I remember the first time I read in the Wall Street Journal (1999) that “doing wireless was like putting an RJ-45 Ethernet jack in your parking lot.” The implication was that the company’s most sensitive information would be readily accessible if someone simply drove into the parking lot and had a wireless card. The presence of wireless would allow a would-be hacker to spend the night draining your company of its valuable information. We were clearly forewarned. And it did in fact happen – over and over again!

When I was asked how to prevent security leaks for a Fortune 500 company, the first question to answer was, “who are we protecting ourselves from?” We identified several classes of potential threats and determined their relative ability to penetrate our security from lowest (1) to highest (5): 1. Hackers, 2. Corporate Espionage, 3. Disgruntled employees, 4. Careless employees, 5. Domestic and Foreign Governments.

It is true, that wireless link into the parking lot is a high risk element in your security and the same is true for the Internet access. But there are many affordable techniques that are readily deployed to ward off the Hacker trying to penetrate these defendable portals. They are typically looking for easy targets and do not waste much time trying hardened sites.

The Corporate Espionage motivated hacker has more staying power. They have an identified motive and it requires various levels of monitoring to warn you when this type of person is working overtime to get into your records.

The Disgruntled Employee has gotten a lot of attention over the years and is clearly a challenging threat that needs to be managed. And trying to defend against National Agencies is a topic of growing concern and topic for another day.

It’s the Careless Employee that generally poses the highest threat where the typical corporation can improve security without breaking the bank. We have determined that access to information from anywhere is more important than the risk. Our managers, employees and officers all have laptops and home computers with “secure” access to routinely download all the corporate spreadsheets, customer lists and contracts, update these and upload them back again. This is done in virtually every company in the technology enabled world. The result of this style of information management is that your most critical information is now everywhere. Copies are on home computers, laptops and traversing the unsecured Internet. In most cases, if a copy of a document went out to a remote laptop, we do not have a clear record.

We only need listen to the local news for a clear example. Healthnet, a Shelton CT company, lost a USB disk drive. It took them over six months to determine that it contained the health records of nearly 460,000 customers. Now that’s not only embarrassing, it’s criminal.

So most reading this article will say, “But that’s the only way we can be productive. Isn’t there a reasonable way to continue the productivity without the risk?”

The answer is yes, we can minimize the risk. The key is to follow a philosophy we are promoting at Fandotech. Instead of using the Internet to distribute your critical information “to everywhere” make centrally controlled and stored information available “from anywhere”.

We now have cost effective technologies that allow us to design access to your information from anywhere without actually sending the files out. Products like XenAPP from Citrix can be configured so the trusted user can log into an audited port and be granted the ability to view and edit appropriate documents without moving the document out of the data center control. This provides clear custody and control mechanisms for the integrity of the document. The Citrix remote access technologies also allow for the download of information when truly required, but requires a “sign out” and “sign in” that deletes the remote copy of the document and makes an audited record of who, when and where the documents went.

Now information is version controlled, backed up and audited centrally. Think of the cost savings potential and restful nights of sleep knowing your data is more secure!

Information everywhere is a weak link in the security of your information. People are people and they will lose things or they will steal things. Centralized information management that is auditable will minimize embarrassing events and minimize your risk.

John Boyd

With the influx of wireless technology into the world, and especially the home, the idea of actually protecting your personal information becomes more important.

In the days in which you simply ran a cable from your router to your computer, security wasn’t as drastically important. There was only a physical link to your network, so it was vastly more difficult to gain access to that network. Effectively someone would have to break into your house and plug a cable into your router to get access to what was on there. That wasn’t the only way, but it was essentially the only equivalent to what is possible today with wireless technology.

Now with wireless hot spots all over the globe, and laptops integrating such capabilities, security has become much more important.

There is a concept called “piggybacking.”  This involves driving around and searching for wireless networks throughout the world. This is quite often mislabeled as “wardriving.”  Wardrivers are generally just out to collect information—they don’t actually use the network resources they find. “Piggybacking” is the access and use of someone else’s wireless connection. This could be used to describe someone leeching off of their neighbor’s wireless access point, or someone sitting outside a coffee shop’s hotspot and using their network without actually giving them any business.

Piggybacking is what you’d want to prevent people from doing, and there are two main reasons I would like to highlight:

• Protection of your personal information. On your home network, you may or may not have documents, folders, and other files shared out to other users on the network. You might give your significant other or your children access to music or video files on your computer. There are many ways to do this, but by sharing files there is the potential that someone you didn’t intend to access your home network could see things you don’t want to be seen.
• Protection of your resources. With the idea of ISPs putting limits on the amount of traffic home users can use over the course of a month, having someone leech off your wireless signal could potentially cost you a lot of money. If a neighbor gets access and starts using it to download DVDs, this could cause a problem from a financial standpoint, as well as legal. You could be held responsible for copyrighted material that is downloaded by a rogue user on your network.

If you don’t secure your home network, connecting to it is as simple as selecting it from a list and clicking “Connect,” and suddenly a person unknown to you has capabilities you’d rather them not to have. However, since the influx of home users taking advantage of wireless technology, setting up security has become very user-friendly. Instruction manuals that come with your routers provide the necessary information to secure your network, but I would like to highlight three common methods here:

• WEP. WEP stands for Wired-Equivalent Privacy. It encrypts your data using a security key that you must apply at all computers accessing your network so they can read the data being sent. It isn’t the most secure method, and you can argue that the encryption is weak, but it is widespread and very easy to set up. This will require a password from users that wish to access your network. Despites its weakness based on other methods, it will prevent most unauthorized access to your network.
• WPA. Wi-Fi Protected Access. WPA answers a lot of the issues that WEP has-it is much more secure and takes measures to prevent the encryption from being broken so easily. It is not as widespread as WEP, but is relatively easy to set up if you have equipment that is compatible. It cannot be used in conjunction with WEP-you must pick one or the other.
• MAC Filtering. Every PC and network device has a unique number called a MAC address (MAC stands for Media Access Control, incidentally). It is very important in the world of networking. Most modern day routers have the ability to filter network traffic by checking the computer’s MAC address against a list of allowed addresses. If it does not match, the computer will not be able to access the network. This sort of setup is more advanced and calls for a little bit more administration—it requires you to obtain the MAC address of each device on the network and enter it into the router. By itself it isn’t the most secure method (it doesn’t encrypt data for instance, just prevents access), but used in conjunction with WEP or WPA it can help add a layer of security.

One more thing that I would like to point out: for most home networks, having multiple layers of security isn’t something to worry about. My suggestion is that you should just make sure that a random person will not be able to access your network. Secure your network, but use the method that is easiest for you (which in most cases is WEP).

None of the methods I described above are fool-proof: every single one has a way it can be cracked. But chances are very good that most people that understand how to break through these security measures aren’t going to have much interest in the average home network.