Byline: Elise Ackerman
SAN JOSE, Calif. _ When Gunderson High School launched its wireless network this fall, some parents were alarmed. Would a hacker be able to break into student laptops? View sensitive information stored on district servers? Tamper with grades?
Cliff Herlth, the tech resource teacher, assured them the network was secure. Only certain computers with registered wireless cards could connect to it. To anyone who lacked the proper technical IDs, the school network was virtually invisible.
"The only way you could get on our network at all if you are not on the list is by plugging in," Herlth said. In other words, an electronic intruder would have to physically enter the school and connect to an Ethernet cable.
During the last few years, as wireless networks sprouted by the thousands in schools, shops, homes and workplaces, concern has grown that such "hotspots" present huge security risks. Stories spread about wackers _ malicious wireless hackers who specialize in burglarizing wireless networks _ and the futility of protecting one's machines.
In reality, computer security experts say that the security risks of wireless networks are no greater than those of regular networks _ provided that the wireless networks are properly configured, their users are authenticated and the data they carry is encrypted.
"There has been a little bit of an overhype of the security problem for a while," said Ken Dulaney, vice president of mobile computing at Gartner.
Still, properly securing a wireless network isn't as easy as just flipping a switch.
Most wireless access points for home users are equipped with a built-in data encryption scheme known wired equivalent privacy (WEP). By turning on WEP, a user can prevent data from being intercepted as it is moves through the public airwaves.
The problem is that WEP is relatively easy to crack, so security consultants like Erik Berls of Virtual11 recommend that users routinely change their WEP passwords, which function as encryption keys.
"If you rotate the WEP once a month, you are pretty much good," Berls says.
Meanwhile, a stronger encryption standard is being drafted by the Institute of Electrical and Electronics Engineers (IEEE), a professional organization that sets industry standards.
In addition to using WEP, another basic precaution users can take is to set up their network so that it only recognizes specific wireless cards. While this isn't foolproof _ the media access control, or MAC, address that identifies a card can be hijacked _ it can be enough to deter a casual wireless freeloader.
A separate issue is whether a stranger who is borrowing your bandwidth can also access your computer. Contrary to common belief, wireless networks do not make it easier for someone to compromise your computer if ordinary security measures are taken. "Basically, I liken plugging a laptop into a wireless network as the equivalent of plugging a laptop directly onto the Internet," Berls said.
To ward off hackers and viruses, users should install firewall and antivirus software on each computer that communicates with the hotspot and turn off the "Internet File and Printer Sharing" option in Windows. Relying on a firewall that is bundled with a router isn't enough protection if the wireless access point is inside the firewall and the computers themselves aren't loaded with security software.
User of Apple Computer machines can take the same steps, as well as turn on a stronger encryption standard that comes with their machines. The architecture of Apple computers also renders users less vulnerable to hackers and other disseminators of malicious code in general.
Berls says users who want to be extra-careful can install a virtual private network (VPN). These cryptographic data tunnels are popular with corporations who deploy wireless networks. Companies that sell VPNs include Cisco Systems, Symbol Technologies, Proxim, 3Com, Avaya, Bluesocket, ReefEdge and Vernier.
"If you use a wireless network with a VPN connection, it is as secured as wired," said Dan Francisco, a spokesman for Intel, which was installed wireless networks at all its major campuses worldwide.
But no network _ wired or wireless _ is secure if threats are disregarded. Peter Shipley, an independent security researcher who has extensively studied wireless networks in the San Francisco Bay Area, can tell horror stories about companies who broadcast sensitive information to the world. He estimates that about 30 percent of all local networks are vulnerable in one way or another. Most commonly they lack wireless encryption or other forms of access control such as a VPN or MAC address filtering, Shipley said.
"Security is an economic issue," he noted. "A lot of people don't invest the time to set things up properly."
At Gunderson, tech resource teacher Herlth says the biggest concern to the high school network appears to be rebellious teenagers who are trying to wander into areas where they are not supposed to be or downloading programs they are not supposed to have. But most of the would-be hackers don't really know what they are doing, he added. When Herlth caught one who showed technical promise, he made him his tech aide.
___
(c) 2003, San Jose Mercury News (San Jose, Calif.).
Visit MercuryNews.com, the World Wide Web site of the Mercury News, at http://www.mercurynews.com.
Distributed by Knight Ridder/Tribune Information Services.
Комментариев нет:
Отправить комментарий