id="info"

Networking

Sometimes, no encryption is better

Encryption is often an indispensable part of security. At other times, it's just an unneeded complication.

Use Encryption for Wireless Networks

When you run a wireless network at home or in the office, it's a good idea to use strong encryption to protect the network against the kind of casual access that isn't possible with a wired network. The importance of it is so great for so many wireless networks that security vulnerabilities discovered in wireless encryption protocols make for some of the hottest IT news items.

In general, when you connect to an unencrypted wireless network it is a downright terrible idea to visit your usual Web haunts and chat with others in IMs without using some kind of encryption. In particular, I tend to favor SSH proxies. My reason for favoring SSH for this purpose is in part the fact I'm reassured by the quality of the OpenSSH tools and the reputation of the team that develops the software, and in part the fact it's already installed on the OSes I use most often (and thus doesn't require a bunch of extra software installed on the system) and offers other benefits besides the ability to create encryption proxies. It is also, in part, the fact it's incredibly easy to set up and use — especially once I alias the fairly simple command used to create the proxy connection to a short, one-word, even simpler shell command.

Despite these facts, however, there are times you don't need to encrypt a wireless network. More to the point, there are times it's actually a bad idea to encrypt a wireless network.

No, Wait, Don't Use Encryption

As a very common and illustrative example, consider the case of a coffee shop's free "public" wireless network access. The purpose of such a thing is to provide a service to customers that gives them a reason to choose your location instead of another. I live in a college town that has a density of coffee shops that surely cannot be exceeded without going to Seattle. In fact, before I moved here, I had never encountered a coffee shop that was literally open 24 hours a day — but as I write this article, I'm sitting in that coffee shop right now, at almost ten at night, along with probably somewhere in the neighborhood of thirty or so other customers.

In this town, the coffee shop industry is so competitive that the only coffee shops I'm aware of that don't charge for wireless access are big chains (Starbucks and the small coffee shop in Barnes & Noble) that have the same charge-for-wireless policy everywhere in the country. Barring such paid access networks, it is in the best interests of those coffee shops to provide as convenient a means for customers to access the Internet with their laptops and iPhones and G1 smartphones and netbooks and N800s as reasonably possible. The more convenient it is, the more likely customers are to choose this coffee shop over another.

In such a case, eschewing encryption improves the convenience of the wireless network for customers.

Many managers of small businesses such as coffee shops have probably read somewhere that an encrypted network provides a great way to keep unwanted, perhaps even malicious, people off a wireless network. What these overenthusiastic security-seekers fail to understand is that they're probably not really gaining anything. In practical terms, if someone wants to use your wireless network in particular, and you make your network accessible to your customer base for free any time they come in as a coffee shop would, encrypting the network doesn't protect you from that person at all.

All the person has to do is come ask what key is needed to connect to the network. You're going to give it to the person — right? After all, if it's not generally available for free, it's no longer the marketing benefit you set out to make it. Very quickly, the encryption key becomes general knowledge, and ultimately the only people who can't connect to it are people who don't care to connect to it. If you try to plug this crack in the dam, all you're going to accomplish is annoying your regular customers.

All encrypting a free "public" wireless network in a business like a coffee shop accomplishes is making life inconvenient for customers. An argument could be made that network saturation because of surrounding businesses relying on your bandwidth, but even if you have network saturation problems, a better solution by far is to use a QoS system such as ALTQ to limit the amount of bandwidth any individual network user can consume to some reasonable maximum. With a halfway decent QoS system in place, you shouldn't suffer major network slowdowns even if you have dozens of users on the network.

The Moral

Employing good security practice involves more than just knowing what tools to use. It also involves knowing when to use them, and when they're unnecessary — or even counterproductive. If you're a coffee shop manager who offers wireless access to customers free of charge, you should keep that in mind when considering the use of wireless network encryption.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

Editor's Picks