10-16-2003, 08:10 AM
|
|
Pontificator
Join Date: Aug 2006
Posts: 1,177
|
|
Illusive Bandwidth Thieves
Do you believe mobile device viruses and wireless bandwidth thieves are major threats? I don't. At least not today. I installed and reviewed a Pocket PC antivirus application already two years ago and I have still not seen a Pocket PC virus that would justify the existence of Pocket PC antivirus software. Some argue that it is just a matter of time before the viruses arrive. Very likely I say, but let's not cry "wolf!" until it happens. Which brings me to "bandwidth thieves".
The article Beware the Bandwidth Thieves is one of the latest that warns us from bandwidth thieves, bandits that are willing to spend time and resources breaking into locked wireless networks. The article goes: "If you use MAC address authentication as your only security mechanism, especially if you have an 802.11b-based wireless infrastructure, it's ridiculously easy for savvy hackers to break in. The MAC (Media Access Control) address is the supposedly fixed identifier on a network client device. ... Here's the problem. Contrary to what you may believe -- and what some vendors may tell you -- the MAC address on a wireless device can be changed."
I do see that WiFi software is getting smarter and more easily detects open networks. Pocket PC 2003 does a really good job from out-of-the-box. But properly configured and just using the simplest of lock-down settings (not broadcasting SSID, WEP and specifying MAC addresses), I doubt "bandwidth thieves" would be inclined to spend energy getting a free ride from your bandwidth. There must be easier methods of getting Internet access. I am not trying to downplay the risks if you really have sensitive information behind your firewalls, but for the average home/office network I don't see a real threat. Agree?
|
| |
|
|
|
10-16-2003, 09:25 AM
|
|
Thoughts Media Review Team
Join Date: Aug 2006
Posts: 599
|
|
The biggest risk that occurs to me is that if people can get onto your wireless network, they are inside your private space, i.e. behind any firewall device you might have connecting you to the Internet.
That allows them to bypass one of the most significant barriers to attacking your system.
As you say, chances are this is only going to interest them if you have sensitive information but ... what if you have a corporate laptop that you are using at home? Someone engaged in industrial espionage might decide that it is easier to break into your laptop at home, slightly vulnerable on your home WiFi network. Once they've done that, the next possible step is over the VPN client on your laptop and into the corporate network.
Fantasy? Not really - apart from the hacking of home WiFi networks, this is what is happening whenever a remote sales person forgets to patch their laptop, gets infected by a worm and then that worm has an easy way into the corporate network.
Yes, there are ways of countering it, e.g. restricting access to devices in the corporate network, but what is harder to do is to police any WiFi installations that staff might do in their own homes. As more and more laptops come with WiFi built in, it is going to be harder to think of ways to lock these systems down.
--Philip
|
| |
|
|
|
10-16-2003, 09:38 AM
|
|
Theorist
Join Date: Jul 2003
Posts: 298
|
|
It's a classic case of focusing on the new concerns, and ignoring the old ones.
Articles are constantly being written criticising wireless security protocols; yet unsophisticated viruses such as SoBig can cause millions of dollars in damage in a matter of hours, simply because average people around the world don't know better than to not open executable attachments.
One out of every ten laptops is stolen, and 88% are never recovered. Over 300,000 laptops were stolen last year, at a cost of over $1,000,000,000 US dollars. Yes, billion.
Yet Gerry Blackwell finds time to write an article on people sucking a few cents of bandwidth off of your WiFi network even though you have MAC filtering, WEP, and SSID broadcast turned off.
Perspective. It's a wonderful thing. Too bad more people don't have it.
|
| |
|
|
|
10-16-2003, 12:51 PM
|
|
Pontificator
Join Date: Aug 2003
Posts: 1,185
|
|
Quote:
|
Originally Posted by Newsboy
...yet unsophisticated viruses such as SoBig can cause millions of dollars in damage in a matter of hours, simply because average people around the world don't know better than to not open executable attachments.
...even though you have MAC filtering, WEP, and SSID broadcast turned off.
|
Speaking of perspective. I think if you look at your first paragraph on how hard it is to get your "average" user to not execute .exe from email and then think about how little your "average" user is going to know about MAC/WEP/SSID and you get a pretty clear understanding of the vulnerability.
It's nothing that keeps me up at night, but then again I'm locked down. I've seen what some people do when they set up their home networks and if I was the CIO/CSO of a company I'd be a little concerned.
Back to catching the falling sky... :lol:
|
| |
|
|
|
10-16-2003, 02:22 PM
|
|
Pupil
Join Date: Aug 2003
Posts: 10
|
|
so, where's a good place to learn what to do beyond MAC filtering, WEP, and SSID non-broadcast?
|
| |
|
|
|
10-16-2003, 04:31 PM
|
|
Mystic
Join Date: Feb 2004
Posts: 1,911
|
|
I don't have any encription turn on at all on my wireless network. There is no need. Where I live not many people know about this technology. And even fewer know that I have WiFi. If some kid takes the time to go out to my house then he can sit outside my bum some bandwith off me.
|
| |
|
|
|
10-16-2003, 04:31 PM
|
|
Pupil
Join Date: Jul 2003
Posts: 11
|
|
Quote:
|
Originally Posted by Newsboy
One out of every ten laptops is stolen, and 88% are never recovered. Over 300,000 laptops were stolen last year.
|
If I was the CIO/CSO of a company, I would be more concerned on this figure and trying to prevent that type of access to corporate information than I would be concerned about someone having a "weak" security home Wi-Fi connection.
But in all honesty, I think that it's still a small percentage of the people that fall under each of these categories. I just recently got a WiFi connection in my residence and the first few things we did were the mentioned items. And I'm one of the few people I know that has WiFi now. So, until it becomes more common, then I don't see a major disaster approaching.
|
| |
|
|
|
10-16-2003, 05:35 PM
|
|
Philosopher
Join Date: Jul 2003
Posts: 495
|
|
I don't think anyone is trying to defeat wireless security just to use your bandwidth. There's much better/worse things to do behind the firewall than surf the net or spam email.
If its got WEP or MAC auth, someone could just walk across the street to find one that doesn't. APs (in this area) are that plentiful and the people using them who are very short on security knowledge is a high percentage. The time it takes to defeat security measures just to get an internet connection usually nullifies the point of making the connection, ie. quick access to the net.
If someone takes the time to break security they usually have an objective. I wouldn't think that objective would be to check the forums on PPCT. :twisted:
|
| |
|
|
|
10-16-2003, 07:34 PM
|
|
Intellectual
Join Date: Jul 2003
Posts: 144
|
|
Quote:
|
Originally Posted by shlide
so, where's a good place to learn what to do beyond MAC filtering, WEP, and SSID non-broadcast?
|
ArsTechnica has a couple of good technical blackpapers on wireless security for the home user:
Security Practicum: Essential Home Wireless Security Practices
Wireless Security Blackpaper
Ars is a great site for just about anything PC or technology related. In fact, it's one of the very few sites that I love and visit more than PPCT! :wink:
JoshB
|
| |
|
|
|
10-16-2003, 07:46 PM
|
|
Ponderer
Join Date: Jul 2003
Posts: 83
|
|
Shared WiFi
Good thing you mentioned it Andy. I am only using MAC filtering because I thought it was safer than WEP and did not bother to turn WEP on.  ops:
I was on a long businees trip recently I used to "borrow" bandwidth from unprotected WiFi networks. I don't have any moral issue since all I did was to check private emails and PPT website :lol: And I pay my monthly broadband subscription too!
Wouldn't it be great to have a worldwide community of "borrowed" WiFi access points? Only known people who have a broadband subscription and who are sharing their access could be part of this community. I thought about it before. But it would be quite difficult to allow only legitimate users access to your WiFi connection. That does not mean it is impossible. I have lost patience with wireless operators. Where is the promised highspeed Internet access in your Pocket? And if it happens it will probably be for a high premium. Come on, together we can do it!
|
| |
|
|
|
|
|
Linear Mode
