, a couple of his business neighbors "have just bought WLAN kits, and they haven't Wired Equivalent Privacy \[WEP\]-secured them or hidden the SSID broadcast."
Mohan isn't alone. I heard from other readers in locations as varied as South Carolina, Florida, Singapore, and Finland. Most reported results consistent with my impromptu observations: 75 percent of residential WLANs have no security enabled; the same is true for 50 percent of WLANs in business areas. One disturbing response came from a consulting engineer, who said, "I frequently wander about my community with a laptop and Network Stumbler to see what I can find. About 25 percent of the homes I find have WEP enabled, whereas 50 percent of businesses do. Doctor's offices and law firms are the worst, and heaven knows what secrets they're pushing into the air without thinking about what happens to it."
Mike Walsh, a consultant in Helsinki, Finland, offered the interesting suggestion that IT staff at large offices should conduct regular "sweeps" to ensure that no unauthorized WLANs have been set up. This suggestion is an extremely good idea, and it's quite easy to do.
What should you do if you find an unsecured WLAN? Several folks who responded to my column reported that they simply introduce themselves to the WLAN's owner and point out the problem. (If you're a consultant, this idea might be a good way to drum up business!) Most residential and small-business WLANs are connected directly to the owner's computers, so anyone with a notebook computer and an 802.11b card can obtain access.
At a minimum, WLAN owners should - enable WEP on the wireless Access Point (AP) - change the password on the AP - ensure that the Guest account is disabled on any Windows XP, Windows 2000, and Windows NT computers that connect to the AP and that nonblank passwords are in effect for all connected computers and users
Below are links to some sites that provide additional suggestions. I enthusiastically recommend the first URL, which takes you to the National Infrastructure Protection Center's (NIPC's) "Best Practices for Wireless Fidelity (802.11b) Network Vulnerabilities" document. The second URL is for the Wi-Fi Alliance Security page. The third URL is for the Microsoft TechNet Wireless and Mobile Security: Technical Resources page. Finally, the fourth URL is a link to Netstumbler.com, from which you can download Network Stumbler and Mini Stumbler. http://www.nipc.gov/publications/nipcpub/bestpract.html http://www.wi-fi.com/opensection/secure.asp http://www.microsoft.com/technet/security/prodtech/network/wirelsec.asp http://www.netstumbler.com
I'm open to additional suggestions regarding this topic, particularly from residential users, who are more likely to be running Windows Me or Windows 9x on their computers. This topic is of such compelling interest that we're working on coverage beyond Mobile & Wireless UPDATE. (We think all network administrators need to be aware of this potential for unintentional security breach.) If you have additional information, links, or suggestions, please write to me at firstname.lastname@example.org.