TechDirt points out stories on both Broadband Reports and WiFi Networking News, about somebody getting arrested and charged with a felony for surfing the internet from his car near someone’s open WiFi network.
There just seems to be something about people using an open WiFi network that sets people off in the wrong direction. As we’ve pointed out before, the idea that using an open network is bad because criminals would never get caught is a total red herring, as plenty of more traditional means of detective work can still be used to track down the criminal.Just because something can make you anonymous, doesn’t mean it automatically is illegal. Wouldn’t the same argument be used againt any anonymizer sites? Also, as Glenn points out at WNN, some (though, not many) ISPs encourage users to open up their WiFi and let people use it — so it’s even entirely possible that this guy was doing something that was allowed.
Whether or not he was doing anything else illegal is a different question — but simply accessing the WiFi doesn’t seem likely to have harmed anyone, but you wouldn’t know that from reading the press coverage.
Security Begins at Home. A no Wi-Fi policy does not guarantee security — intruders can enter through laptop clients. Virtually all laptops now include Wi-Fi. Individuals, businesses or municipalities that think they can eliminate wireless threats by eliminating WiFi may be mistaken.
The growth of municipal WiFi networks will likely increase illegal activities on wireless networks if for no other reason then they’ll be more of them. An e-Week editorial thinks Municipal Wi-Fi plans like Philadelphia’s are security disasters in the making. [But at least they have a plan].
Protecting private citizens must be given the highest priority. Cities can’t afford lawsuits, either.
The Nomadix AG 5000 Metro Gateway, for example, provides both wired and Wi-Fi metropolitan public access networks. The $12,000 unit can handle up to 4,000 users at a time when they connect via a Wi-Fi hotzone (standard APs or mesh) or even WiMax-based fixed wireless. Boingo Wireless and EarthLink have teamed on roaming solutions and include a Nextel/Wayport connection.
Wavesat, the first WiMAX chip vendor, has integrated SafeNet’s security co-processor in their reference design for OEM developers.
Other secure wireless LAN gateway vendors include Columbia Tech, Bluesocket, Vernier Networks, ReefEdge Networks and Cranite Systems. They segment the WLAN from the rest of the network with flexible, user-aware firewalls and stronger encryption capabilities.
WSC Guard has a free client (for a month, then $4.95/monthly), as does Lucid Link. The technology behind SecureMyWiFi is RADIUS (Remote Authentication Dial In User Service), which is widely used by ISPs (similar to username/password on dial-up connections). Others include PublicVPN.com for $5.95 per month or $59.95 per year, HotSpotVPN.com (standard PPTP and SSL VPN with a client), WiTopia.net (SSL VPN with a client), and JiWire s SpotLock (IPsec using a client).
IP Unplugged says their Universal Mobile IP Client (right) enables secure, seamless roaming. It enables the user to move between LAN, Wireless LAN, GPRS/3G/CDMA, and broadband networks in a secure and seamless way, without any configuration, user interaction or need for the user to think about the mobility or security, says IP Unplugged.
The PCTEL Roaming Client also claims full support for WPA, 802.1x, and integration with popular VPN and personal firewall packages, as well as a 2.5G/3G module for connections to GPRS/EDGE, CDMA2000 1X, PHS/FOMA, and UMTS packet data networks.
802.11i, also known as WPA2, brings strong Advanced Encryption Standard (AES) security to wireless networks.
Microsoft’s latest Windows XP update lacks full compliance with the WPA2 specification, says e-Week. The new EAP types, all nonproprietary, fit into the 802.1x framework. That means enterprises using WLAN gear with those EAP types (EAP-TTLS/MSCHAPv2, PEAPv0/EAP-MSCHAPv2, PEAPv1/EAP-GTC and EAP-SIM) will run into problems.
But 802.11i may not be for everyone. The AES portion of WPA2 (Wi-Fi Protected Access 2) security may not be backward compatible with currently installed 802.11 a/b/g equipment, making upgrades tricky for enterprises that hope to preserve their WLAN investment.
E-Week explains some particulars about the [confusing] 802.11i standard:
Similar to WPA (Wi-Fi Protected Access) a stopgap solution based on Draft 3 of the 802.11i specification 802.11i provides port-based authentication to a RADIUS server to provide user authentication. However, 802.11i streamlines WPA’s key exchange process among the client, access point and authorization server by requiring fewer messages.Once a user has successfully authenticated to the RADIUS server, the authentication server creates a PMK (pairwise master key) that is moved to the access point and then exchanged with the client. This key controls both devices’ access to the 802.11 channel (no matter which band) and is used to derive the PTK (pairwise transient key), which is actually a collection of keys that help mutually identify the devices and secure the data traffic.
The PMK is unique to the client/access point conversation, so the 802.1x authentication process must occur again when a client roams to a new access point. Because the authentication process causes some latency, devices running time-sensitive applications may falter during a roam.
In Part 1 of Beyond Passwords, WiFi Planet explained the problem and showed why organizations are interested in improving on password authentication. In part two, they examine the solution. Broadband Reports has additional background.
Tom’s Networking has a definitive collection of security resource links. Broadband Report links to some interesting maps by Postini that illuminate the geographical origins of spam, viruses and directory harvest attacks.
This Network World Article on Wireless Security assembled 23 wireless products from 17 vendors and ran them through a battery of tests. It’s a comprehensive review of the latest gear. Mobile Pipeline tested WLAN monitoring systems that provide wire-side and wireless rogue-device detection, intrusion detection, RF interference detection, user and group traffic monitoring, and performance monitoring in the 2.4-GHz and 5-GHz ranges.
Here’s a look inside the security elements of 802.11i. George Ou describes the six dumbest ways to secure a wireless LAN.
