 |
| . |
|
Navigation |
| Research |
| Marketing |
| Communities |
| Net Tools |
| Security |
| Seminars |
| Our Services |
| Search |
| . |
| Bookstore |
|
Check out our bookstore, operated with our associate, Amazon.com: |
 |
Net Q & A
Question of the Month: April 2002
What Is "War Driving?"
Answer
Wireless computer networks are wonderfully convenient. An increasing number of law firms use them, and with good reason. Because they don't need expensive network cabling, they can be less expensive. But how safe are they? The increasing popularity of "war driving" suggests that there may be reason for concern.
War driving is a cousin of "war dialing," a term popularized
in the 1983 movie
"War Games."
War dialing is hacker use of software that dials many phone numbers
automatically, looking for tones that indicate a modem, a potential hacking
target.
"War driving," also known as "net stumbling," is a newer variant. It is a way of
finding wireless computer networks to attack. Wireless networks, which use a
protocol known as
IEEE 802.11b, sometimes referred to as "Wi-Fi," for "Wireless Fidelity." War
drivers, sometimes known as "whackers," drive around with laptops, inexpensive
antennas and free software that can detect the presence of a wireless network
within about 300 feet and pinpoint its location using a global positioning
device.
The goal of some war drivers is relatively benign. They want to find unsecured networks with broadband Internet connections whose bandwidth they can use free of charge. Some wireless network providers like Freenetworks.org even encourage this.
Others war driver motives are not so benign. They seek information they can use to embarrass the networks' owner, or with which they can make money. Those acting from the latter motive are of high concern to law firms using wireless networks.
Testing indicates that around 70 per cent of Wi-Fi networks in the United States are unsecured open targets. Thousands of them are listed on an open web site, NetStumbler.com. Once a site is located, its encryption can be attacked with readily available free software. Wireless networks are particularly attractive to hackers because it is more difficult to trace unauthorized accessers, just like a radio station can't easily trace its listeners.
Is war driving illegal? Some argue that the burden of securing a network is on the owner of the network, like satellite broadcasters. It is not illegal to view satellite programs that have not been encrypted, but it is illegal to crack encrypted broadcasts.
Security Measures
Securing a wireless network is a challenge. Given today's equipment, perfect security is probably an impossible dream. However, wireless networking can be made safer.
One way to start is assessing the problem by doing a little own war driving of your own. How accessible to intruders is your firm's network?
You say you don't have a problem, because your law firm doesn't run a wireless network? Think again. Many businesses have discovered that employees have set up their own unauthorized wireless networks, for the convenience. It's not difficult or expensive.
The first step toward higher security is to create a unique SSID (Service Set Identifier (SSID) when you set up your network. Many users merely use the default that comes with their wireless network software.
Next, turn on the built-in encryption option. Wi-Fi networking protocol includes an option for encryption, but most users don't turn it on. In one random sample, only about a fourth of wireless network operators had activated encryption. Turning it on won't help you much if you don't change the default password that comes with the system.
Don't let the encryption option give you a false sense of security. The encryption included with standard Wi-Fi networking equipment (WEP, "wireless encryption protocol") is not particularly strong. One expert estimates it takes about an hour for an experienced hacker to crack it. However, it is better than nothing. Turning it on will deter casual snoops. Some vendors offer wireless encryption with higher levels of security, but interoperability can be a problem.
You can try to discourage hackers by keeping your wireless access points physically inside your building, but outside your LAN's firewall. Having intruders freeloading off your Internet bandwidth is better than giving them easy access to client confidences. Some experts even recommend using TEMPEST-rated glass on the windows of rooms using wireless equipment.
Some experts suggest turning off DHCP (Dynamic Host Configuration Protocol) with wireless networks. A static network address set up is not impenetrable, but it adds another barrier for hackers.
The most important security measure is educating your firm's lawyers to the dangers of wireless networking. For example, if your lawyers are using a service like Boingo Wireless when they are on the road, make sure they use the VPN (encryption) option.
Resources
Wardriving and Warwalking -- Good explanation of the basics.
WarDriving.com -- A how-to-do-it site.
802.11 Security Vulnerabilities -- Bibliography of papers describing how to attack standard wireless networks.
Go away! How to keep hackers out of your wireless network -- Short article from ZDNet, with links to related stories.
Amy Harmon, "Good (or Unwitting) Neighbors Make for Good Internet Access," New York Times (March 4, 2002)(archived article; fee to read full version).
Don Plummer, "Wireless Systems Are Simple To Hack," Atlanta Journal-Constitution (March 31, 2002).
|
Send us your questions. We'll select the best each month and answer it here. On request, questions will be edited to conceal the questioner's identity.
|
|
View Q & A Archives. |
This page last revised: April 1, 2002.