Two young men driving a white car pull into the parking lot of a national retailer of home improvement and hardware products. These two young men will not assault and rob one of the retailer’s patrons, hold up the store for cash, or even break into the retailer at night to steal merchandise. Instead, they plan on using a wirelessly-enabled laptop computer in the retailer’s parking lot to tap into the store’s wireless local area network (WLAN) to access the retailer’s entire corporate data network. This is not out of science fiction or fantasy, but what actually happened.

A Michigan man was convicted of wireless hacking in Charlotte, North Carolina for his role in a scheme to steal credit card numbers from the Lowe's chain of home improvement stores by taking advantage of an unsecured WLAN at a store in suburban Detroit. The hackers used the wireless network to access local networks at stores in Kansas, North Carolina, Kentucky, South Dakota, Florida, and two stores in California. For two of the stores, the culprits altered a piece of code called "tcpcredit," which Lowe's uses to process credit card transactions. This created a software program that could automatically save customers’ credit card numbers and allow the hackers to retrieve the numbers later. Eventually, Lowe's network administrators and security personnel detected and began monitoring the intrusions and contacted the FBI. The FBI finally apprehended the hackers traveling in a white car, while one of them was typing on a wireless-equipped laptop.

The Success of Wireless
While wireless networking is an exciting innovation in computer technology, it also poses the biggest potential threat to individual privacy and corporate network security since the advent of the Internet. In many respects, the sharp growth in popularity of wireless networks has outpaced the ability of businesses to control and manage their deployment and use. Using wireless networks, businesses can largely eliminate the need for deploying and maintaining expensive and time-consuming network cabling in offices, while professionals can access email and the Web wherever there is an available wireless connection. Consumers are using wireless networks to simply and quickly provide high-speed wireless Internet access throughout their homes without running any new cabling.

The popularity of this technology is massive. In just a few short years, the wireless networking market has risen to more than 50 million devices shipping annually – and a total installed base in excess of 100 million units. Pyramid Research predicts that by 2007, more than 700 million wireless devices will be in use – and most analysts agree that more than 90 per cent of notebook computers will include wireless network capabilities as standard by that date.

This is an unprecedented rate of adoption. Consumer and small business spending on wireless networks is predicted to rise the fastest, with worldwide end-user spending on wireless network products predicted to grow 97% between 2003 and 2007. Corporate spending on wireless networks is expected to reach $2 billion annually by 2005.

The Perils of Wireless
Concurrent with the large business and consumer acceptance of wireless technology is the growing trend of electronic identity theft. In 2003, the Federal Trade Commission (FTC) authorized a survey indicating that 3.23 million persons discovered that an identity thief opened new accounts in their names over the preceding 12-month period. An additional 6.6 million consumers learned of the misuse of an existing account. Overall, nearly 10 million people – or 4.6 percent of the adult population – discovered that they were victims of some form of identity theft. These numbers translate to nearly $48 billion in losses to businesses, approximately $5 billion in losses to individual victims, and almost 300 million hours spent by victims trying to clear their credit reports and other records of these thefts.

These trends highlight the need for businesses to take swift action in ensuring that their sensitive, confidential customer data is adequately safeguarded. However, whenever a wireless-enabled computer is plugged into a corporate network, network security is potentially compromised, because access to the network can be inadvertently broadcast to unauthorized users outside the business premises.

A wireless-equipped laptop computer that is plugged into – and logged onto - a company’s wired network can create a virtual freeway into the company network. The user just has to leave the wireless radio switched on – and a hacker can potentially attract that user’s wireless laptop to connect with it – thereby also opening the shared contents of the user’s laptop and shared resources on the company’s wired network to inspection by the hacker.

If any of the files in those shared folders contain personal data about customers, employees or suppliers, identity theft can be the result. A hacker can also use this intrusion to introduce a virus a “keystroke logger” onto the system (thereby allowing them to silently collect ID/password and other personal information needed to commit identity and corporate information theft – hackers can even arrange for keystroke log information to be emailed to them). The main point here is that you don't need to have a wireless network to have a wireless network security problem. Unless you can be sure that no-one in your company has a wireless-equipped computer, then you face this issue and have to do something about it.

Meanwhile, given that wireless access points are relatively inexpensive; many employees are purchasing and installing them at work, so they can use their laptops wirelessly within the office. If the employees do not properly enable the access point’s Wired Equivalent Protocol (WEP) encryption feature, unauthorized individuals could access the employees’ laptop computers and even the larger corporate network. Also, since WEP relies on “static” encryption keys that do not change, a determined hacker could still intercept and modify these encrypted transmissions to gain access to sensitive corporate data, exposing corporate networks to a high level of danger.

Wireless Security Solutions for Right Now
To confront the threat posed by unauthorized wireless equipment being introduced to your organization, you need a solution that deals with the equipment and standards that are in use today – not what will be in use a few years from now. It needs to be a solution that not only allows businesses to detect the existence of unauthorized wireless devices in their organizations, but also locates and disables those devices. This situation is analogous to what must be done to secure and monitor a building. To secure a building properly, you not only lock the doors, but you also install an alarm system.

In the wireless world, “locking the doors” means preventing wireless laptops from inadvertently providing unauthorized wireless access to the wired corporate network. Putting a “wireless-aware” alarm on the network is installing a wireless equipment detection and location solution. Such a solution should provide businesses with an immediate, simple and effective way to alert network administrators when an unauthorized wireless device is detected and located, so that they can disable it.

Cirond offers solutions that accomplish both of these tasks. Cirond’s recently-introduced AirSafe™ product enables network administrators to simplify and standardize wireless connectivity across the enterprise, while eliminating the security risks associated with the uncontrolled deployment of wireless technology. AirSafe automatically disables the wireless radio in a laptop computer whenever it is plugged into a wired corporate network. This eliminates the possibility of a user inadvertently re-broadcasting a connection to the corporate network to unauthorized users – thereby locking the wireless “front door”.

Cirond’s AirPatrol Enterprise™ provides instantaneous detection and location of all wireless devices, indicating those that are unauthorized. It creates a 24x7 “alarm system” that alerts network administrators instantly when the network is exposed to a wireless attack. With AirPatrol, if an unauthorized "rogue" wireless access point or Ad-hoc wireless network is attached to a wired network, it is immediately detected and can be removed from the network. AirPatrol Enterprise uses an electronic copy of a business’ actual floor plan to display the location of the unauthorized device. By knowing its location, a network administrator can go right to it and unplug or disable it.

The combination of AirSafe and AirPatrol Enterprise represents a complete solution to the security threat posed by wireless technology and the increase in electronic identity theft. This combination eliminates the problem at the source, while providing comprehensive alerting and monitoring capabilities that both detect and locate unauthorized wireless equipment.

Nicholas Miller is CEO of Cirond Corporation, a developer of specialist wireless network security, monitoring and connectivity solutions

Purchase reprints of this article by calling (800) 290-5460 or buy them directly online at www.reprintbuyer.com.

Respond to this article in our forums!