toggle.org, TOGGLE On-line Newsletter

Number 244 - September 2003

Wireless Networks (Non) Security
From One of Steve Bass' (PIBMUG) correspondents
I received a service request last week from a San Marino residential client that I hadn't seen in almost a year .He said he was having minor problems with his old PC and two recently added PC's and asked me to come over and clean things up. Upon arrival he added that he had installed a wireless network about six months ago and that it worked well but had frequent dropouts. Network Name While addressing the primary issues, I was surprised to see that his network was named "apple-something" and no one in the family seemed to know why. As an experiment, I unplugged thepower from their wireless base-station and, you guessed it, everything kept working. They had been tapping into a neighbor's network for over six months and didn't realize it. Another Network Suddenly they remembered that the original name had "default" so I reset everything to "default" and it worked great--until I realized that I still hadn't plugged in their base-station. They were now on a second neighbor's network. There's a lot more to this but you get the point, lazy users, confusion, and a complete lack of security. BTW, I brought up the second neighbor's routers in my client's browser and, since they hadn't changed the default login, was able to look at all of their settings. Of particular interest was the DHCP table that showed twenty-five (25) assigned addresses. The poor guy who owns the system is providing connections to everyone on the block and is no doubt clueless as to why he has such low bandwidth. Steve Gibson of www.grc.com commented: Isn't that a hoot?!	What's Not A Hoot ...Is Wireless Networking. Wireless networking makes me extremely uneasy. I don't use it and, despite the appearance of extreme convenience, I doubt I ever will. It's too much like running a connection from your network's hub or router out into the front yard with a sign saying: "Come on over and plug in." There's little difference, since a wireless network is broadcasting just such invitation. It may be theoretically possible to make it safe, I'm not saying that it's not. But it's also (obviously) theoretically possible to make absolutely 100% bug-free software. But we all know how unlikely and how apparently difficult that is. With code built upon code built upon code, and few people writing anything from scratch anymore, and with critical bugs being found in widely- used core libraries, no rational personal who understands the complex nature of security would trust wireless networking. I don't, and my standing advice is: Use it if you really must, but never trust it, and don't use it unless you truly would not mind running a wire out into the front yard and system. Certain ports have to be opened for the Internet to come in. The firewall closes them and opens them when needed. Kim Komando's website (www.komando.com) and Steve Gibson's Website (http://grc.com/default.htm) have information about ports.
Number 244 - September 2003