Security overhaul for wireless networks
Written by Riley Martin on 5:00 AMThe security of wireless networks is getting a make-over in an attempt to secure them from drive-by hacking attacks.
Respected security firm RSA has found a way to improve the notoriously weak encryption system used by wireless networks. However, some experts fear that the fix comes too late to save the reputation of wireless networks and the only way to protect them is to use other security systems. Others say the RSA-improved security will not help all wireless network users as many are still not taking the most basic steps to protect themselves.
Secure packets
Of late, wireless, or Wifi, networks have become very popular because they are cheap and easy to set up, and remove the need for lots of unsightly, expensive cables.
However, the method Wifi networks use to scramble data, known as Wireless Equivalent Privacy (Wep), has been comprehensively defeated by both security professionals and hackers.
The vulnerabilities have led some hacker groups to engage in "war-driving" expeditions which map wireless networks and show which ones are open to attack.
To improve Wep, RSA has developed "Fast Packet Keying" which gives each packet of data its own encryption key. Anyone gathering data from such a network would have a much harder job breaking into the packets of information.
RSA pointed out that the fault with Wep did not lie with the RSA-authored RC4 algorithm it used to encrypt data.
Instead, it lay with the way that the computers were sharing a wireless network and the hub shuffling data around all of them.
Wep provided too little protection for the way that hubs and the connected computers decided on how to encrypt data packets travelling through the air.
Security experts found that by capturing packets they could gradually work out the encryption key being used to scramble the data passing across the network.
With enough information, a determined malicious hacker could find the key to descramble all the data passing across a network.
Protection problems
But some experts fear that the system developed by RSA will not do enough.
"The damage has already been done as far as Wep is concerned," said Bob Brace, from Nokia's internet communications division which develops security systems to protect voice and data networks. "Users see it as a weak security system."
Other security experts fear that a beefed up encryption system will do little to protect wireless network users.
Ian Peacock, a consultant at net security firm Defcom, said often many companies failed to even turn on the Wep encryption system when they installed a wireless network.
He said security audits by Defcom of wireless networks used by its clients showed that some failed to take even the most basic precautions.
"The number of networks around the City [of London] that do not have Wep enabled is scary," he said. "Those that set up and use the latest technology often do not appreciate that there are emergent security issues."
Mr Peacock said the ease with which wireless networks could be set up fooled many people into thinking their new network was secure.
However, he said, the start-up settings of many wireless networks meant they were vulnerable to attack.
Despite the shortcomings there is a lot that users can do to protect themselves.
"There's a shortlist of at least 20 things you can change to make wireless networks more secure," he said.
At the very least, anyone using a wireless network should change default IDs, turn on Wep, place the network behind its own firewall and use extra levels of encryption to secure traffic passing across it and into other corporate networks.
BBC News
| Posted in »
0 comments: Responses to “ Security overhaul for wireless networks ”