Licence to hack

An alarming lack of wireless security know-how in the region is putting enterprises at risk, and presenting would-be criminals with an open invitation to hack, says Eliot Beer.

  • E-Mail
By  Eliot Beer Published  November 25, 2007

While researching a recent feature on wireless security for NME's sister publication ACN, a colleague was alarmed to discover she actually knew more about wireless security than some of the end users she had spoken to. The real cause of alarm was that, before researching the feature, she knew absolutely nothing about wireless networks, let alone wireless security.

After diligently digging out information on all the current wireless security standards, how they differ, and how they improve on the previous generation of security - a task she did over a couple of days, while doing other work - she was surprised to say the least that some interviewees had not shown the same level of diligence.

One network manager in particular was proud to be using 128-bit WEP encryption - an older and flawed security protocol - and seemed very relaxed about not having limited access to his firm's applications when accessed through the Wi-Fi network.

This is something which I and my colleagues have all encountered before - end users who are hazy on the difference between WEP and WPA, conspicuously vague on the idea of MAC spoofing, and would probably regard Triple-DES as something about three men called Desmond.

Now, in contrast to my column two weeks ago, I'm not about to extrapolate a theory that the entire regional industry is filled with alarming levels of ignorance on all networking issues - although to be sure holes in knowledge do exist.

For some reason, the main knowledge gap seems to exist around wireless networks and wireless security - again and again, this has come up as a conspicuous gap in IT professionals' knowledge bases, more so than any other technical area.

Frankly, this is baffling to me - I can't think of a reason why end users are more prone to be ignorant on wireless networks than any other area, at least not one that rings true. While the technology is fairly new, it is now pretty ubiquitous in residential and commercial locations - and even clued-up home users are now cottoning on to the need for effective security.

If you have suggestions as to why this might be, I'd be very interested to hear them - you can e-mail me or use the comments form at the bottom of this page.

On a general level, though, I would file this partly under the general apathy I referred to a fortnight ago. Wireless security is very easy to dismiss as "somebody else's problem", and lapses are often hard to spot - or easy to ignore.

What is certain is that unless regional end users start taking wireless security more seriously, the chances of a serious breach will continue to grow daily. The ease and availability of wireless hacking tools is growing, and the simplicity of parking outside an office - say, a bank, or a major pharmaceutical firm, or a government agency - and breaking in to the network makes it an attractive and low-risk proposition.

Because although there is a high level of hysteria about security - and wireless security in particular - using out-of-date security and poor network management is nothing less than a licence to hack.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code