Over the past few years, wireless LANs
(WLANs) have moved from emerging technology and industry buzzword
to a selling point for Starbucks and airports. The availability of
low-cost WLAN equipment allows just about anyone to set up a
wireless Internet access point.

WLAN access is certainly a viable way to set up
a network, especially in cases where wiring isn’t practical or
desirable. However, don’t mistake viability for security.

To believe that a wireless LAN is as secure as
a wired LAN is a dangerous assumption. However diligent the
Institute of Electrical and Electronics Engineers (IEEE) was in
creating the 802.11 protocol suite (the standard specification for
WLANs), the name Wired
Equivalent Privacy (WEP)–a security protocol that’s part of
the 802.11 standard–is a misnomer.

Wireless access will just never be the
equivalent of wired access. Several published methods and programs
exist for breaking WEP. While it certainly takes time and effort to
break WEP, if intruders want to get into your wireless network,
chances are they’ll succeed.

But this time and effort really isn’t even
necessary. A much more low-tech way to intercept wireless Internet
traffic exists, particularly at the numerous public wireless “hot
spots” that keep cropping up.

Wireless Internet access is a great way to
bring customers into traditional brick-and-mortar establishments,
not to mention a proven way for increasing coffee sales. Wireless
Internet hot spots, typically found in cafes and public buildings,
advertise who’s operating the WLAN by using a service set
identifier (SSID).

Typical public hot spots advertise themselves
using the SSID, which shows up in the list of available wireless
Internet networks you can connect to when you’re in range. And if
you’re like the majority of users at public hot spots, you’ll click
the SSID, connect to the Internet, and think nothing more about
it.

But it’s this lack of thinking that once again
exposes the technical immaturity of most computer users. In
addition, it highlights a glaring oversight typical of overzealous
deployment of new technologies without proper education.

The SSID for an 802.11 wireless access point
isn’t a unique identifier. I can take a short drive with my laptop,
running a tool like NetStumbler, and find a dozen open 802.11
access points called Linksys any day of the week.

That means if a public hot spot advertises
itself using a specific SSID, anyone who’s marginally technically
savvy and motivated to be malicious can set up another 802.11
access point using the same SSID. If the signal is stronger–and
even if it’s not–a typical user could easily end up connecting via
the wrong wireless access point–if the user even gets to select
the access point at all.

Researches who “discovered” this issue have
dubbed the rogue hot spot an “evil twin” of the legitimate wireless
access point. Once you’ve connected to an “evil twin” hot spot,
your Internet traffic is at the whim of whoever is in control of
the rogue hot spot.

But this isn’t a new issue; the potential for
it has always existed. And it’s not just a concern for public hot
spots–it applies to any wireless network that advertises the
SSID.

How big a problem this is depends on the
operating system in use and how easily duped the user is into
thinking wireless Internet access is generally secure. For example,
on Windows, you can configure wireless access to automatically
connect to specific wireless networks when they’re in range.
Dynamic Host Configuration Protocol (DHCP) doesn’t really care
which hot spot you connect to; it just sets up the connection and
doesn’t worry about whether it’s to an “evil twin.”

Wireless equipment manufacturers have always
stressed ease of use over security, and this vulnerability has been
present all along. If you thought public wireless hot spots were
secure, consider this your wake-up call.

It’s important to remember that wireless
Internet access isn’t as secure as wired access, and it never will
be. And that’s precisely why I won’t use 802.11 wireless Internet
access anywhere, least of all at a public hot spot, unless I’m
using some method of point-to-point encryption, such as SSL or an
IPSec tunnel.

Want more advice for locking down your network? Stay on top of the latest security issues and industry trends by automatically signing up for our free Internet Security Focus newsletter, delivered each Monday!