We all like to think we have privacy, even when often we don’t. Some people move into the Alaskan outback, 50 miles from the nearest truck stop, to ensure that they have no chance of running into another human being. Others maintain psychological limits while living in dense environment: though Glenn can see neighbors through his kitchen window, through mutual unspoken consent, he and his neighbors never acknowledge each others presence. (Wireless Security)
These anecdote illustrate the extremes of wireless networking as well. As long as our wireless networks are isolated, we don’t have to worry about others. The minute someone comes within range, our privacy can be compromised. Transmission over wireless networks, because they go through walls, ceilings, floors, and other obstructions, are easily intercepted by consumer-level equipment just like the gear you use to connect your computers and access point.
Adam lives far enough from the population center in Ithaca that he and his wife Tonya aren’t worried about the potential of a snooper: it would be difficult for someone to share their connection without parking in their driveway. In contrast, Glenn and his wife Lynn reside in a moderately dense part of Seattle. One day, soon after younger neighbors started renting the house next door, Glenn flipped open his laptop and spotted their wireless networks.
Unlike more advanced or proprietary forms of networking or cellular services, Wi-Fi and similar networks don’t inherently attempt to limit who can connect. Whenever you use Wi-Fi, for instance, anyone whose computer can receive your signal can potentially access your network, use your Internet connection, watch network traffic that passes, and connect to your computers.
The question , of course, is just how likely someone is to want to break into your wireless network. A business, for instance, should be concerned about whether someone in its parking lot could access its confidential data. And businesses do have a lot of data that should he considered confidential, such as invoices as they pass between employees, or even just customer credit card numbers. Home users have fewer worries, of course, but should still protect passwords that an attacker could use for logging in to an online banking account or bill-paying system, for instance.
In this chapter, we address several aspects of security and encryption: security is the art of protecting the integrity of your systems; encryption protects the contents of your transmissions and stored data. We run you through why and how those systems can be put into place simply and often cheaply.
Unlike privacy fanatics, we don’t want to offer reasons why you should be paranoid. Instead, we want to present a fair discussion of the risks and potential outcomes when you rely on wireless networks.
Where You Live, Work, and Roam
Before we worry you or alleviate your fears about what you’re sending or receiving over your wireless networks, you should first think about where you use wireless networks, because the location affects your vulnerability to attacks. It’s likely that you use wireless networks in one or more of these locations.
- Rural/far away. In your home far from other houses.
- Long-range. over a long-range, point-to-point link with a wireless ISP or neighbor.
- Dense urban. In your home in a sense urban area or with at least several other houses close by
- public space neighborhood. In a neighborhood near a public park or where people can park on the street
- Near existing networks. In an area with existing hot spot or community networks.
- office building. In an office building with other businesses or a nearby parking lot within line or sight
- Mixed-use. in a mixed-use residential an commercial neighborhood.
- Roaming. While on the road in airports, cafes, hotels and other locations.
Unfortunately, unless you fall only into the rural/far away category, you’re at some slight risk that an open network’s data could be intercepted.
For all of the other cases, we recommend using at least the minimal levels of protection discussed in “Preventing Access to Your Network.” For any cases involving business use, we also encourage you to consider the recommendations in “Securing Data in Transit.”
pay special attention to the roaming category. Even if your protect your own network, using your computer while roaming outside your own, trusted networks can still put your data at risk. When using public networks, whether free or for free, you have no control over the network-based security precautions, and everyone else using the same network has the ability to see your data in transit.
Your Network Traffic
You likely believe that most of your private data sits on your computer, that you transmit and receive only limited amounts of sensitive information, and that someone would have to listen at a specific time to capture those bits. The reality of the situation is that we all transmit and receive quite a lot of sensitive data that people with common equipment and widely available software can extract easily.
All data sent or received over a wired or wireless network is transmitted in the clear to anyone else able to join or plug into the network. “In the clear’ simply means that the data is sent in a form that a human being can intercept and then either read directly or convert easily into a usable program or image data.
Here’s a list of what you might be sending or receiving in the clear:
- Your email account password
- The text of all email messages sent and received
- The contents of any documents sent or received as attachments
- The location and contents of any WEB pages viewed
- Your user name and password for any non-secure Web sites 9sites that don’t use SSL)
- Your FTP user name and password.
- Any files you transmit via FTP
- The text of any instant messages you send or receive.
- The contents of any music or other files you send or receive using limeWire Kazaa, or other peer-to-peer file sharing programs.
- The IP addresses and port numbers of any connections you make
- Timnuktu session control or file transfer sessions.
These items are not sent in the clear:
- The contents of encrypted sessions using SSH, SSL, or VPN (described later in this chapter)
- Your email password if your ISP uses authenticated SMTP (outbound) or APOP (inbound)
- Timbuktu passwords
- AppleShare passwords (if both client and server have encryption enabled)
- Any secure SSL Web pages (their URLs begin with https://)
- The contents of any email message or file encrypted with PGP (Public key encryption) or similar technology.
Each item that you might transfer in the clear falls into one of three categories: account access information (user names and passwords), information that could be used to track your online steps, and content related to what you say and do.
We’re pretty transparent people (well, not literally), so there isn;t much that we would say or do online that e would worry about someone else reading. that’s it. But what if that document were posted on a widely read mailing list or Web site? Even for us, that could be a problem, and other people might have data that could get them fired, damage their businesses, humiliate them publicly, or cause lawsuits or divorces. You probably have a pretty goo sense of whether or not you’re at risk from the things you say or do.
Similarly, information that tracks online movement doesn’t worry either of us, since as journalists, we can always claim we visited a Web site for research purpose . But it doesn’t take much imagination to see how the fact that a politician had frequented certain some sites could ruin his career. Again, you probably have a decent idea of whether your online movements could be in any way damaging.
Last. and most important, is account access information, which,, when stolen presents two types of risk. First, since most people tend to use the same passwords in multiple places, having your email password stolen could compromise a more-sensitive system, like your online banking account. Second, attackers often use a password to one account to break into another account, working their way ever deeper into a computer to run automated program that attack other computers. In this respect, protecting your passwords isn’t something you do just for your own benefit, it;s something you do for the benefit of everyone who may be affected if the attacker takes out a server that you use.
In general, because anything you send or receive could be intercepted and read(text) or used (files and programs), you must accept the notion that everything could be examined or stolen if you’re in a location where other people might be able to connect to the network you’re using.
Who Should Worry About What
Let’s combine the variables of what type of data traverses your wireless network and your location to evaluate your real-world risks and determine which sections of this chapter are most important for you to read.
- If you’re a home user with no immediate neighbors or nearby public spaces, and if you don’t believe your data is particularly sensitive, you don’t have much worry about. At most, read “Protecting Your Systems” later to see if you want to take steps to prevent anyone from attacking your computers over the Internet. Otherwise, just skip the rest of this chapter.
- If you’re a home user in an urban environment, you should definitely read “Preventing Access to Your Network” an the section on protecting email passwords in “Securing Data in Transit.’ If you’re concerned about the sensitivity of your data, read the rest of “Securing Your Data in Transit” as well. It’s also worth reading ‘Protecting Your Systems,” just in case.
- If you use or maintain a wireless network at work, you should read this entire chapter, thinking hard about your company’s risk factors as you go. In particular, in “Securing Data in Transit,” consider how far you want to go protect your data.
- If you regularly use wireless networks while traveling, be sure to read “securing Data in Transit.” The more sensitive your data, the more seriously you should consider the various approaches in that section.
Preventing Access to Your Network
With just a few steps you can discourage casual browsers of your network. These steps are just the first line of defense, but they may be sufficient for home users.
You have three main tools to discourage network access: closing your network, employing WEP encryption, and limiting access to specific wireless network adapters.
Closing Your Network
When you run a wireless network, you start with a fundamental choice: whether your network is open or closed. This makes it easy for someone to see your network and connect to it.
In the case of an open network, your access point constantly broadcasts the name of your network. That makes it easy for someone to see your network and connect to it.
Most access points offer a simple option that lets you hide your network name. Some call the option a “closed network,” others “disable broadcast name,” No matter what the terminology, a closed network’s name doesn’t appear in the list of available networks in client software.
FOR MORE INFORMATION