Skip to main content /TECH with /TECH

The scoop on wireless LAN snoops

By Jason Meserve

(IDG) -- What's that unknown person with the laptop sitting on a bench outside your office doing? If you're running an 802.11-based wireless LAN, that person could be watching your employees' every online move.

Guardent, a consulting firm that develops technology for assessing companies' network vulnerabilities, recently took Network World on a "tour" through Cambridge, Mass., to show just how much unprotected wireless LAN traffic is floating among the airwaves. Standing along one of the city's major thoroughfares, consultant Jamie Fullerton used an IBM ThinkPad equipped with a standard wireless network interface card and proprietary software written by Guardent to peer into the wireless world. INFOCENTER
Related Stories
Visit an IDG site search

Most of the information flowing across his laptop's screen was run-of-the-mill network traffic, such as print jobs and boring e-mail. Even so, we saw a router reconfigured, including its IP address, name and other data - the sort of information that would be valuable to a hacker looking to map a network and wreak havoc. Had we been watching earlier, Fullerton says we probably would have learned the router's password

To an average observer, most of the traffic would look like computer gibberish. But Fullerton's discerning eye could tell what operating systems were being run and the names of all the servers being accessed over the network. He pointed out a number of NetBIOS (Windows) packets that could be put through a simple decoder to read the text.

While there is excitement around the wireless LAN market - Cahners In-Stat estimates the market will be worth $3 billion by next year - there is also plenty of concern about security.

And, unlike wired networks, where an attacker has to be physically connected to a network, a wireless hacker could be driving by in a car or walking around a building. An intruder could even leave a handheld device hidden for a few hours to record traffic (Guardent has a version of its software in the works for Compaq iPaq handhelds).

Traffic on wireless LANs adhering to IEEE 801.11 specifications runs across 14 channels in the U.S. using part of the radio spectrum between 2.4 and 2.5 GHz. The typical range for a wireless access point is about 1,000 feet, enough to broadcast traffic outside the physical wall of a building.

Fullerton says many wireless access products come ready-to-use, but have limited security settings. Users should change the default settings on the devices to make them less of an open door to intruders.

Companies can also protect data using the same VPN software used to connect remote workers over the Internet. VPNs work the same over 802.11b as they do in a wired network, Fullerton says. Finally, access to wireless LANs should be authenticated, to ensure unwanted users remain "outside."

"A company along the [Charles River in Cambridge] has a wireless connection for its courtyard, but they keep it separate from the wired LAN," Fullerton says. "Employees using the wireless network need to connect through a VPN."

Guardent gave the demonstration to help promote its new wireless security assessment service, which starts at around $10,000.

See related sites about Tech
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top