Much has been written about Wi-Fi security in the wake of an AirDefense study in New York City, where they found over 1,300 wireless access points, of which 39% were totally unsecured and 29% were secured using WAP, an encryption protocol that is nearly trivial to break. In addition, and even more seriously, of the nearly 1,700 devices (laptops, PDAs, and cell phones) they monitored Monday at the National Retail Federation Convention and Expo, over 80% could be compromised by rogue hotspots.
Study: NYC Retailers Not Protecting Wireless Networks (Information Week)
There were also a couple of articles that almost seemed like they came from a He-Said, She-Said column. For example, a Wired blogger expounded on the virtues of open wireless (in the home, not in the business) with a less-than-complimentary response from a CIO.com writer. These differing approaches, from "Steal This Wi-Fi" to "Not in my Backyard," are stark and highlight the incredible gray area that still exists when it comes to computer security.
Steal This Wi-Fi (Wired)
At my work, we have a wireless infrastructure that has separate networks for faculty/staff and students. Students can connect once our Cisco Clean Access server determines that patches and virus definitions are current, and we allow access to only the resources that are available on the Internet. Both networks are secured by WPA and both require that the user authenticate with their own username and password. At home, I don't encrypt my wireless traffic, but I have a router inside my DSL modem (also my WAP) to protect my PC, my wife's Mac, and my Xbox. I do hide my SSID, so you have to ask me to use the network, but anything I do that needs to be secured goes through a VPN tunnel anyhow.