WiFi Hotspots
Already experienced with the risks and benefits of 802.11 WiFi, government and corporate security managers are now grappling with early signs of convergence between 802.11 and other wireless systems, ranging from cellular networks to a short-range technology known as Bluetooth.
Geared to communications across distances of a few miles, WiFi has connected work-at-home and telecommuting environments as well as business and government organizations of all sizes over the past few years.
At the end of 2005, for instance, Proxim Wireless Corp., San Jose, Calif., announced that the City of Burbank, Calif., is using its WiFi equipment on a new municipal wireless network. Built by the city in conjunction with M-Gravity LLC, a Torrance, Calif.-based wireless technology specialist, Burbank's new network features a wireless “hotspot” about one square mile in size, offering wireless Internet access to citizens.
Other government agencies with WiFi networks already in place run the gamut from the U.S. Department of Defense to the communities of Corpus Christi, Texas and Chasta, Minn. What's the attraction? According to experts, the key advantage of WiFi networks is portability.
To hook up a laptop to either the Internet or an enterprise network, it must simply be situated near a piece of hardware known as an access point (AP). In Burbank, for example, APs have been installed on street lamps throughout the wireless hotspot, in addition to municipal buildings outside the hotspot.
Moreover, many foresee a day, not too far away, when WiFi-enabled voice communications will be as commonplace as WiFi data connections, through an emerging Internet-based technology known as voice over IP (VOIP).
On the other hand, unless properly deployed, WiFi networks are still fraught with security risks, according to other experts. Some organizations with WiFi networks have been hit hard by roving bands of hackers, sometimes known as “war drivers.”
How do wireless hackers operate? Typically, these potential intruders ride around in vans rigged up with WiFi hardware and software, trying to detect and tap into 802.11 wireless networks from the street. And all too often, they succeed.
WiFi vendors and industry groups have long worked hard on information security, but wireless experts point to a few lingering areas of vulnerability.
A couple of years ago, the WiFi industry started to replace WEP (Wireless Encryption Protocol), an encryption technique known as particularly easy to break, with the much stronger AES (Advanced Encryption Standard). But although the tide is turning, WEP still holds a lot of sway.
Moreover, many WiFi users fail to replace the easy-to-crack “default” SSID (system IDs) that come with their APs with strings of characters that would be harder for interlopers to guess. As many see it, better usability might help to produce improved security. “People will only accept easy-to-use security mechanisms. Wireless technology can be a very high hurdle for many of them to get past,” says Rich DeMilo, dean of the College of Computing at Atlanta's Georgia Institute of Technology.
At the same time, WiFi networks are now starting to come together with other wireless technologies, raising new sorts of issues. WiFi and cellular networks carry the potential to complement one another well, according to some, because at this point, these two varieties of wireless networks are tailored to different types of devices.
For the most part, WiFi is used with PCs. Michael Finneran, president of dBRN Associates, Hewlett Neck, N.Y., says that some organizations have even set up special conference rooms for connecting PC laptops to the Internet and other data networks.
In contrast, cellular networks are still almost the exclusive province of cell phones and PDAs. “You do not see too many employees trying to balance laptops in their hands as they roam down the hallways talking on the phone,” Finneran says.
Similarly, PDAs are also better suited than laptops to a variety of data entry tasks performed by mobile workers, including work carried out by soldiers in the field.
Accordingly, some technology providers — including Good Technology, Santa Clara, Calif. — have put together end-to-end managed cellular systems dedicated to safeguarding the security of PDA data.
In one recent survey conducted by Good Technology, 79 percent of the 600 decision-makers interviewed cited e-mail as the greatest security risk among applications running on mobile devices.
But the study's results also pointed to needs for better security around intranet applications, data stored on mobile devices and remote access to internal networks.
Originally, Good Technology provided secure managed services around e-mail only, according to Dan Rudolph, the company's director of industry solutions.
“But some of our customers are now expanding intranet applications such as customer relationship management (CRM) to their sales forces,” Rudolph says.
Other vendors — such as Blue Ridge Networks, Chantilly, Va. — offer end-to-end security products and services for both wired and wireless devices.
“Much of our business is made up of the Department of Defense and other federal government agencies,” says Tom Gilbert, chief technology officer at Blue Ridge.
When used together, cellular and WiFi networks can help make up for one another's weaknesses, according to some experts. For example, when it comes to encryption — or the ability to disguise data by “scrambling” it — cellular technology is now way ahead of WiFi, Finneran says.
Yet in certain other areas, WiFi holds the edge. For instance, devices running on cellular networks do not always get great reception indoors — particularly when the user is located deep inside a building, far away from any windows.
Although WiFi's transmission range is much shorter than that of cellular, 802.11's radio signals do a much better job of cutting through walls and floors.
But many experts are now cautioning customers and vendors against viewing different wireless networks as separate technology “silos.”
The entire wireless industry will gain better security if practitioners from various disciplines come together to share information, DeMilo says.
Following a recently held wireless security summit, the Georgia Tech Information Security Council (GTISC) now plans to set up comprehensive research programs and a wireless security test bed for exploring these issues with all stakeholder groups.
Some believe that cellular providers will soon decide to “hand off” calls between cellular and WiFi, meaning that cellular calls will move to WiFi networks as soon as they come into the enterprise telephone switchboard.
Within the United Kingdom, British Telecom is already handing off calls between its cellular network and Bluetooth, a wireless technology some consider less secure than WiFi.
Operating at short range only and requiring unobstructed “line-of-sight” between machines, Bluetooth was first devised quite innocently as a way of exchanging data between PCs and peripheral devices.
Using Bluetooth, you might exchange contact information between a PC and a PDA, or output a document to a printer, all without the hassle of plugging in wires. At this point, however, Bluetooth is beginning to be abused by a new breed of hackers called “Bluejackers.”
In the “Bluejacking” exploit, now growing popular in the U.K. and other European countries, hackers pinpoint the locations of nearby Bluetooth-enabled cell phones. Then, these PDAs get zapped with annoying text messages. Fortunately, the next generation of British Telecom's hand-off technology will combine cellular with WiFi as opposed to the more hacker-prone Bluetooth, Finneran says.
At the same time, some organizations are taking other approaches to bringing together WiFi with cellular.
For instance, to bolster security while also saving money, New York City-based Lehman Brothers took the unusual step in 2004 of buying its own cellular base station, a piece of equipment typically owned and operated by cellular carriers.
The investment bank then locked up all wireless APs in a secure wiring closet. Inside Lehman Brothers, WiFi and cellular signals are received by antennas. The signals are then fed to the APs in the wiring closet over the bank's long-established wired network.
WiFi in Government Applications Student laptops access WiFi in island community
Students in Manteo, N.C., are now performing research for school projects on a computer, even though most of them cannot afford one.
Each middle-school and high-school student in Manteo, N.C., receives an IBM ThinkPad notebook pre-loaded with VitalSource educational software with the ability to access the town-wide wireless network.
“We are happy with how the program has gone so far,” says Steve Jozik, information technology administrator for Manteo. “Computers are being used a lot more in college. This program has allowed students to become more familiar with computers.”
Manteo is one of the first small towns in the United States to have 100 percent wireless coverage with a network created by Charter Communications. Last May, more than 80 middle-school and high-school students in Manteo received a wireless-enabled ThinkPad R50e notebook equipped with the VitalSource Library — including more than 3,400 works of literature, art, history, philosophy, science and mathematics, ranging from the complete works of William Shakespeare to Mark Twain.
“By empowering our young people with access to technology, we are giving them the tools necessary to fuel their personal development and taking steps to foster the economic development of our small town,” says John Wilson, mayor of Manteo.
Since the start of the program, Lenovo, New York, offered training classes focusing on notebook security and data security. The ThinkPad R50e notebooks feature the Client Security Solution, which consists of an integrated security chip and password manager software, working together to protect confidential information such as passwords, while guarding against unauthorized user access. Other security options available on select models of ThinkPad notebooks include Absolute Software's Computrace solution, an anti-theft traceability tool, and Utimaco's SafeGuard PrivateDisk, a hard drive encryption tool. Both tools may be purchased by customers seeking enhanced security measures for their notebook PCs.
This summer, Lenovo plans to hold a camp for student-and-parent training on the laptops and VitalSource. Lenovo also plans to work with the teachers in Manteo in order to incorporate the laptops into classes' lesson plans.
Manteo is a community of 1,100 people and 1.7 square miles on Roanoke Island.