Homeland Security for Your Wi-Fi

Many users of wireless networks ignore basic precautions, but new software will help foil hackers

Over the past year or so, there has been a lot of talk about potential security breaches in wireless networks--everything from terrorists using easily accessed Wi-Fi to launch attacks on vital facilities to hackers sucking out corporate secrets using antennas built from Pringles cans. While there are serious security holes in the design of Wi-Fi, taking some simple steps will overcome them. And new technology due this spring can make both new and existing networks a lot safer.

The concern started last year, when computer scientists discovered serious flaws in Wired Equivalent Privacy (WEP), the security method used both to hide wireless data and to prevent unauthorized network access. It turned out that the "key," a large number used to encrypt data, could be discovered by analyzing the data that could be collected from a busy corporate network in a couple of hours. A skilled eavesdropper, perhaps stationed a block or more away using a directional antenna built with a Pringles can, would not have much trouble recovering the key and gaining access. And because changing keys is a tedious manual process, many companies rarely do it, if ever. So, once in possession of the key, an attacker could read traffic for an indefinite period.

Because such an attack depends on capturing and analyzing a lot of data, it's much less effective against relatively lightly trafficked home networks. The real security problem for home users is their failure to take the most basic steps to protect themselves. Most Wi-Fi gear ships with the WEP feature turned off--and most people never bother to activate it. That could allow your neighbors to ride free on your Internet connection and perhaps even read your network traffic. But just setting a WEP password and changing it occasionally will protect your home network from casual snoopers, and most homes are not tempting targets for serious hackers.

Home-network and small-office security will get a boost this spring when vendors start shipping products featuring Wi-Fi Protected Access. This new software, which also will be made available for downloading to older equipment, replaces WEP. A password will still be needed to connect to the network, but the actual encryption will be done using "keys" that are randomly generated and changed frequently. This should dramatically improve the security of small, simple networks--but only if you download and install the new software.

You should also take some basic precautions with your computers. Windows XP is much more secure than Windows 98 or Me, but only if you set up user accounts with passwords. And it's a good idea to run firewall programs to protect against intruders. At a minimum, make sure that the built-in Internet Connection Firewall in Windows XP is turned on.

If you want to toughen your home or small-office network so it's safe from the teenage hacker next door--and you don't mind getting under the hood a bit--you can get industrial-strength security by downloading Dolphin from ReefEdge (www.reefedge.com). You need to dedicate an old PC to run it, but the software is free and handles up to five users.

Bigger businesses have more complicated wireless-security problems, both because of the quantity of information they handle and the value of the data. Even before the flaws in WEP were publicized, vendors of corporate networks were offering proprietary security enhancements. This approach protected networks, but at the cost of compatibility: A notebook equipped with Proxim (PROX ) or 3Com (COM ) hardware and software, for example, wouldn't work on a network that required Cisco Systems' (CSCO ) LEAP security system.

Wi-Fi Protected Access follows the same approach as LEAP, requiring approval from a computer separate from the wireless base station to grant access to the network. But it should guarantee that gear from different manufacturers can work together and should be considerably easier for smaller businesses to install and maintain than current security solutions.

It's unfortunate that the designers of Wi-Fi did a lousy job on security, but the problems have been overstated, especially for home networks. With some simple precautions, Wi-Fi is safe for home or business use. It just requires a little effort on your part.

By Stephen H. Wildstrom

    Before it's here, it's on the Bloomberg Terminal.