I’ve installed and/or used several wireless networks over the years and have never been worried about security. I should have been. Thankfully, nothing that I know of, has happened to me (yet) but Mike Klein, CEO of Interlink Networks patiently educated me on the dangers of wireless computing and talked about his wireless security product Lucidlink. He actually, “re-educated” me. I know the dangers, but like backup, I often ignored them and didn’t think about the dangers until too late.
Businesses, like yours and mine, are installing wireless networks for the convenience of being able to access the Internet and/or their corporate network from anywhere in their company or mobile computing outside of the office. The big problem is that many of these same businesses do not take the time or have the skills to properly secure their network – leaving it wide open for hackers to access their company data.
Mike explained to me that for hackers it’s more than simply accessing the company’s network.
Transmitting your data over an unsecured WiFi network gives anyone within range of your wireless computing experience a view into the password and user name of your pop-based email and any other transmissions that are not encrypted.
Let’s take things a step further and assume that you DO encrypt your WiFi network. What do you use? The Wireless Encryption Protocol (WEP)? For casual “hackers” WEP might be good enough, but in reality, there are tools that anyone can download from the Internet that can crack WEP encryption in minutes. If you cannot afford someone stealing your user name and password (maybe it’s not a password for your email account, maybe it’s for a product list), especially from a determined hack – WEP is not sufficient. If a competitor stole your customer list, that was insecurely going across your wireless network, would that bother you? If a competitor (or disgruntled employee you fired) stole the marketing and product plans you had for the next quarter – would that be problematic?
It takes the expertise and time that many smaller businesses simply do not have to properly implement wireless security. Big companies install expensive encryption software, servers and clients and have dedicated staff to manage their wireless infrastructure. Can your 10 or 20 person business do this? Maybe you share an encryption key with staff in your office. If someone leaves this means you’ve got to re-enter new keys. What if a guest visits? Do you deny them access to your network? Do you give them the shared key?
Inter Link Networks offers, LucidLink, a wireless security program that offers high end encryption and security features but with a very easy to use interface and user management tool. It comes in two parts – a wireless client that must be installed on each computer you want connected to your network and a “server” component that’s installed on your server and interfaces with your access point. LucidLink Home Office Edition is free and connects up to three users, LucidLink Wireless Security is made for larger businesses and connects up to 250 users.
The beauty of LucidLink is three fold – high-end wireless security, effortless installation and a very simple (point and click) interface.
If a guest comes into your office and needs access to your network, assuming they have the LucidLink client installed, your network administrator (or whoever you designate) is sent an alert that a user wishes to access the network. The administrator can then, with minimal clients grant them access to the network and indicate for how long.
Here’s how Lucidlink works:
Setting up to LucidLink to work with popular access points from 3Com, Linksys and D-Link is easy as LucidLink’s management (server) component is pre-programmed with their configurations.
You can use LucidLink’s free wireless client (at http://www.lucidlink.com ) instead of Windows built in wireless client to connect to public hotspots AND your corporate network.
Mike writes that a $50 unsecured access point blows a hole through multiple layers of network security and gives even the most casual attackers direct access to the network, yet most users do not realize the extent of their vulnerability. For example:
∑ While many Wi-Fi users assume that access to their wireless network is limited to 100 yards because their notebook can only reach the network from a limited distance, the reality is that anyone can access an unsecured network from over a mile away with a $49 directional antenna or a modified Pringles can.
∑ War driving is more pervasive than ever. There are dozens of hacker websites that provide locations of wireless networks across the globe that are open to attack. One site alone (www.wigle.net) lists the locations of close to 2.6 million wireless networks, of which over 53% have no security at all and another 33% are running with low-level WEP security that is easily cracked.
∑ Methods such as hiding SSIDs (network names) or MAC address filtering are promoted as good first steps in securing networks, but they provide a false sense of safety because they are readily overcome by most amateur hackers.
∑ Every time a user accesses his or her POP3 e-mail over an unsecured Wi-Fi network, his or her username and password are transmitted over the wireless link without encryption. A hacker can quickly pull out that password and access the users e-mail without detection.
∑ In the case of an unsecured or poorly secured website, a hacker can copy the users MAC ID (machine identifier), log into the network, and launch virus attacks, spam or other illegal activities over that network. Authorities can track these illegal activities back to the users machine, and the hacker can get away without a trace.