Charleston Business Journal > January 23, 2006 > News
Wi-Fi: Convenience vs. risks

By Shelia Watson
Contributing Writer

The spread of Wi-Fi capabilities throughout the Lowcountry means that with the right hardware and software on a laptop, the tech-savvy user can log on to the Internet from almost anywhere, from upscale hotels to coffeehouses to college campuses.

And soon the technology will be available all over the peninsula, thanks to the efforts of Ernest Andrade, director of the Charleston Digital Corridor, who organized the latest project, dubbed Access Charleston.com.

The good news is not without a word of caution. With “hot spots” cropping up all over town, Wi-Fi has the potential to become the de facto standard for connecting mobile users to networks, but there are serious security concerns.

In fact, the lack of security standards, coupled with the technology’s pervasiveness, creates the potential for widespread security risk.

Risky business

Wi-Fi, which stands for wireless fidelity, is a term used to describe a set of wireless networking standards. The system uses a router or transmitter mounted on structures such as streetlights or water towers to connect to a wired network and transmits a signal over several hundred feet.

The nature of wireless communications, which occur in open air and are easily intercepted or compromised, makes them more susceptible to a security risk than wired networking.

A system called Wired Equivalent Privacy is the standard security shipped with all Wi-Fi hardware, but WEP is a fairly weak form of protection that is subject to vulnerabilities primarily because of the way Wi-Fi LANs operate.

Wi-Fi access points, the boxes that sit between wireless users and a wired LAN, broadcast their existence to the world, making them easy to locate. With a range of 100 to 500 feet, access points can give workers network access in several adjacent rooms of an office. Unfortunately, that access can extend to the parking lot and the street in front of the building as well.

For example, home improvement giant Lowe’s was victim to a network attack after the stores installed a Wi-Fi system to allow scanners and telephones to connect to the network without the burden of cables. A 21-year-old Michigan man and his two accomplices were convicted of scheming to steal credit card numbers by taking advantage of the store’s unsecured Wi-Fi network.

The hackers stumbled across the company’s unsecured network while driving around town charting wireless networks with their laptop computers—a practice that’s becoming so prevalent it has its own name: “wardriving.”

Not only did they capture credit card information, but they also altered the software code used by Lowe’s to process credit cards and gained access to computers in six other stores, one as far away as Long Beach, Calif.

Unfortunately, the Lowe’s case is not an isolated one. In Haifa, Israel, con artists broke into a post office and added a Wi-Fi access point to the internal network, planting it in the middle of the other server equipment in a closed area. The criminals were caught after an audit showed large withdrawals from newly opened accounts.

At a hospital in Raleigh, N.C., a hacker said he was only trying to expose the vulnerability of the system when he tapped into the wireless networks used to transmit data from bedside to a central server. Whatever his motives, he was able to access more than 2,000 patient records, which contain everything from social security numbers to sensitive medical information.

Legislating risk management

Some municipalities are taking matters into their own hands regarding Wi-Fi security. For instance, Westchester County, N.Y., recently proposed a law that would require businesses to apply basic security when offering wireless access.

According to a statement from Westchester County’s Department of Information Technology, a short drive down the main street found 248 wireless networks, nearly half of them with “no visible security.”

The proposed law, the first of its kind in the country, is designed to ensure that local businesses have corporate security enabled in order to cut down on identity theft. For example, a retail business handling credit card transactions via wireless connection might be required to install a firewall.

Industry solutions, drawbacks

Several network vendors have come up with proprietary solutions to the lack of security, but they require the use of that vendor’s hardware.

One method is to use Wi-Fi Protected Access, or WPA, which is becoming the industry standard for security. WPA requires specific software and hardware that can create an engineering challenge.

Another common approach to Wi-Fi security is to bypass WEP and use the corporate Virtual Private Network to provide a secure connection over Wi-Fi links. Virtual Private Networks encrypt network traffic but don’t have authentication systems or access controls that work well in wireless environments, especially when the access points are publicly accessed, such as hot spots in coffeehouses.

Another protection tactic is Media Access Control, also known as MAC address filtering. This method permits only recognized addresses to establish communication with wireless access points. Unfortunately, certain software tools permit addresses to be imitated, or spoofed, and continuous monitoring enables hackers to learn addresses over time.

Wi-fighting city hall

One of the security issues on the horizon is the potential security risk of municipal-based Wi-Fi networks interfering with corporate LANs. Interference and signal degradation are not new to wireless LAN deployments; however, a high-powered wireless signal blanketing a city could intensify existing problems.

Requirements for using Wi-Fi for client connectivity will mean outside signals entering corporate office buildings, which could compromise the ability of the corporate LAN to perform optimally. Enterprise wireless network administrators should pay close attention to the development of municipal Wi-Fi networks to avoid performance and security problems.

Although there are serious security risks involved in Wi-Fi networks, many experts agree none of them are insurmountable. Because Wi-Fi connectivity promises strong business value and convenience, it is worth figuring out how to make it work safely.

E-Mail This Article
Printer-Friendly Version
Investing in citywide Wi-Fi: Can you sell me now?

By Shelia Watson

Contributing Writer

As Congress begins deliberation of the Digital Age Communication Act—which will be more or less a rewrite of the Telecommunications Act of 1996—the debate is likely to venture into whether it is a good idea to have the government involved in providing free municipal-sponsored wireless Internet access.

Yet Congress should take note: In the free-market culture of the tech world, there is no free lunch.

At the forefront of the issue is the threat to cable modem and DSL broadband access by a third provider: municipalities setting up Wi-Fi networks for their citizens.

The issue provides a choose-the-lesser-evil scenario: If telephone and cable companies successfully lobby for legislation to prevent municipalities from erecting broadband networks, it sets up a duopoly for those services. On the other hand, if cities can provide Wi-Fi services for less than phone and cable companies can, including charging nothing, that could lead to a municipal monopoly.

Solutions on the open market

One alternative is for cities to open-bid the project and grant private companies licenses to operate Wi-Fi networks.

This apparently is the alternative chosen recently by the city of Charleston in its plans for a Wi-Fi covering the downtown area. According to published reports, Access Charleston.com, formed from the combined efforts of Mount Pleasant telecom Widespread Access and the Evening Post Publishing Co., are providing the peninsula’s Wi-Fi with an investment of nearly $500,000.

The company plans to recoup its investment through several avenues. Basic (i.e., slower) connections will be free, with users able to buy a faster connection.

Other aspects of Wi-Fi, such as Voice over Internet Protocol transmission, will be available, even though the VoIP technology would compete with telephone and cellular companies.

“We’ll provide voice-over-IP capabilities and text messaging on phones,” said Charles Bauman, chief information and technology officer for the Evening Post Publishing Co.

Bauman says advertising is expected to bring in the bulk of the revenue, including targeted ads using geo-coding, a system that identifies the coordinates of a location.

“The signal will be geo-coded to send ads locally. For example, if someone is staying at the Charleston Place hotel and logs on to our Wi-Fi, an ad might pop up with specials at Hymans Seafood, which is just around the corner.”

Whether cities and towns will be able to offer free Internet access—and keep it free—is one of the hottest consumer issues of the telecom debate. And the big-brother aspect of geo-coding may be a close second.

















SUBSCRIBE | REPRINTS | CONTACT US


Phone: 843-849-3100    Fax: 843-849-3122

Powered by iProduction