WiFi: Enabler or Threat?

by Sonal Desai    Sep 16, 2008

Even as the government is busy drawing last minute strategies for mass WiFi deployments across the country, the recent misuse of the technology is likely to make those in power sit up and re-think.

As the death row mounts each day, and as people across states try to come to terms following the aftermath of the bomb blasts, large enterprises that are normally the most vulnerable to security are voicing concerns.

A CIO from a large organization is thankful that he did not allow the enterprise to be WiFi-enabled. “We deliberately did not go for WiFi. Security was the main reason.”

Also the fact that the alleged terrorist managed to hack a WiFi network to send alerts and claim responsibility for their acts, shows how easily the WiFi network can be hacked. “So many people are hacking the network. This proves it is much more vulnerable. There is a need to study why it is taking place and mass scale deployments should be encouraged at a later stage.”

Securing WiFi is not easy. Since the network is in the air, people can get signals and use or misuse it. It is as easy as typing on a mobile phone, said the CIO. “It is important that the WiFi signal do not travel beyond certain physical boundaries. We will need to revisit the entire strategy before mass scale deployments.”

Many surveys have revealed that large organizations and also the government are not serious about their IT security and network protection. An analyst said, “Although protecting IP addresses comes under network security in enterprises, the passwords can be easily cracked.”

Many WLAN access points have inadequate security and some managers think they are no risk because all they do is allow internet access. Attacking open WiFi routers is no different than attacking PCs. Unlike PCs, WiFi routers are always on and hence the intrusion can happen anytime.

The problem is some of the routers come pre-programmed with unique wireless network keys. These keys may be obtained by MAC address. Also, some routers use WEP as the standard feature and since the key is static, risk of breaking into the system remains high. Several instance of cracking into WEP, WPA1 are known across the world. Other major problem is most routers use Universal plug and play (UPnP) protocol by default, which can be accessed without the required authorization, said T.R. Madam Mohan, managing partner, Browne and Mohan.

Researchers have increasingly pointed out better adoption of WPA2 (wireless protected access protocol) could be first set of defence against this risk and also malware and other threats in future. Following, MAC address filtering, chaining the default router password, disabling compatibility, firmware should be used to effectively manage the security
of the router, said he.

While the enterprise has to be careful at all ends while opting for the WiFi network, the vendors should be an equal participant. Large enterprise organizations are very careful. The challenge is more in the SMB segment who have limited resources, said Arun Gupta, CIO, Shoppers’ Stop. However, considering the fact that mobile workforce is on the rise across organizations, laptop proliferation will continue and enterprises will have to introduce more checks, and business will have to and use technologies such as passwords, encryption and firewalls.

“In fact, vendors who sell the solutions should also be held responsible. They should educate customers on all potential threats. At the same time it is fair to say that organizations need to be a little more cautious. And although large organizations have been more careful about security, they will be much more cautious.”

Related links:
Mumbai to be WiFi Enabled